Hallo Zusammen,

ich habe mir gestern den GVU-Virus gefangen. Ich hoffe Ihr könnt mir helfen. Die von Euch vorgeschlagenen Schritte habe ich durchgeführt und die entsprechenden Dateien beigfügt.

Schon mal vielen Dank für Eure Hilfe bis hierhin!!!

Viele Grüße, Stefan

OTL logfile created on: 10.10.2012 23:19:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mila\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 35,30% Memory free
4,23 Gb Paging File | 2,63 Gb Available in Paging File | 62,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 212,88 Gb Total Space | 19,19 Gb Free Space | 9,02% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,07 Gb Free Space | 50,34% Space Free | Partition Type: FAT32

Computer Name: STEFAN-PC | User Name: Mila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.10 23:18:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mila\Downloads\OTL.exe
PRC - [2012.09.08 17:55:20 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.06.28 20:12:00 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.17 21:30:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.05 17:04:52 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.04.17 23:45:06 | 004,920,752 | ---- | M] (WEB.DE GmbH) -- C:\Programme\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.06 01:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009.01.26 08:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFJE.EXE
PRC - [2009.01.12 10:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 09:33:14 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
PRC - [2007.12.14 10:20:35 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2007.12.05 05:31:48 | 004,710,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.10.17 16:42:40 | 000,128,296 | ---- | M] (CyberLink) -- C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe
PRC - [2007.10.15 10:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.10.15 10:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007.09.20 09:51:46 | 001,836,328 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007.07.12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.07.12 17:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.06.11 14:57:14 | 000,079,488 | ---- | M] (CASIO COMPUTER CO.,LTD.) -- C:\Programme\CASIO\YouTube Uploader for CASIO\YStart.exe
PRC - [2007.05.22 17:57:26 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007.04.26 15:53:38 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007.04.19 13:11:08 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007.02.27 21:21:08 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.02.25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007.02.09 21:51:34 | 000,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe
PRC - [2006.12.19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006.01.24 00:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005.03.08 13:46:00 | 000,651,264 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2005.03.04 12:50:00 | 000,118,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe


========== Modules (No Company Name) ==========

MOD - [2012.09.08 17:55:19 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.05.08 21:49:08 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.04.11 08:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2008.12.22 10:50:28 | 000,135,168 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008.11.21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2007.10.17 16:42:42 | 000,013,096 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMLSvcPS.dll
MOD - [2007.10.17 16:42:30 | 000,636,200 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMediaLibrary.dll
MOD - [2007.06.22 14:59:36 | 000,077,824 | ---- | M] () -- C:\Windows\System32\glspef.ax
MOD - [2005.07.22 22:30:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\TosCommAPI.dll


========== Services (SafeList) ==========

SRV - [2012.10.09 21:05:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.08 17:55:19 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.28 20:12:00 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.17 21:30:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.08.04 22:11:29 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.12.14 10:20:36 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.07.12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2007.03.20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007.02.25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.12.19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.03.04 12:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - [2005.03.04 12:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.07.02 16:35:03 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2011.06.28 20:12:01 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 20:12:01 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.11 12:05:13 | 000,024,616 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009.02.11 12:05:13 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.01.01 19:20:52 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.11.04 10:52:38 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2008.11.04 10:52:38 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2008.11.04 10:52:38 | 000,086,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2008.11.04 10:52:38 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2008.11.04 10:52:38 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008.11.04 10:52:36 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2008.11.04 10:52:36 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2008.10.21 10:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 10:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.10.21 10:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.10.21 10:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 10:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.10.21 10:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.10.21 10:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.03.06 11:42:14 | 000,530,944 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008.03.01 22:32:29 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.10 15:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017unic.sys -- (s3017unic)
DRV - [2007.12.10 15:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 15:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mgmt.sys -- (s3017mgmt)
DRV - [2007.12.10 15:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017nd5.sys -- (s3017nd5)
DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 15:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus)
DRV - [2007.10.24 00:03:00 | 007,629,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.07.31 12:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.07.03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007.07.03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007.07.03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2007.06.26 14:44:22 | 000,131,584 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene)
DRV - [2007.06.11 15:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.05.24 15:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.04.25 21:42:16 | 000,045,696 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007.04.24 14:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.03.05 22:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 17:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.01.22 11:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.20 18:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.10.10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.01.06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ecosia"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.org/"
FF - prefs.js..extensions.enabledAddons: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.6
FF - prefs.js..extensions.enabledAddons: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:6.0
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 17:55:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 17:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.08.30 22:03:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 17:55:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 17:55:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{528bcd12-8e45-4595-96dd-c92c3989c536}: C:\Program Files\WEB.DE\WEB.DE MultiMessenger\ThunderbirdSyncProxy [2009.02.18 12:49:06 | 000,000,000 | ---D | M]

[2011.01.22 08:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mila\AppData\Roaming\mozilla\Extensions
[2011.01.22 08:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mila\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.29 08:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mila\AppData\Roaming\mozilla\Firefox\Profiles\cwflsnih.default\extensions
[2010.05.20 10:49:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mila\AppData\Roaming\mozilla\Firefox\Profiles\cwflsnih.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.25 15:57:09 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\Mila\AppData\Roaming\mozilla\firefox\profiles\cwflsnih.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
[2012.09.29 08:22:21 | 000,045,208 | ---- | M] () (No name found) -- C:\Users\Mila\AppData\Roaming\mozilla\firefox\profiles\cwflsnih.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi
[2011.05.17 21:47:48 | 000,002,289 | ---- | M] () -- C:\Users\Mila\AppData\Roaming\mozilla\firefox\profiles\cwflsnih.default\searchplugins\ecosia.xml
[2012.09.08 17:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.08 17:55:20 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.07.04 13:31:06 | 000,214,272 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.com

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Ecosia Class) - {7EE976C4-7B1F-47f5-8521-4527C905F3BB} - C:\Programme\Ecosia\ecosia.dll ()
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Filme_auf_DVD_8\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" File not found
O4 - HKCU..\Run: [Epson Stylus SX610FW(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON SX610FW Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [WEB.DE_WEB.DE MultiMessenger] C:\Program Files\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE (WEB.DE GmbH)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: die-maus.de ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91F79B75-39A0-4DF4-8738-A796CFFD044A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC007ABC-3C0C-49A3-B143-4E67BF6BCA89}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mila\Documents\Bluetooth\Inbox\DSC00529.JPG
O24 - Desktop BackupWallPaper: C:\Users\Mila\Documents\Bluetooth\Inbox\DSC00529.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c1ccbd4b-1f55-11e0-95aa-001060d01286}\Shell - "" = AutoRun
O33 - MountPoints2\{c1ccbd4b-1f55-11e0-95aa-001060d01286}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.10 21:27:55 | 000,000,000 | ---D | C] -- C:\Users\Mila\AppData\Roaming\Malwarebytes
[2012.10.10 21:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.10 21:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.10 21:27:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.10 21:27:37 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011.01.13 23:30:53 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeB3F3.dll
[2008.05.04 08:15:06 | 000,333,360 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer11GOLD_de.exe

========== Files - Modified Within 30 Days ==========

[2012.10.10 23:16:45 | 000,000,000 | ---- | M] () -- C:\Users\Mila\defogger_reenable
[2012.10.10 23:13:07 | 000,054,932 | ---- | M] () -- C:\Users\Mila\AppData\Roaming\nvModes.001
[2012.10.10 23:12:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Mila.job
[2012.10.10 23:11:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.10 23:04:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.10 23:00:43 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 23:00:43 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 23:00:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 23:00:28 | 2143,756,288 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.10 22:58:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.10 22:50:50 | 083,023,306 | ---- | M] () -- C:\ProgramData\cstsm.pad
[2012.10.10 22:32:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.10 21:27:41 | 000,000,664 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.10 21:18:55 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.10 21:18:55 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.10 21:18:55 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.10 21:18:55 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.10 20:51:05 | 000,054,932 | ---- | M] () -- C:\Users\Mila\AppData\Roaming\nvModes.dat
[2012.10.10 20:00:05 | 000,000,242 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2012.10.03 17:05:10 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Mila.job
[2012.10.03 17:05:10 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Mila.job
[2012.09.29 08:38:33 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.16 14:49:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

========== Files Created - No Company Name ==========

[2012.10.10 23:16:45 | 000,000,000 | ---- | C] () -- C:\Users\Mila\defogger_reenable
[2012.10.10 21:27:41 | 000,000,664 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.10 20:40:40 | 2143,756,288 | -HS- | C] () -- C:\hiberfil.sys
[2012.10.10 20:31:52 | 083,023,306 | ---- | C] () -- C:\ProgramData\cstsm.pad
[2012.10.03 11:31:01 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Mila.job
[2012.10.03 11:31:00 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Mila.job
[2012.10.03 11:31:00 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Mila.job
[2011.05.18 03:00:30 | 000,000,680 | ---- | C] () -- C:\Users\Mila\AppData\Local\d3d9caps.dat
[2009.12.30 00:44:52 | 000,015,043 | ---- | C] () -- C:\Users\Mila\Nola Note.nra
[2009.05.01 08:00:45 | 006,158,081 | ---- | C] () -- C:\Users\Mila\hannah.zip
[2009.01.01 19:21:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008.07.30 10:29:20 | 000,000,052 | ---- | C] () -- C:\Users\Mila\AppData\Roaming\Default.PLS
[2008.05.12 21:43:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Screen Savers
[2008.05.12 21:43:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2008.05.12 21:43:54 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Soundtrack
[2008.05.12 21:42:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sci-Fi
[2008.05.12 21:42:45 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2008.05.12 21:42:45 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Smooth Strings
[2008.05.12 21:36:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Ambient
[2008.05.12 21:32:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
[2008.02.17 23:25:10 | 000,023,040 | ---- | C] () -- C:\Users\Mila\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.23 15:33:06 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.22 10:27:15 | 000,054,932 | ---- | C] () -- C:\Users\Mila\AppData\Roaming\nvModes.001
[2008.01.21 14:30:44 | 000,054,932 | ---- | C] () -- C:\Users\Mila\AppData\Roaming\nvModes.dat
[2008.01.21 11:36:22 | 000,000,000 | ---- | C] () -- C:\Users\Mila\AppData\Roaming\wklnhst.dat
[2008.01.21 11:28:46 | 000,000,092 | ---- | C] () -- C:\Users\Mila\AppData\Local\fusioncache.dat

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.08.06 22:03:40 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\CASIO
[2010.02.22 18:32:34 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Epson
[2008.01.28 19:59:17 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\FRITZ!
[2009.01.05 12:24:37 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\MAGIX
[2008.07.24 18:39:01 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Nikon
[2011.05.08 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\OpenOffice.org
[2008.01.21 12:04:31 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Sonavis
[2011.01.13 23:50:57 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Sony
[2011.01.22 08:15:06 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Thunderbird
[2010.05.07 15:05:51 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Uniblue
[2009.02.18 12:49:48 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\WEB.DE
[2009.06.28 22:15:18 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Zylom

========== Purity Check ==========



< End of report >

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

• "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
  - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
  - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
• Charakteristische Merkmale/Profilinformationen:
  - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
• Die Systemprüfung und Bereinigung:
  - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
• Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
• Innerhalb der Betreuungszeit:
  - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
• Die Reihenfolge:
  - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
• GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
• Ansonsten unsere Forumsregeln:
  - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
• Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems

Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Hilfeleistung - geplante Vorgehensweise:

• Problemsuche
• Problembeseitigung/Systembereinigung
• Verwendete Programme deinstallieren/entfernen
• Thema abschließen: Tipps zur Computersicherheit

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

• Starte die OTL.exe.
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript (also - nach dem "Code", alles was in der Codebox steht! - (also beginnend mit :OTL und am Ende [emptytemp] ohne "code"!) :

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c1ccbd4b-1f55-11e0-95aa-001060d01286}\Shell - "" = AutoRun
O33 - MountPoints2\{c1ccbd4b-1f55-11e0-95aa-001060d01286}\Shell\AutoRun\command - "" = G:\Startme.exe
[2012.10.10 23:11:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.10 22:50:50 | 083,023,306 | ---- | M] () -- C:\ProgramData\cstsm.pad
[2012.10.10 22:32:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.10 20:31:52 | 083,023,306 | ---- | C] () -- C:\ProgramData\cstsm.pad
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
         

• und füge es hier ein:
• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf .
• OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart findest Du ein Textdokument.
  Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

Zitat:

Achtung Mitleser!:
Jedes einzelne OTL-Script wird individuell auf den Benutzer abgestimmt! Diese Anleitung gilt nur auf dem hier betroffenen Rechner. Anwendung bei anderen Maschinen oder Nutzung von "selbst erstellte Scriptkombination" kann zu ernsthaften Schäden führen!

2.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes
(alle vorhandenen Protokolle!)
         

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

• Download den CCleaner herunter
  
• Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
• starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
• ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

4.
erneut einen Scan mit OTL:

• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
  Wähle bitte Standard-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.
• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
  Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Hallo Kira,

vielen Dank für die schnelle Antwort!!

anbei die diversen log-files.

zu 1.) Fixen mit OTL

Code: Alles auswählenAufklappen

ATTFilter

ll processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1ccbd4b-1f55-11e0-95aa-001060d01286}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ccbd4b-1f55-11e0-95aa-001060d01286}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1ccbd4b-1f55-11e0-95aa-001060d01286}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ccbd4b-1f55-11e0-95aa-001060d01286}\ not found.
File G:\Startme.exe not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\ProgramData\cstsm.pad not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\ProgramData\cstsm.pad not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8F48FC8-3CA1-42B9-8609-F75D7C8B4493}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Mila\Downloads\cmd.bat deleted successfully.
C:\Users\Mila\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Mila
->Temp folder emptied: 71696 bytes
->Temporary Internet Files folder emptied: 1321207 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 405 bytes
 
User: Public
 
User: Stefan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 228263855 bytes
RecycleBin emptied: 9780139836 bytes
 
Total Files Cleaned = 9.546,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10132012_093802

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.
File\Folder C:\Windows\temp\JET90BA.tmp not found!
C:\Windows\temp\JETBC2E.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

zu 2.) Vierenscans

Scan 2012-10-10

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.10.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mila :: STEFAN-PC [Administrator]

Schutz: Aktiviert

10.10.2012 22:38:10
mbam-log-2012-10-10 (22-38-10).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 233871
Laufzeit: 11 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\ProgramData\lsass.exe (Trojan.Delf) -> 4216 -> Löschen bei Neustart.
C:\ProgramData\lsass.exe (Trojan.Delf) -> 4784 -> Löschen bei Neustart.

Infizierte Speichermodule: 1
C:\Users\Stefan\AppData\Local\Temp\mstsc.dll (Trojan.Ransom) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Stefan\AppData\Local\Temp\mstsc.dll (Trojan.Ransom) -> Löschen bei Neustart.
C:\$RECYCLE.BIN\S-1-5-21-467133875-3664071592-3944233276-1003\$RGU3LON.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Löschen bei Neustart.
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Scan 2012-10-13

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.11.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mila :: STEFAN-PC [Administrator]

Schutz: Aktiviert

13.10.2012 10:42:58
mbam-log-2012-10-13 (10-42-58).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223694
Laufzeit: 6 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

zu 3.) Programmliste

Code: Alles auswählenAufklappen

ATTFilter

ABBYY FineReader 6.0 Sprint	ABBYY Software House	14.02.2010	119MB	6.00.1395.4512
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	20.01.2008	13,5MB	
Adobe Color Common Settings	Adobe Systems Incorporated	11.11.2008		1.0.1
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen	Adobe Systems Incorporated	04.08.2008		1.0
Adobe ExtendScript Toolkit 2	Adobe Systems Incorporated	11.11.2008	14,5MB	2.0.2
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	12.01.2011		10.0.22.87
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	09.10.2012		11.4.402.287
Adobe Photoshop 7.0.1	Adobe Systems, Inc.	31.08.2008	1,61GB	7.0
Adobe Reader 8.1.3 - Deutsch	Adobe Systems Incorporated	17.01.2009	99,8MB	8.1.3
Adobe Reader 8.2.0 - Deutsch	Adobe Systems Incorporated	09.09.2010	101MB	8.2.0
Adobe Shockwave Player 11	Adobe Systems, Inc.	07.10.2008		11
ALDI Foto Manager Free Sued	MAGIX AG	08.12.2007	51,6MB	3.4.0.466
AMR to MP3 Converter 1.4	amrtomp3converter.com	10.12.2010	6,66MB	
Avira AntiVir Personal - Free Antivirus	Avira GmbH	27.02.2012	62,0MB	10.2.0.707
AVM FRITZ!DSL		25.01.2008	8,70MB	
Bluetooth Stack for Windows by Toshiba		02.12.2007	56,2MB	v5.10.14
Capture NX	NIKON CORPORATION	12.05.2008	19,6MB	1.3.0
CCleaner	Piriform	24.09.2012	4,86MB	3.23
Compatibility Pack für 2007 Office System	Microsoft Corporation	10.10.2012	110MB	12.0.6612.1000
Corel Applications		13.04.2008		
CyberLink Power2Go	CyberLink Corp.	06.12.2007	124MB	6.0.1109a
CyberLink YouCam	CyberLink Corp.	06.12.2007	38,5MB	1.00.0000
Das Aquarium mit der Maus ScreenSaver		27.01.2008		
DC-Bodenmechanik	DC-Software Doster & Christmann GmbH	05.11.2008	122MB	2.1.4
DC-Grundbaustatik	DC-Software Doster & Christmann GmbH	05.11.2008	143MB	2.4.8
DVD Shrink 3.2	DVD Shrink	07.05.2010	992KB	
Ecosia Plugin 1.0	Ecosia	04.06.2010	1,05MB	
ElsterFormular für Privatanwender	Landesfinanzdirektion Thüringen	03.04.2011	143MB	12.1.1.6214p
Epson Easy Photo Print 2	SEIKO EPSON CORPORATION	14.02.2010	98,8MB	2.1.0.0
Epson Event Manager	SEIKO EPSON Corporation	14.02.2010	19,9MB	2.30.00
Epson FAX Utility	SEIKO EPSON CORPORATION	14.02.2010	22,8MB	1.00.000
Epson PC-FAX Driver		14.02.2010		
Epson Printer Software Downloader		14.02.2010		
EPSON Scan		14.02.2010	16,8MB	
Epson Stylus Office BX610FW_Office TX610FW_SX610FW Handbuch		14.02.2010	9,15MB	
EPSON SX610FW Series Printer Uninstall	SEIKO EPSON Corporation	14.02.2010		
EpsonNet Print	SEIKO EPSON CORPORATION	14.02.2010	4,30MB	2.4i
EpsonNet Setup	SEIKO EPSON CORPORATION	14.02.2010	16,0MB	3.1a
FDRTools Basic 2.3.0beta1	AGS Technik	13.02.2009	23,1MB	2.3.0
Firebird SQL Server - MAGIX Edition	MAGIX AG	05.08.2008	6,56MB	2.0.1.13
FormatFactory 2.50	Free Time	03.11.2010	114MB	2.50
Genesys PC Camera Device	Genesys	29.11.2007	744KB	0.1.0.0
Google Chrome	Google Inc.	04.01.2010	157MB	22.0.1229.94
Google Desktop	Google	20.01.2008	7,91MB	-
Google Earth	Google	10.12.2011	92,7MB	6.1.0.5001
Google Toolbar for Internet Explorer	Google Inc.	29.09.2012	11,9MB	7.4.3230.2052
Google Updater	Google Inc.	10.12.2011	3,41MB	2.4.2432.1652
Intel(R) Matrix Storage Manager		20.01.2008	3,77MB	
Java(TM) 6 Update 26	Oracle	08.05.2011	97,0MB	6.0.260
Java(TM) 6 Update 3	Sun Microsystems, Inc.	03.12.2007	168MB	1.6.0.30
king.com (remove only)	Midasplayer Ltd (king.com)	20.01.2008		
Letstrade	Buhl Data Service	03.12.2007	25,9MB	1.00.0000
MAGIX Filme auf DVD 8 8.0.0.11 (D)	MAGIX AG	04.01.2009	301MB	8.0.0.11
MAGIX Foto Clinic 6 6.0.10.0 (D)	MAGIX AG	29.02.2008	18,9MB	6.0.10.0
MAGIX Foto Manager 2008 5.0.0.255 (D)	MAGIX AG	05.08.2008	112MB	5.0.0.255
MAGIX Fotos auf CD & DVD 6.5 deluxe 6.5.0.21 (D)	MAGIX AG	29.02.2008	283MB	6.5.0.21
MAGIX Goya burnR 2.3.1.3 (D)	MAGIX AG	29.02.2008	28,6MB	2.3.1.3
MAGIX Music Cleaning Lab 2008 deluxe 9.0.1.0 (D)	MAGIX AG	05.08.2008	292MB	9.0.1.0
MAGIX Music Manager 2007 8.1.1.108 (D)	MAGIX AG	29.02.2008	63,0MB	8.1.1.108
MAGIX Online Druck Service 3.4.3.0 (D)	MAGIX AG	04.01.2009	9,35MB	3.4.3.0
MAGIX PC Visit	MAGIX AG	05.08.2008	1,68MB	4.3.6.1987
MAGIX USB-Videowandler 2	MAGIX	04.01.2009	7,86MB	1.00.0000
MAGIXUSB-Videowandler 2 Device Driver		04.01.2009		
MakeDisc	CyberLink Corp.	20.01.2008	101MB	3.0.2320
Malwarebytes Anti-Malware Version 1.65.0.1400	Malwarebytes Corporation	10.10.2012	12,7MB	1.65.0.1400
McAfee Security Scan Plus	McAfee, Inc.	04.10.2010	9,52MB	2.0.181.2
Media Go	Sony	12.01.2011	74,5MB	1.0.373
MediaShow	CyberLink Corporation	20.01.2008	33,0MB	3.0.4325
MEDION Fotos auf CD Sued	MAGIX AG	08.12.2007	649MB	6.0.2.0
MEDIONbox	Medion	03.12.2007	26,9MB	1.09.0000.00052
Mein CEWE FOTOBUCH		10.03.2010	170MB	
Microsoft .NET Framework 1.1		22.10.2011		
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	27.08.2009	36,9MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	17.08.2009	27,8MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	12.02.2011	120MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	12.02.2011	24,5MB	4.0.30319
Microsoft Office FrontPage 2003	Microsoft Corporation	05.09.2012	204MB	11.0.8173.0
Microsoft Office Professional Edition 2003	Microsoft Corporation	10.10.2012	653MB	11.0.8173.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	30.07.2009	251KB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	22.06.2011	294KB	8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	30.07.2009	199KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	10.03.2010	624KB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	03.04.2011	233KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	27.03.2009	589KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	20.01.2011	589KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	22.06.2011	594KB	9.0.30729.6161
Microsoft Works	Microsoft Corporation	10.10.2012	378MB	9.7.0621
Mozilla Firefox 15.0 (x86 de)	Mozilla	30.08.2012	40,1MB	15.0
Mozilla Firefox 15.0.1 (x86 de)	Mozilla	09.09.2012	40,1MB	15.0.1
Mozilla Maintenance Service	Mozilla	09.09.2012	216KB	15.0.1
Mozilla Thunderbird (3.1.20)	Mozilla	30.08.2012	33,5MB	3.1.20 (de)
MSXML 4.0 SP2 (KB925672)	Microsoft Corporation	02.12.2007	1,23MB	4.20.9839.0
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation	02.12.2007	1,23MB	4.20.9841.0
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	02.12.2007	1,26MB	4.20.9848.0
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	02.12.2007	1,26MB	4.20.9849.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	13.11.2008	1,27MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	05.12.2009	1,33MB	4.20.9876.0
Mufin MusicFinder Base 1.5.3.255 (D)	MAGIX AG	04.01.2009	43,2MB	1.5.3.255
Nero 8 Essentials	Nero AG	03.12.2007	1,82GB	8.10.284
Nikon RAW Codec	Nikon	07.07.2008	3,91MB	1.00.0000
Nikon Transfer	Nikon	12.05.2008	45,8MB	1.0.1
Norton Security Scan	Symantec Corporation	20.03.2008	6,27MB	1.4.0
Norton Security Scan	Symantec Corporation	21.05.2010	10,6MB	2.7.3.34
NVIDIA Drivers		20.08.2008		
OpenOffice.org 3.3	OpenOffice.org	08.05.2011	412MB	3.3.9567
Photomatix Pro version 3.1.3	HDRsoft Sarl	21.06.2009	10,9MB	3.1.3
PhotoNow!	CyberLink Corp.	20.01.2008	1,59MB	1.0.4310
Picture Control Utility	Nikon	12.05.2008	28,0MB	1.0.2
PowerDirector	CyberLink Corp.	06.12.2007	230MB	6.5.2209a
PowerDVD	CyberLink Corporation	20.01.2008	87,2MB	7.0.3118.0
PowerProducer	CyberLink Corp.	20.01.2008	190MB	4.2.2219
QuickTime	Apple Inc.	12.05.2008	74,0MB	7.2.0.240
QuiltAssistent		20.05.2010	2,72MB	
Ralink Wireless LAN	RaLink	06.12.2007	1,85MB	1.00.0000
Ranch Rush Deluxe	Zylom Games	18.02.2009	170MB	1.0.0
RealPlayer	RealNetworks	04.01.2010	67,7MB	
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista	Realtek	02.12.2007	648KB	1.00.0000
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	10.12.2007	15,7MB	6.0.1.5523
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	02.12.2007	2,97MB	
RescuePRO Deluxe 4.0		18.05.2008	55,9MB	
Saal Digital	Silverwire Software AG	18.01.2009		
SAMSUNG Mobile Composite Device Software		31.12.2008		
SAMSUNG Mobile Modem Driver Set		31.12.2008		
Samsung Mobile phone USB driver Software		31.12.2008		
SAMSUNG Mobile USB Modem 1.0 Software		31.12.2008		
SAMSUNG Mobile USB Modem Software		31.12.2008		
Samsung PC Studio 3	Samsung Electronics Co., Ltd.	31.12.2008	190MB	3.2.2.80705
Samsung PC Studio 3 USB Driver Installer	Samsung Electronics Co., Ltd.	31.12.2008	190MB	3.2.0.70701
Sceneo AbsolutTV		20.01.2008	4,79MB	
screensaver		29.01.2008		
SereneScreen Marine Aquarium 2.6	Prolific Publishing, Inc.	29.01.2008	684KB	2.6
Skype™ 5.10	Skype Technologies S.A.	07.09.2012	19,4MB	5.10.116
Sony Ericsson Media Manager 1.1	Sony Ericsson	05.11.2008	62,4MB	1.1.550
Sony Ericsson PC Suite 5.007.01	Sony Ericsson	12.01.2011	36,8MB	5.007.01
Spelling Dictionaries Support For Adobe Reader 8	Adobe Systems	31.10.2010	32,5MB	8.0.0
Synaptics Pointing Device Driver	Synaptics	02.12.2007	12,8MB	9.1.10.0
TVsweeper 3	Sonavis	03.12.2007	4,11MB	3.0.3
Ulead PhotoImpact 12	Ulead System	20.01.2008	389MB	12.0
Update Service	Sony Ericsson Mobile Communications AB	10.02.2009	162MB	2.9.2.12
ViewNX	Nikon	12.05.2008	26,5MB	1.0.1
WEB.DE MultiMessenger	WEB.DE GmbH	27.04.2009	30,0MB	3.70.2806
Windows Media Player Firefox Plugin	Microsoft Corp	11.05.2009	296KB	1.0.0.8
WISO Mein Geld 2008 Professional	Buhl Data Service GmbH	03.12.2007	167MB	9.00.01.0023
X10 Hardware(TM)		20.01.2008	28,0KB	
YouTube Uploader for CASIO	CASIO COMPUTER CO., LTD.	11.07.2011	2,31MB	1.0.1.0
Zylom Games Player Plugin	Zylom Games	12.06.2008
         

zu 4.) erneuter OTL-Scan

OTL.txt
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 13.10.2012 11:02:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mila\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,66% Memory free
4,23 Gb Paging File | 2,85 Gb Available in Paging File | 67,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 212,88 Gb Total Space | 29,08 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,07 Gb Free Space | 50,34% Space Free | Partition Type: FAT32
Drive G: | 7,83 Gb Total Space | 4,34 Gb Free Space | 55,45% Space Free | Partition Type: FAT32
 
Computer Name: STEFAN-PC | User Name: Mila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.10 23:18:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mila\Downloads\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.06.28 20:12:00 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.17 21:30:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.05 17:04:52 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.06 01:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009.01.12 10:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.12.14 10:20:35 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2007.12.05 05:31:48 | 004,710,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.10.17 16:42:40 | 000,128,296 | ---- | M] (CyberLink) -- C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe
PRC - [2007.10.15 10:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.10.15 10:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007.09.20 09:51:46 | 001,836,328 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007.07.12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.07.12 17:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.06.11 14:57:14 | 000,079,488 | ---- | M] (CASIO COMPUTER CO.,LTD.) -- C:\Programme\CASIO\YouTube Uploader for CASIO\YStart.exe
PRC - [2007.05.22 17:57:26 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007.04.26 15:53:38 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007.04.19 13:11:08 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007.02.27 21:21:08 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.02.25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007.02.09 21:51:34 | 000,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe
PRC - [2006.12.19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006.01.24 00:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005.03.08 13:46:00 | 000,651,264 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2005.03.04 12:50:00 | 000,118,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.05.08 21:49:08 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2008.12.22 10:50:28 | 000,135,168 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008.11.21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2007.10.17 16:42:42 | 000,013,096 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMLSvcPS.dll
MOD - [2007.10.17 16:42:30 | 000,636,200 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMediaLibrary.dll
MOD - [2007.06.22 14:59:36 | 000,077,824 | ---- | M] () -- C:\Windows\System32\glspef.ax
MOD - [2005.07.22 22:30:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\TosCommAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.09 21:05:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.08 17:55:19 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.28 20:12:00 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.17 21:30:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.08.04 22:11:29 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.12.14 10:20:36 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.07.12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2007.03.20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007.02.25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.12.19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.03.04 12:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - [2005.03.04 12:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.07.02 16:35:03 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2011.06.28 20:12:01 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 20:12:01 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.11 12:05:13 | 000,024,616 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009.02.11 12:05:13 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.01.01 19:20:52 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.11.04 10:52:38 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2008.11.04 10:52:38 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2008.11.04 10:52:38 | 000,086,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2008.11.04 10:52:38 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2008.11.04 10:52:38 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008.11.04 10:52:36 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2008.11.04 10:52:36 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2008.10.21 10:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 10:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.10.21 10:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.10.21 10:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 10:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.10.21 10:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.10.21 10:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.03.06 11:42:14 | 000,530,944 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008.03.01 22:32:29 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.10 15:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017unic.sys -- (s3017unic)
DRV - [2007.12.10 15:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 15:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mgmt.sys -- (s3017mgmt)
DRV - [2007.12.10 15:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017nd5.sys -- (s3017nd5)
DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 15:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus)
DRV - [2007.10.24 00:03:00 | 007,629,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.07.31 12:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.07.03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007.07.03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007.07.03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2007.06.26 14:44:22 | 000,131,584 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene)
DRV - [2007.06.11 15:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.05.24 15:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.04.25 21:42:16 | 000,045,696 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007.04.24 14:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.03.05 22:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 17:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.01.22 11:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.20 18:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.10.10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.01.06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Ecosia"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.org/"
FF - prefs.js..extensions.enabledAddons: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.6
FF - prefs.js..extensions.enabledAddons: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:6.0
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 17:55:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 17:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.08.30 22:03:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 17:55:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 17:55:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{528bcd12-8e45-4595-96dd-c92c3989c536}: C:\Program Files\WEB.DE\WEB.DE MultiMessenger\ThunderbirdSyncProxy [2009.02.18 12:49:06 | 000,000,000 | ---D | M]
 
[2011.01.22 08:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mila\AppData\Roaming\mozilla\Extensions
[2011.01.22 08:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mila\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.29 08:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mila\AppData\Roaming\mozilla\Firefox\Profiles\cwflsnih.default\extensions
[2010.05.20 10:49:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mila\AppData\Roaming\mozilla\Firefox\Profiles\cwflsnih.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.25 15:57:09 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\Mila\AppData\Roaming\mozilla\firefox\profiles\cwflsnih.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
[2012.09.29 08:22:21 | 000,045,208 | ---- | M] () (No name found) -- C:\Users\Mila\AppData\Roaming\mozilla\firefox\profiles\cwflsnih.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi
[2011.05.17 21:47:48 | 000,002,289 | ---- | M] () -- C:\Users\Mila\AppData\Roaming\mozilla\firefox\profiles\cwflsnih.default\searchplugins\ecosia.xml
[2012.09.08 17:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.08 17:55:20 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.07.04 13:31:06 | 000,214,272 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Ecosia Class) - {7EE976C4-7B1F-47f5-8521-4527C905F3BB} - C:\Programme\Ecosia\ecosia.dll ()
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Filme_auf_DVD_8\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" File not found
O4 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003..\Run: [Epson Stylus SX610FW(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003..\Run: [EPSON SX610FW Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003..\Run: [WEB.DE_WEB.DE MultiMessenger] C:\Program Files\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE (WEB.DE GmbH)
O4 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O7 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\..Trusted Domains: die-maus.de ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91F79B75-39A0-4DF4-8738-A796CFFD044A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC007ABC-3C0C-49A3-B143-4E67BF6BCA89}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mila\Documents\Bluetooth\Inbox\DSC00529.JPG
O24 - Desktop BackupWallPaper: C:\Users\Mila\Documents\Bluetooth\Inbox\DSC00529.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.13 10:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.13 10:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.13 09:43:36 | 000,000,000 | ---D | C] -- C:\Users\Mila\Documents\scans 2012-10-13
[2012.10.13 09:18:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.11 22:05:28 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.10.10 21:27:55 | 000,000,000 | ---D | C] -- C:\Users\Mila\AppData\Roaming\Malwarebytes
[2012.10.10 21:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.10 21:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.10 21:27:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.10 21:27:37 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2012.10.09 21:16:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.09 21:15:46 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.09 21:15:45 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.02 22:28:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.10.02 22:28:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.10.02 22:28:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.10.02 22:28:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.10.02 22:28:44 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.10.02 22:28:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.10.02 22:28:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.10.02 22:28:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.01.13 23:30:53 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeB3F3.dll
[2008.05.04 08:15:06 | 000,333,360 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer11GOLD_de.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.13 11:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.13 10:39:09 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.13 10:35:03 | 000,054,932 | ---- | M] () -- C:\Users\Mila\AppData\Roaming\nvModes.001
[2012.10.13 10:34:05 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Mila.job
[2012.10.13 09:40:55 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Mila.job
[2012.10.13 09:40:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.13 09:40:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.13 09:40:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.13 09:40:22 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.13 09:39:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.11 22:37:07 | 000,034,539 | ---- | M] () -- C:\Users\Mila\Documents\log-daten.zip
[2012.10.11 07:08:13 | 240,381,084 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.10 23:16:45 | 000,000,000 | ---- | M] () -- C:\Users\Mila\defogger_reenable
[2012.10.10 21:27:41 | 000,000,664 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.10 21:18:55 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.10 21:18:55 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.10 21:18:55 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.10 21:18:55 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.10 20:51:05 | 000,054,932 | ---- | M] () -- C:\Users\Mila\AppData\Roaming\nvModes.dat
[2012.10.10 20:00:05 | 000,000,242 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2012.10.09 21:04:35 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.09 21:04:35 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.03 17:05:10 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Mila.job
[2012.09.16 14:49:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.09.13 15:28:08 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
 
========== Files Created - No Company Name ==========
 
[2012.10.13 10:39:09 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.11 22:37:07 | 000,034,539 | ---- | C] () -- C:\Users\Mila\Documents\log-daten.zip
[2012.10.10 23:16:45 | 000,000,000 | ---- | C] () -- C:\Users\Mila\defogger_reenable
[2012.10.10 21:27:41 | 000,000,664 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.10 20:40:40 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2012.10.03 11:31:01 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Mila.job
[2012.10.03 11:31:00 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Mila.job
[2012.10.03 11:31:00 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Mila.job
[2011.05.18 03:00:30 | 000,000,680 | ---- | C] () -- C:\Users\Mila\AppData\Local\d3d9caps.dat
[2009.12.30 00:44:52 | 000,015,043 | ---- | C] () -- C:\Users\Mila\Nola Note.nra
[2009.05.01 08:00:45 | 006,158,081 | ---- | C] () -- C:\Users\Mila\hannah.zip
[2009.01.01 19:21:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008.07.30 10:29:20 | 000,000,052 | ---- | C] () -- C:\Users\Mila\AppData\Roaming\Default.PLS
[2008.05.12 21:43:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Screen Savers
[2008.05.12 21:43:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2008.05.12 21:43:54 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Soundtrack
[2008.05.12 21:42:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sci-Fi
[2008.05.12 21:42:45 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2008.05.12 21:42:45 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Smooth Strings
[2008.05.12 21:36:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Ambient
[2008.05.12 21:32:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
[2008.02.17 23:25:10 | 000,023,040 | ---- | C] () -- C:\Users\Mila\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.23 15:33:06 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.22 10:27:15 | 000,054,932 | ---- | C] () -- C:\Users\Mila\AppData\Roaming\nvModes.001
[2008.01.21 14:30:44 | 000,054,932 | ---- | C] () -- C:\Users\Mila\AppData\Roaming\nvModes.dat
[2008.01.21 11:36:22 | 000,000,000 | ---- | C] () -- C:\Users\Mila\AppData\Roaming\wklnhst.dat
[2008.01.21 11:28:46 | 000,000,092 | ---- | C] () -- C:\Users\Mila\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.08.06 22:03:40 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\CASIO
[2010.02.22 18:32:34 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Epson
[2008.01.28 19:59:17 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\FRITZ!
[2009.01.05 12:24:37 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\MAGIX
[2008.07.24 18:39:01 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Nikon
[2011.05.08 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\OpenOffice.org
[2008.01.21 12:04:31 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Sonavis
[2011.01.13 23:50:57 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Sony
[2011.01.22 08:15:06 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Thunderbird
[2010.05.07 15:05:51 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Uniblue
[2009.02.18 12:49:48 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\WEB.DE
[2009.06.28 22:15:18 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Zylom
[2008.01.22 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\BullGuard
[2011.08.06 22:03:40 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\CASIO
[2011.04.03 11:09:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\elsterformular
[2010.02.15 21:18:23 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Epson
[2009.02.15 00:11:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\fdrtools.com
[2008.10.25 01:11:11 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\FRITZ!
[2009.06.21 22:28:56 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\HDRsoft
[2009.01.07 21:19:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MAGIX
[2008.05.12 21:47:26 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Nikon
[2009.01.01 19:21:36 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Samsung
[2011.09.18 18:03:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Sony
[2011.07.03 21:27:51 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Thunderbird
[2008.02.16 23:24:36 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 

< End of report >
         

--- --- ---


Extras.txt

[code]
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 13.10.2012 11:02:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mila\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,66% Memory free
4,23 Gb Paging File | 2,85 Gb Available in Paging File | 67,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 212,88 Gb Total Space | 29,08 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,07 Gb Free Space | 50,34% Space Free | Partition Type: FAT32
Drive G: | 7,83 Gb Total Space | 4,34 Gb Free Space | 55,45% Space Free | Partition Type: FAT32
 
Computer Name: STEFAN-PC | User Name: Mila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-467133875-3664071592-3944233276-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A59C76D-73F6-4E7E-B5B0-06F9C9E1C6E4}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{2BBD9BA4-6E67-4E0A-9A81-8ABA97427837}" = lport=2799 | protocol=17 | dir=in | name=altova license metering port (udp) | 
"{64EF0BB4-3401-4476-8082-90509016B41F}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{733ABD76-C0F5-4510-9257-6CC8455FB1A8}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{9F220FCE-1F96-4568-B0E2-1DB05251A593}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A418F797-B170-49F8-A372-E6164E436FDB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AB58D7F7-A9B0-4C2F-9C58-0B10F4359173}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{AD0D9DA2-FF5A-4910-AE0B-C757CF82D972}" = lport=2799 | protocol=6 | dir=in | name=altova license metering port (tcp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A9752B-9DD3-4069-A698-B04E5E186262}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{1DD7DAEF-83BE-4E20-B053-6FEFBF783DDB}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{2A02593A-BD9F-4421-9BF1-E7E7F85D874F}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{4835947E-590B-49D6-A4FF-78FC3F7C234D}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{51C2AD37-5A70-42B1-B315-3B5767F1C83D}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{6FCDD6A5-98BD-4351-8129-0574451946B4}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{A1EA9846-CA11-46A1-8874-DA6DDBA933F7}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{B99893F4-76E9-48BE-B806-E65F4BCD8180}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe | 
"{BCAA4B2C-32C8-4B67-B788-B81EE38AAC8B}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{C61F6DE2-F581-4991-9A2F-97F82474FD12}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C72DFEE3-95D1-4BAE-B471-EA25346F2BA1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C7F5B251-39DD-42F1-8436-347DCCC543A1}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{E8109299-6EDC-4EED-B15B-18AC6542B193}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E94A9A77-ACD3-4F90-85AA-A3051E3DF392}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe | 
"TCP Query User{14034B1A-3A00-469B-928E-7EEE9FAF5592}C:\program files\web.de\web.de multimessenger\messengr.exe" = protocol=6 | dir=in | app=c:\program files\web.de\web.de multimessenger\messengr.exe | 
"TCP Query User{19B483B7-AFC8-49F7-B59B-46EB34785F14}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{226D9EEF-4426-4DDB-AE4F-9C49CA2B8DCC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{25D210B6-A4DD-40F7-BB8C-DE18F1B98FBC}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{27568408-9A14-4481-A797-AFEBE6E00A3C}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"TCP Query User{2F610EDA-539F-40D4-A8D2-EA7250F2867A}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{46E7A500-BF87-42ED-AF80-208B55F568CF}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{50568C6A-641F-4634-A059-61ADF2766F3A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{62BB7AD2-3D39-48BF-AA05-77F19723B1AE}C:\program files\web.de\web.de multimessenger\messengr.exe" = protocol=6 | dir=in | app=c:\program files\web.de\web.de multimessenger\messengr.exe | 
"TCP Query User{7F203FA1-2C2E-4F3B-BCAF-AD87B8802119}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{AB147BC5-28ED-4F8B-8B08-D9B2C31A2FAF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{FAAC3C0A-1842-43FA-95AA-0628401E5922}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{1AF469CB-43EC-4803-99DB-CCAD1973BEF2}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{26BC2523-C7FA-44AB-8360-14D4E5CC89D3}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{341E7C86-F7F5-42C2-A5B5-8482DCC9A8F1}C:\program files\web.de\web.de multimessenger\messengr.exe" = protocol=17 | dir=in | app=c:\program files\web.de\web.de multimessenger\messengr.exe | 
"UDP Query User{3FCE6863-06E0-4C23-92E5-969D7CB27007}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{3FD6C417-9866-4016-A02C-5A439FD0C33D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{410FD898-7B73-4CE8-8970-E539689F1FDB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{94171BB8-C80C-499C-8786-2F23FB0D0B85}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{B7B9127A-66C4-41EC-850C-829953FCC08F}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{C2196C68-4B9A-4F26-8DFF-28C6A0077103}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{CE4DF2FF-ED04-4554-B309-172EEAC65E15}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{D0281651-DD80-4B90-B143-57320500AB64}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"UDP Query User{F409A200-FEBF-4ACA-9754-C8034C09E5B6}C:\program files\web.de\web.de multimessenger\messengr.exe" = protocol=17 | dir=in | app=c:\program files\web.de\web.de multimessenger\messengr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = YouCam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR} 
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21D9DC24-7826-4007-B245-5FB80ED0F682}_is1" = Ecosia Plugin 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 5.007.01
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys PC Camera Device
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B85CF0F-DCFC-421A-A2D6-28D7CDE3C2E5}" = DC-Grundbaustatik
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80A97464-A741-44B0-8AD6-0C16B1FEF7F6}" = Norton Security Scan
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91065458-A5CF-474C-9160-B44B974B3C25}" = MAGIX USB-Videowandler 2
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C9C13822-A638-4331-99A3-4498A5901693}" = Media Go
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E6767A28-7782-4566-A730-4411AEACCE0B}" = DC-Bodenmechanik
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E90040E4-98E2-40C8-AAC9-1E7B768F1A65}" = YouTube Uploader for CASIO
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAEEDF71-A043-455A-B1F7-F11D570C71BA}" = FDRTools Basic 2.3.0beta1
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}" = CyberLink YouCam
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0.1
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"ALDI Foto Manager Free Sued D" = ALDI Foto Manager Free Sued
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Capture NX" = Capture NX
"CCleaner" = CCleaner
"Corel Applications" = Corel Applications
"Das Aquarium mit der Maus.scr" = Das Aquarium mit der Maus ScreenSaver
"DVD Shrink_is1" = DVD Shrink 3.2
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus Office BX610FW_Office TX610FW_SX610FW Benutzerhandbuch" = Epson Stylus Office BX610FW_Office TX610FW_SX610FW Handbuch
"EPSON SX610FW Series" = EPSON SX610FW Series Printer Uninstall
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FormatFactory" = FormatFactory 2.50
"FRITZ!DSL" = AVM FRITZ!DSL
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{91065458-A5CF-474C-9160-B44B974B3C25}" = MAGIX USB-Videowandler 2
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"king.com" = king.com (remove only)
"MAGIX Filme auf DVD 8 D" = MAGIX Filme auf DVD 8 8.0.0.11 (D)
"MAGIX Foto Clinic 6 D" = MAGIX Foto Clinic 6 6.0.10.0 (D)
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.0.255 (D)
"MAGIX Fotos auf CD & DVD 6.5 deluxe D" = MAGIX Fotos auf CD & DVD 6.5 deluxe 6.5.0.21 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Music Cleaning Lab 2008 deluxe D" = MAGIX Music Cleaning Lab 2008 deluxe 9.0.1.0 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.1.1.108 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX PC Visit D" = MAGIX PC Visit
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"PhotomatixPro3_is1" = Photomatix Pro version 3.1.3
"QuiltAssist" = QuiltAssistent
"RealPlayer 12.0" = RealPlayer
"RescuePRO-Deluxe" = RescuePRO Deluxe 4.0
"Saal Digital" = Saal Digital 
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"screensaver.scr" = screensaver
"SereneScreen Marine Aquarium 2.6_is1" = SereneScreen Marine Aquarium 2.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVEpaDrv" = MAGIXUSB-Videowandler 2 Device Driver
"Update Service" = Update Service
"WEB.DE MultiMessenger" = WEB.DE MultiMessenger
"X10Hardware" = X10 Hardware(TM)
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-467133875-3664071592-3944233276-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Ranch Rush Deluxe" = Ranch Rush Deluxe
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.03.2012 01:51:02 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 08.03.2012 01:51:04 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 13.03.2012 13:43:44 | Computer Name = Stefan-PC | Source = Windows Search Service | ID = 3024
Description = 
 
Error - 14.03.2012 08:41:01 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 17.03.2012 03:12:08 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 17.03.2012 03:28:23 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 24.03.2012 15:51:29 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 24.03.2012 16:25:42 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 01.05.2012 05:57:26 | Computer Name = Stefan-PC | Source = Application Hang | ID = 1002
Description = Programm E_FARNFJE.EXE, Version 5.0.5.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 5f4  Anfangszeit: 01cd278041b599d0  Zeitpunkt der Beendigung:
 7
 
Error - 01.05.2012 06:03:16 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 01.05.2012 07:35:48 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4609
Description = 
 
[ Media Center Events ]
Error - 04.02.2008 11:57:56 | Computer Name = Stefan-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 08.03.2008 09:46:07 | Computer Name = Stefan-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 25.03.2008 16:02:02 | Computer Name = Stefan-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 30.03.2008 13:47:24 | Computer Name = Stefan-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 30.03.2008 13:47:26 | Computer Name = Stefan-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 21.08.2008 02:51:12 | Computer Name = Stefan-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 18.06.2009 15:51:58 | Computer Name = Stefan-PC | Source = ehRecvr | ID = 4
Description = 
 
[ System Events ]
Error - 11.10.2012 15:55:23 | Computer Name = Stefan-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "BOOT" aus.
 
Error - 11.10.2012 15:55:23 | Computer Name = Stefan-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "BOOT" aus.
 
Error - 11.10.2012 15:55:23 | Computer Name = Stefan-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "BOOT" aus.
 
Error - 11.10.2012 15:55:23 | Computer Name = Stefan-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "BOOT" aus.
 
Error - 11.10.2012 15:55:23 | Computer Name = Stefan-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "BOOT" aus.
 
Error - 11.10.2012 15:55:23 | Computer Name = Stefan-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "BOOT" aus.
 
Error - 11.10.2012 16:11:41 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.10.2012 03:09:47 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.10.2012 03:42:00 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.10.2012 04:40:04 | Computer Name = Stefan-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         

--- --- ---


Viele Grüße,
Stefan

Hallo Kira,

vielen Dank für die schnelle Antwort!!

anbei die dieversen log-files.

zu 1.) Fixen mit OTL

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1ccbd4b-1f55-11e0-95aa-001060d01286}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ccbd4b-1f55-11e0-95aa-001060d01286}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1ccbd4b-1f55-11e0-95aa-001060d01286}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ccbd4b-1f55-11e0-95aa-001060d01286}\ not found.
File G:\Startme.exe not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\ProgramData\cstsm.pad not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\ProgramData\cstsm.pad not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8F48FC8-3CA1-42B9-8609-F75D7C8B4493}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Mila\Downloads\cmd.bat deleted successfully.
C:\Users\Mila\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Mila
->Temp folder emptied: 71696 bytes
->Temporary Internet Files folder emptied: 1321207 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 405 bytes
 
User: Public
 
User: Stefan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 228263855 bytes
RecycleBin emptied: 9780139836 bytes
 
Total Files Cleaned = 9.546,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10132012_093802

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.
File\Folder C:\Windows\temp\JET90BA.tmp not found!
C:\Windows\temp\JETBC2E.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

zu 2.) Virenscans

Scan 2012-10-10

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.10.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mila :: STEFAN-PC [Administrator]

Schutz: Aktiviert

10.10.2012 22:38:10
mbam-log-2012-10-10 (22-38-10).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 233871
Laufzeit: 11 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\ProgramData\lsass.exe (Trojan.Delf) -> 4216 -> Löschen bei Neustart.
C:\ProgramData\lsass.exe (Trojan.Delf) -> 4784 -> Löschen bei Neustart.

Infizierte Speichermodule: 1
C:\Users\Stefan\AppData\Local\Temp\mstsc.dll (Trojan.Ransom) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Stefan\AppData\Local\Temp\mstsc.dll (Trojan.Ransom) -> Löschen bei Neustart.
C:\$RECYCLE.BIN\S-1-5-21-467133875-3664071592-3944233276-1003\$RGU3LON.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Löschen bei Neustart.
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Scan 2012-10-13

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.11.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mila :: STEFAN-PC [Administrator]

Schutz: Aktiviert

13.10.2012 10:42:58
mbam-log-2012-10-13 (10-42-58).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223694
Laufzeit: 6 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

zu 3.) Programmliste

Code: Alles auswählenAufklappen

ATTFilter

ABBYY FineReader 6.0 Sprint	ABBYY Software House	14.02.2010	119MB	6.00.1395.4512
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	20.01.2008	13,5MB	
Adobe Color Common Settings	Adobe Systems Incorporated	11.11.2008		1.0.1
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen	Adobe Systems Incorporated	04.08.2008		1.0
Adobe ExtendScript Toolkit 2	Adobe Systems Incorporated	11.11.2008	14,5MB	2.0.2
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	12.01.2011		10.0.22.87
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	09.10.2012		11.4.402.287
Adobe Photoshop 7.0.1	Adobe Systems, Inc.	31.08.2008	1,61GB	7.0
Adobe Reader 8.1.3 - Deutsch	Adobe Systems Incorporated	17.01.2009	99,8MB	8.1.3
Adobe Reader 8.2.0 - Deutsch	Adobe Systems Incorporated	09.09.2010	101MB	8.2.0
Adobe Shockwave Player 11	Adobe Systems, Inc.	07.10.2008		11
ALDI Foto Manager Free Sued	MAGIX AG	08.12.2007	51,6MB	3.4.0.466
AMR to MP3 Converter 1.4	amrtomp3converter.com	10.12.2010	6,66MB	
Avira AntiVir Personal - Free Antivirus	Avira GmbH	27.02.2012	62,0MB	10.2.0.707
AVM FRITZ!DSL		25.01.2008	8,70MB	
Bluetooth Stack for Windows by Toshiba		02.12.2007	56,2MB	v5.10.14
Capture NX	NIKON CORPORATION	12.05.2008	19,6MB	1.3.0
CCleaner	Piriform	24.09.2012	4,86MB	3.23
Compatibility Pack für 2007 Office System	Microsoft Corporation	10.10.2012	110MB	12.0.6612.1000
Corel Applications		13.04.2008		
CyberLink Power2Go	CyberLink Corp.	06.12.2007	124MB	6.0.1109a
CyberLink YouCam	CyberLink Corp.	06.12.2007	38,5MB	1.00.0000
Das Aquarium mit der Maus ScreenSaver		27.01.2008		
DC-Bodenmechanik	DC-Software Doster & Christmann GmbH	05.11.2008	122MB	2.1.4
DC-Grundbaustatik	DC-Software Doster & Christmann GmbH	05.11.2008	143MB	2.4.8
DVD Shrink 3.2	DVD Shrink	07.05.2010	992KB	
Ecosia Plugin 1.0	Ecosia	04.06.2010	1,05MB	
ElsterFormular für Privatanwender	Landesfinanzdirektion Thüringen	03.04.2011	143MB	12.1.1.6214p
Epson Easy Photo Print 2	SEIKO EPSON CORPORATION	14.02.2010	98,8MB	2.1.0.0
Epson Event Manager	SEIKO EPSON Corporation	14.02.2010	19,9MB	2.30.00
Epson FAX Utility	SEIKO EPSON CORPORATION	14.02.2010	22,8MB	1.00.000
Epson PC-FAX Driver		14.02.2010		
Epson Printer Software Downloader		14.02.2010		
EPSON Scan		14.02.2010	16,8MB	
Epson Stylus Office BX610FW_Office TX610FW_SX610FW Handbuch		14.02.2010	9,15MB	
EPSON SX610FW Series Printer Uninstall	SEIKO EPSON Corporation	14.02.2010		
EpsonNet Print	SEIKO EPSON CORPORATION	14.02.2010	4,30MB	2.4i
EpsonNet Setup	SEIKO EPSON CORPORATION	14.02.2010	16,0MB	3.1a
FDRTools Basic 2.3.0beta1	AGS Technik	13.02.2009	23,1MB	2.3.0
Firebird SQL Server - MAGIX Edition	MAGIX AG	05.08.2008	6,56MB	2.0.1.13
FormatFactory 2.50	Free Time	03.11.2010	114MB	2.50
Genesys PC Camera Device	Genesys	29.11.2007	744KB	0.1.0.0
Google Chrome	Google Inc.	04.01.2010	157MB	22.0.1229.94
Google Desktop	Google	20.01.2008	7,91MB	-
Google Earth	Google	10.12.2011	92,7MB	6.1.0.5001
Google Toolbar for Internet Explorer	Google Inc.	29.09.2012	11,9MB	7.4.3230.2052
Google Updater	Google Inc.	10.12.2011	3,41MB	2.4.2432.1652
Intel(R) Matrix Storage Manager		20.01.2008	3,77MB	
Java(TM) 6 Update 26	Oracle	08.05.2011	97,0MB	6.0.260
Java(TM) 6 Update 3	Sun Microsystems, Inc.	03.12.2007	168MB	1.6.0.30
king.com (remove only)	Midasplayer Ltd (king.com)	20.01.2008		
Letstrade	Buhl Data Service	03.12.2007	25,9MB	1.00.0000
MAGIX Filme auf DVD 8 8.0.0.11 (D)	MAGIX AG	04.01.2009	301MB	8.0.0.11
MAGIX Foto Clinic 6 6.0.10.0 (D)	MAGIX AG	29.02.2008	18,9MB	6.0.10.0
MAGIX Foto Manager 2008 5.0.0.255 (D)	MAGIX AG	05.08.2008	112MB	5.0.0.255
MAGIX Fotos auf CD & DVD 6.5 deluxe 6.5.0.21 (D)	MAGIX AG	29.02.2008	283MB	6.5.0.21
MAGIX Goya burnR 2.3.1.3 (D)	MAGIX AG	29.02.2008	28,6MB	2.3.1.3
MAGIX Music Cleaning Lab 2008 deluxe 9.0.1.0 (D)	MAGIX AG	05.08.2008	292MB	9.0.1.0
MAGIX Music Manager 2007 8.1.1.108 (D)	MAGIX AG	29.02.2008	63,0MB	8.1.1.108
MAGIX Online Druck Service 3.4.3.0 (D)	MAGIX AG	04.01.2009	9,35MB	3.4.3.0
MAGIX PC Visit	MAGIX AG	05.08.2008	1,68MB	4.3.6.1987
MAGIX USB-Videowandler 2	MAGIX	04.01.2009	7,86MB	1.00.0000
MAGIXUSB-Videowandler 2 Device Driver		04.01.2009		
MakeDisc	CyberLink Corp.	20.01.2008	101MB	3.0.2320
Malwarebytes Anti-Malware Version 1.65.0.1400	Malwarebytes Corporation	10.10.2012	12,7MB	1.65.0.1400
McAfee Security Scan Plus	McAfee, Inc.	04.10.2010	9,52MB	2.0.181.2
Media Go	Sony	12.01.2011	74,5MB	1.0.373
MediaShow	CyberLink Corporation	20.01.2008	33,0MB	3.0.4325
MEDION Fotos auf CD Sued	MAGIX AG	08.12.2007	649MB	6.0.2.0
MEDIONbox	Medion	03.12.2007	26,9MB	1.09.0000.00052
Mein CEWE FOTOBUCH		10.03.2010	170MB	
Microsoft .NET Framework 1.1		22.10.2011		
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	27.08.2009	36,9MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	17.08.2009	27,8MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	12.02.2011	120MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	12.02.2011	24,5MB	4.0.30319
Microsoft Office FrontPage 2003	Microsoft Corporation	05.09.2012	204MB	11.0.8173.0
Microsoft Office Professional Edition 2003	Microsoft Corporation	10.10.2012	653MB	11.0.8173.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	30.07.2009	251KB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	22.06.2011	294KB	8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	30.07.2009	199KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	10.03.2010	624KB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	03.04.2011	233KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	27.03.2009	589KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	20.01.2011	589KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	22.06.2011	594KB	9.0.30729.6161
Microsoft Works	Microsoft Corporation	10.10.2012	378MB	9.7.0621
Mozilla Firefox 15.0 (x86 de)	Mozilla	30.08.2012	40,1MB	15.0
Mozilla Firefox 15.0.1 (x86 de)	Mozilla	09.09.2012	40,1MB	15.0.1
Mozilla Maintenance Service	Mozilla	09.09.2012	216KB	15.0.1
Mozilla Thunderbird (3.1.20)	Mozilla	30.08.2012	33,5MB	3.1.20 (de)
MSXML 4.0 SP2 (KB925672)	Microsoft Corporation	02.12.2007	1,23MB	4.20.9839.0
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation	02.12.2007	1,23MB	4.20.9841.0
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	02.12.2007	1,26MB	4.20.9848.0
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	02.12.2007	1,26MB	4.20.9849.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	13.11.2008	1,27MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	05.12.2009	1,33MB	4.20.9876.0
Mufin MusicFinder Base 1.5.3.255 (D)	MAGIX AG	04.01.2009	43,2MB	1.5.3.255
Nero 8 Essentials	Nero AG	03.12.2007	1,82GB	8.10.284
Nikon RAW Codec	Nikon	07.07.2008	3,91MB	1.00.0000
Nikon Transfer	Nikon	12.05.2008	45,8MB	1.0.1
Norton Security Scan	Symantec Corporation	20.03.2008	6,27MB	1.4.0
Norton Security Scan	Symantec Corporation	21.05.2010	10,6MB	2.7.3.34
NVIDIA Drivers		20.08.2008		
OpenOffice.org 3.3	OpenOffice.org	08.05.2011	412MB	3.3.9567
Photomatix Pro version 3.1.3	HDRsoft Sarl	21.06.2009	10,9MB	3.1.3
PhotoNow!	CyberLink Corp.	20.01.2008	1,59MB	1.0.4310
Picture Control Utility	Nikon	12.05.2008	28,0MB	1.0.2
PowerDirector	CyberLink Corp.	06.12.2007	230MB	6.5.2209a
PowerDVD	CyberLink Corporation	20.01.2008	87,2MB	7.0.3118.0
PowerProducer	CyberLink Corp.	20.01.2008	190MB	4.2.2219
QuickTime	Apple Inc.	12.05.2008	74,0MB	7.2.0.240
QuiltAssistent		20.05.2010	2,72MB	
Ralink Wireless LAN	RaLink	06.12.2007	1,85MB	1.00.0000
Ranch Rush Deluxe	Zylom Games	18.02.2009	170MB	1.0.0
RealPlayer	RealNetworks	04.01.2010	67,7MB	
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista	Realtek	02.12.2007	648KB	1.00.0000
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	10.12.2007	15,7MB	6.0.1.5523
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	02.12.2007	2,97MB	
RescuePRO Deluxe 4.0		18.05.2008	55,9MB	
Saal Digital	Silverwire Software AG	18.01.2009		
SAMSUNG Mobile Composite Device Software		31.12.2008		
SAMSUNG Mobile Modem Driver Set		31.12.2008		
Samsung Mobile phone USB driver Software		31.12.2008		
SAMSUNG Mobile USB Modem 1.0 Software		31.12.2008		
SAMSUNG Mobile USB Modem Software		31.12.2008		
Samsung PC Studio 3	Samsung Electronics Co., Ltd.	31.12.2008	190MB	3.2.2.80705
Samsung PC Studio 3 USB Driver Installer	Samsung Electronics Co., Ltd.	31.12.2008	190MB	3.2.0.70701
Sceneo AbsolutTV		20.01.2008	4,79MB	
screensaver		29.01.2008		
SereneScreen Marine Aquarium 2.6	Prolific Publishing, Inc.	29.01.2008	684KB	2.6
Skype™ 5.10	Skype Technologies S.A.	07.09.2012	19,4MB	5.10.116
Sony Ericsson Media Manager 1.1	Sony Ericsson	05.11.2008	62,4MB	1.1.550
Sony Ericsson PC Suite 5.007.01	Sony Ericsson	12.01.2011	36,8MB	5.007.01
Spelling Dictionaries Support For Adobe Reader 8	Adobe Systems	31.10.2010	32,5MB	8.0.0
Synaptics Pointing Device Driver	Synaptics	02.12.2007	12,8MB	9.1.10.0
TVsweeper 3	Sonavis	03.12.2007	4,11MB	3.0.3
Ulead PhotoImpact 12	Ulead System	20.01.2008	389MB	12.0
Update Service	Sony Ericsson Mobile Communications AB	10.02.2009	162MB	2.9.2.12
ViewNX	Nikon	12.05.2008	26,5MB	1.0.1
WEB.DE MultiMessenger	WEB.DE GmbH	27.04.2009	30,0MB	3.70.2806
Windows Media Player Firefox Plugin	Microsoft Corp	11.05.2009	296KB	1.0.0.8
WISO Mein Geld 2008 Professional	Buhl Data Service GmbH	03.12.2007	167MB	9.00.01.0023
X10 Hardware(TM)		20.01.2008	28,0KB	
YouTube Uploader for CASIO	CASIO COMPUTER CO., LTD.	11.07.2011	2,31MB	1.0.1.0
Zylom Games Player Plugin	Zylom Games	12.06.2008
         

zu 4.) erneuter OTL-Scan

OTL.txt

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 13.10.2012 11:02:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mila\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,66% Memory free
4,23 Gb Paging File | 2,85 Gb Available in Paging File | 67,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 212,88 Gb Total Space | 29,08 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,07 Gb Free Space | 50,34% Space Free | Partition Type: FAT32
Drive G: | 7,83 Gb Total Space | 4,34 Gb Free Space | 55,45% Space Free | Partition Type: FAT32
 
Computer Name: STEFAN-PC | User Name: Mila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.10 23:18:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mila\Downloads\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.06.28 20:12:00 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.17 21:30:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.05 17:04:52 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.06 01:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009.01.12 10:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.12.14 10:20:35 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2007.12.05 05:31:48 | 004,710,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.10.17 16:42:40 | 000,128,296 | ---- | M] (CyberLink) -- C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe
PRC - [2007.10.15 10:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.10.15 10:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007.09.20 09:51:46 | 001,836,328 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007.07.12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.07.12 17:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.06.11 14:57:14 | 000,079,488 | ---- | M] (CASIO COMPUTER CO.,LTD.) -- C:\Programme\CASIO\YouTube Uploader for CASIO\YStart.exe
PRC - [2007.05.22 17:57:26 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007.04.26 15:53:38 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007.04.19 13:11:08 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007.02.27 21:21:08 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.02.25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007.02.09 21:51:34 | 000,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe
PRC - [2006.12.19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006.01.24 00:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005.03.08 13:46:00 | 000,651,264 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2005.03.04 12:50:00 | 000,118,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.05.08 21:49:08 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2008.12.22 10:50:28 | 000,135,168 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008.11.21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2007.10.17 16:42:42 | 000,013,096 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMLSvcPS.dll
MOD - [2007.10.17 16:42:30 | 000,636,200 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMediaLibrary.dll
MOD - [2007.06.22 14:59:36 | 000,077,824 | ---- | M] () -- C:\Windows\System32\glspef.ax
MOD - [2005.07.22 22:30:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\TosCommAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.09 21:05:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.08 17:55:19 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.28 20:12:00 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.17 21:30:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.08.04 22:11:29 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.12.14 10:20:36 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.07.12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2007.03.20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007.02.25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.12.19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.03.04 12:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - [2005.03.04 12:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.07.02 16:35:03 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2011.06.28 20:12:01 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 20:12:01 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.11 12:05:13 | 000,024,616 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009.02.11 12:05:13 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.01.01 19:20:52 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.11.04 10:52:38 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2008.11.04 10:52:38 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2008.11.04 10:52:38 | 000,086,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2008.11.04 10:52:38 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2008.11.04 10:52:38 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008.11.04 10:52:36 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2008.11.04 10:52:36 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2008.10.21 10:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 10:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.10.21 10:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.10.21 10:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 10:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.10.21 10:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.10.21 10:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.03.06 11:42:14 | 000,530,944 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008.03.01 22:32:29 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.10 15:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017unic.sys -- (s3017unic)
DRV - [2007.12.10 15:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 15:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mgmt.sys -- (s3017mgmt)
DRV - [2007.12.10 15:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017nd5.sys -- (s3017nd5)
DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 15:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus)
DRV - [2007.10.24 00:03:00 | 007,629,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.07.31 12:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.07.03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007.07.03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007.07.03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2007.06.26 14:44:22 | 000,131,584 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene)
DRV - [2007.06.11 15:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.05.24 15:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.04.25 21:42:16 | 000,045,696 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007.04.24 14:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.03.05 22:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 17:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.01.22 11:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.20 18:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.10.10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.01.06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Ecosia"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.org/"
FF - prefs.js..extensions.enabledAddons: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.6
FF - prefs.js..extensions.enabledAddons: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:6.0
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 17:55:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 17:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.08.30 22:03:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 17:55:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 17:55:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{528bcd12-8e45-4595-96dd-c92c3989c536}: C:\Program Files\WEB.DE\WEB.DE MultiMessenger\ThunderbirdSyncProxy [2009.02.18 12:49:06 | 000,000,000 | ---D | M]
 
[2011.01.22 08:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mila\AppData\Roaming\mozilla\Extensions
[2011.01.22 08:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mila\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.29 08:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mila\AppData\Roaming\mozilla\Firefox\Profiles\cwflsnih.default\extensions
[2010.05.20 10:49:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mila\AppData\Roaming\mozilla\Firefox\Profiles\cwflsnih.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.25 15:57:09 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\Mila\AppData\Roaming\mozilla\firefox\profiles\cwflsnih.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
[2012.09.29 08:22:21 | 000,045,208 | ---- | M] () (No name found) -- C:\Users\Mila\AppData\Roaming\mozilla\firefox\profiles\cwflsnih.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi
[2011.05.17 21:47:48 | 000,002,289 | ---- | M] () -- C:\Users\Mila\AppData\Roaming\mozilla\firefox\profiles\cwflsnih.default\searchplugins\ecosia.xml
[2012.09.08 17:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.08 17:55:20 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.07.04 13:31:06 | 000,214,272 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Ecosia Class) - {7EE976C4-7B1F-47f5-8521-4527C905F3BB} - C:\Programme\Ecosia\ecosia.dll ()
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Filme_auf_DVD_8\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" File not found
O4 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003..\Run: [Epson Stylus SX610FW(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003..\Run: [EPSON SX610FW Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003..\Run: [WEB.DE_WEB.DE MultiMessenger] C:\Program Files\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE (WEB.DE GmbH)
O4 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O7 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\..Trusted Domains: die-maus.de ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-467133875-3664071592-3944233276-1003\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91F79B75-39A0-4DF4-8738-A796CFFD044A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC007ABC-3C0C-49A3-B143-4E67BF6BCA89}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mila\Documents\Bluetooth\Inbox\DSC00529.JPG
O24 - Desktop BackupWallPaper: C:\Users\Mila\Documents\Bluetooth\Inbox\DSC00529.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.13 10:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.13 10:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.13 09:43:36 | 000,000,000 | ---D | C] -- C:\Users\Mila\Documents\scans 2012-10-13
[2012.10.13 09:18:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.11 22:05:28 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.10.10 21:27:55 | 000,000,000 | ---D | C] -- C:\Users\Mila\AppData\Roaming\Malwarebytes
[2012.10.10 21:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.10 21:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.10 21:27:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.10 21:27:37 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2012.10.09 21:16:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.09 21:15:46 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.09 21:15:45 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.02 22:28:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.10.02 22:28:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.10.02 22:28:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.10.02 22:28:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.10.02 22:28:44 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.10.02 22:28:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.10.02 22:28:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.10.02 22:28:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.01.13 23:30:53 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeB3F3.dll
[2008.05.04 08:15:06 | 000,333,360 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer11GOLD_de.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.13 11:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.13 10:39:09 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.13 10:35:03 | 000,054,932 | ---- | M] () -- C:\Users\Mila\AppData\Roaming\nvModes.001
[2012.10.13 10:34:05 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Mila.job
[2012.10.13 09:40:55 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Mila.job
[2012.10.13 09:40:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.13 09:40:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.13 09:40:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.13 09:40:22 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.13 09:39:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.11 22:37:07 | 000,034,539 | ---- | M] () -- C:\Users\Mila\Documents\log-daten.zip
[2012.10.11 07:08:13 | 240,381,084 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.10 23:16:45 | 000,000,000 | ---- | M] () -- C:\Users\Mila\defogger_reenable
[2012.10.10 21:27:41 | 000,000,664 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.10 21:18:55 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.10 21:18:55 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.10 21:18:55 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.10 21:18:55 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.10 20:51:05 | 000,054,932 | ---- | M] () -- C:\Users\Mila\AppData\Roaming\nvModes.dat
[2012.10.10 20:00:05 | 000,000,242 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2012.10.09 21:04:35 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.09 21:04:35 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.03 17:05:10 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Mila.job
[2012.09.16 14:49:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.09.13 15:28:08 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
 
========== Files Created - No Company Name ==========
 
[2012.10.13 10:39:09 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.11 22:37:07 | 000,034,539 | ---- | C] () -- C:\Users\Mila\Documents\log-daten.zip
[2012.10.10 23:16:45 | 000,000,000 | ---- | C] () -- C:\Users\Mila\defogger_reenable
[2012.10.10 21:27:41 | 000,000,664 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.10 20:40:40 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2012.10.03 11:31:01 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Mila.job
[2012.10.03 11:31:00 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Mila.job
[2012.10.03 11:31:00 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Mila.job
[2011.05.18 03:00:30 | 000,000,680 | ---- | C] () -- C:\Users\Mila\AppData\Local\d3d9caps.dat
[2009.12.30 00:44:52 | 000,015,043 | ---- | C] () -- C:\Users\Mila\Nola Note.nra
[2009.05.01 08:00:45 | 006,158,081 | ---- | C] () -- C:\Users\Mila\hannah.zip
[2009.01.01 19:21:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008.07.30 10:29:20 | 000,000,052 | ---- | C] () -- C:\Users\Mila\AppData\Roaming\Default.PLS
[2008.05.12 21:43:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Screen Savers
[2008.05.12 21:43:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2008.05.12 21:43:54 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Soundtrack
[2008.05.12 21:42:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sci-Fi
[2008.05.12 21:42:45 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2008.05.12 21:42:45 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Smooth Strings
[2008.05.12 21:36:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Ambient
[2008.05.12 21:32:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
[2008.02.17 23:25:10 | 000,023,040 | ---- | C] () -- C:\Users\Mila\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.23 15:33:06 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.22 10:27:15 | 000,054,932 | ---- | C] () -- C:\Users\Mila\AppData\Roaming\nvModes.001
[2008.01.21 14:30:44 | 000,054,932 | ---- | C] () -- C:\Users\Mila\AppData\Roaming\nvModes.dat
[2008.01.21 11:36:22 | 000,000,000 | ---- | C] () -- C:\Users\Mila\AppData\Roaming\wklnhst.dat
[2008.01.21 11:28:46 | 000,000,092 | ---- | C] () -- C:\Users\Mila\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.08.06 22:03:40 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\CASIO
[2010.02.22 18:32:34 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Epson
[2008.01.28 19:59:17 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\FRITZ!
[2009.01.05 12:24:37 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\MAGIX
[2008.07.24 18:39:01 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Nikon
[2011.05.08 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\OpenOffice.org
[2008.01.21 12:04:31 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Sonavis
[2011.01.13 23:50:57 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Sony
[2011.01.22 08:15:06 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Thunderbird
[2010.05.07 15:05:51 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Uniblue
[2009.02.18 12:49:48 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\WEB.DE
[2009.06.28 22:15:18 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Zylom
[2008.01.22 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\BullGuard
[2011.08.06 22:03:40 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\CASIO
[2011.04.03 11:09:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\elsterformular
[2010.02.15 21:18:23 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Epson
[2009.02.15 00:11:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\fdrtools.com
[2008.10.25 01:11:11 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\FRITZ!
[2009.06.21 22:28:56 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\HDRsoft
[2009.01.07 21:19:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MAGIX
[2008.05.12 21:47:26 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Nikon
[2009.01.01 19:21:36 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Samsung
[2011.09.18 18:03:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Sony
[2011.07.03 21:27:51 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Thunderbird
[2008.02.16 23:24:36 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 

< End of report >
         

Extas.txt

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 13.10.2012 11:02:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mila\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,66% Memory free
4,23 Gb Paging File | 2,85 Gb Available in Paging File | 67,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 212,88 Gb Total Space | 29,08 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,07 Gb Free Space | 50,34% Space Free | Partition Type: FAT32
Drive G: | 7,83 Gb Total Space | 4,34 Gb Free Space | 55,45% Space Free | Partition Type: FAT32
 
Computer Name: STEFAN-PC | User Name: Mila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-467133875-3664071592-3944233276-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A59C76D-73F6-4E7E-B5B0-06F9C9E1C6E4}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{2BBD9BA4-6E67-4E0A-9A81-8ABA97427837}" = lport=2799 | protocol=17 | dir=in | name=altova license metering port (udp) | 
"{64EF0BB4-3401-4476-8082-90509016B41F}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{733ABD76-C0F5-4510-9257-6CC8455FB1A8}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{9F220FCE-1F96-4568-B0E2-1DB05251A593}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A418F797-B170-49F8-A372-E6164E436FDB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AB58D7F7-A9B0-4C2F-9C58-0B10F4359173}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{AD0D9DA2-FF5A-4910-AE0B-C757CF82D972}" = lport=2799 | protocol=6 | dir=in | name=altova license metering port (tcp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A9752B-9DD3-4069-A698-B04E5E186262}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{1DD7DAEF-83BE-4E20-B053-6FEFBF783DDB}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{2A02593A-BD9F-4421-9BF1-E7E7F85D874F}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{4835947E-590B-49D6-A4FF-78FC3F7C234D}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{51C2AD37-5A70-42B1-B315-3B5767F1C83D}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{6FCDD6A5-98BD-4351-8129-0574451946B4}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{A1EA9846-CA11-46A1-8874-DA6DDBA933F7}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{B99893F4-76E9-48BE-B806-E65F4BCD8180}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe | 
"{BCAA4B2C-32C8-4B67-B788-B81EE38AAC8B}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{C61F6DE2-F581-4991-9A2F-97F82474FD12}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C72DFEE3-95D1-4BAE-B471-EA25346F2BA1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C7F5B251-39DD-42F1-8436-347DCCC543A1}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{E8109299-6EDC-4EED-B15B-18AC6542B193}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E94A9A77-ACD3-4F90-85AA-A3051E3DF392}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe | 
"TCP Query User{14034B1A-3A00-469B-928E-7EEE9FAF5592}C:\program files\web.de\web.de multimessenger\messengr.exe" = protocol=6 | dir=in | app=c:\program files\web.de\web.de multimessenger\messengr.exe | 
"TCP Query User{19B483B7-AFC8-49F7-B59B-46EB34785F14}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{226D9EEF-4426-4DDB-AE4F-9C49CA2B8DCC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{25D210B6-A4DD-40F7-BB8C-DE18F1B98FBC}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{27568408-9A14-4481-A797-AFEBE6E00A3C}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"TCP Query User{2F610EDA-539F-40D4-A8D2-EA7250F2867A}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{46E7A500-BF87-42ED-AF80-208B55F568CF}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{50568C6A-641F-4634-A059-61ADF2766F3A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{62BB7AD2-3D39-48BF-AA05-77F19723B1AE}C:\program files\web.de\web.de multimessenger\messengr.exe" = protocol=6 | dir=in | app=c:\program files\web.de\web.de multimessenger\messengr.exe | 
"TCP Query User{7F203FA1-2C2E-4F3B-BCAF-AD87B8802119}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{AB147BC5-28ED-4F8B-8B08-D9B2C31A2FAF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{FAAC3C0A-1842-43FA-95AA-0628401E5922}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{1AF469CB-43EC-4803-99DB-CCAD1973BEF2}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{26BC2523-C7FA-44AB-8360-14D4E5CC89D3}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{341E7C86-F7F5-42C2-A5B5-8482DCC9A8F1}C:\program files\web.de\web.de multimessenger\messengr.exe" = protocol=17 | dir=in | app=c:\program files\web.de\web.de multimessenger\messengr.exe | 
"UDP Query User{3FCE6863-06E0-4C23-92E5-969D7CB27007}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{3FD6C417-9866-4016-A02C-5A439FD0C33D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{410FD898-7B73-4CE8-8970-E539689F1FDB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{94171BB8-C80C-499C-8786-2F23FB0D0B85}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{B7B9127A-66C4-41EC-850C-829953FCC08F}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{C2196C68-4B9A-4F26-8DFF-28C6A0077103}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{CE4DF2FF-ED04-4554-B309-172EEAC65E15}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{D0281651-DD80-4B90-B143-57320500AB64}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"UDP Query User{F409A200-FEBF-4ACA-9754-C8034C09E5B6}C:\program files\web.de\web.de multimessenger\messengr.exe" = protocol=17 | dir=in | app=c:\program files\web.de\web.de multimessenger\messengr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = YouCam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR} 
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21D9DC24-7826-4007-B245-5FB80ED0F682}_is1" = Ecosia Plugin 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 5.007.01
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys PC Camera Device
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B85CF0F-DCFC-421A-A2D6-28D7CDE3C2E5}" = DC-Grundbaustatik
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80A97464-A741-44B0-8AD6-0C16B1FEF7F6}" = Norton Security Scan
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91065458-A5CF-474C-9160-B44B974B3C25}" = MAGIX USB-Videowandler 2
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C9C13822-A638-4331-99A3-4498A5901693}" = Media Go
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E6767A28-7782-4566-A730-4411AEACCE0B}" = DC-Bodenmechanik
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E90040E4-98E2-40C8-AAC9-1E7B768F1A65}" = YouTube Uploader for CASIO
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAEEDF71-A043-455A-B1F7-F11D570C71BA}" = FDRTools Basic 2.3.0beta1
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}" = CyberLink YouCam
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0.1
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"ALDI Foto Manager Free Sued D" = ALDI Foto Manager Free Sued
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Capture NX" = Capture NX
"CCleaner" = CCleaner
"Corel Applications" = Corel Applications
"Das Aquarium mit der Maus.scr" = Das Aquarium mit der Maus ScreenSaver
"DVD Shrink_is1" = DVD Shrink 3.2
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus Office BX610FW_Office TX610FW_SX610FW Benutzerhandbuch" = Epson Stylus Office BX610FW_Office TX610FW_SX610FW Handbuch
"EPSON SX610FW Series" = EPSON SX610FW Series Printer Uninstall
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FormatFactory" = FormatFactory 2.50
"FRITZ!DSL" = AVM FRITZ!DSL
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{91065458-A5CF-474C-9160-B44B974B3C25}" = MAGIX USB-Videowandler 2
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"king.com" = king.com (remove only)
"MAGIX Filme auf DVD 8 D" = MAGIX Filme auf DVD 8 8.0.0.11 (D)
"MAGIX Foto Clinic 6 D" = MAGIX Foto Clinic 6 6.0.10.0 (D)
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.0.255 (D)
"MAGIX Fotos auf CD & DVD 6.5 deluxe D" = MAGIX Fotos auf CD & DVD 6.5 deluxe 6.5.0.21 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Music Cleaning Lab 2008 deluxe D" = MAGIX Music Cleaning Lab 2008 deluxe 9.0.1.0 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.1.1.108 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX PC Visit D" = MAGIX PC Visit
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"PhotomatixPro3_is1" = Photomatix Pro version 3.1.3
"QuiltAssist" = QuiltAssistent
"RealPlayer 12.0" = RealPlayer
"RescuePRO-Deluxe" = RescuePRO Deluxe 4.0
"Saal Digital" = Saal Digital 
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"screensaver.scr" = screensaver
"SereneScreen Marine Aquarium 2.6_is1" = SereneScreen Marine Aquarium 2.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVEpaDrv" = MAGIXUSB-Videowandler 2 Device Driver
"Update Service" = Update Service
"WEB.DE MultiMessenger" = WEB.DE MultiMessenger
"X10Hardware" = X10 Hardware(TM)
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-467133875-3664071592-3944233276-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Ranch Rush Deluxe" = Ranch Rush Deluxe
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.03.2012 01:51:02 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 08.03.2012 01:51:04 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 13.03.2012 13:43:44 | Computer Name = Stefan-PC | Source = Windows Search Service | ID = 3024
Description = 
 
Error - 14.03.2012 08:41:01 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 17.03.2012 03:12:08 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 17.03.2012 03:28:23 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 24.03.2012 15:51:29 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 24.03.2012 16:25:42 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 01.05.2012 05:57:26 | Computer Name = Stefan-PC | Source = Application Hang | ID = 1002
Description = Programm E_FARNFJE.EXE, Version 5.0.5.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 5f4  Anfangszeit: 01cd278041b599d0  Zeitpunkt der Beendigung:
 7
 
Error - 01.05.2012 06:03:16 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 01.05.2012 07:35:48 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4609
Description = 
 
[ Media Center Events ]
Error - 04.02.2008 11:57:56 | Computer Name = Stefan-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 08.03.2008 09:46:07 | Computer Name = Stefan-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 25.03.2008 16:02:02 | Computer Name = Stefan-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 30.03.2008 13:47:24 | Computer Name = Stefan-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 30.03.2008 13:47:26 | Computer Name = Stefan-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 21.08.2008 02:51:12 | Computer Name = Stefan-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 18.06.2009 15:51:58 | Computer Name = Stefan-PC | Source = ehRecvr | ID = 4
Description = 
 
[ System Events ]
Error - 11.10.2012 15:55:23 | Computer Name = Stefan-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "BOOT" aus.
 
Error - 11.10.2012 15:55:23 | Computer Name = Stefan-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "BOOT" aus.
 
Error - 11.10.2012 15:55:23 | Computer Name = Stefan-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "BOOT" aus.
 
Error - 11.10.2012 15:55:23 | Computer Name = Stefan-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "BOOT" aus.
 
Error - 11.10.2012 15:55:23 | Computer Name = Stefan-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "BOOT" aus.
 
Error - 11.10.2012 15:55:23 | Computer Name = Stefan-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "BOOT" aus.
 
Error - 11.10.2012 16:11:41 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.10.2012 03:09:47 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.10.2012 03:42:00 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.10.2012 04:40:04 | Computer Name = Stefan-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         

Nochmals vielen Dank und viele Grüße,
Stefan

Systemreinigung und Prüfung:

► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

1.
Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere:

Code: Alles auswählenAufklappen

ATTFilter

McAfee Security Scan Plus
vermutlich über Adobe (Flash Player) auf dem rechner gelandet!
         

obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation aus dem Internet bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

2.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 7 - von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!
Tipp: -> Java-Updates konfigurieren

3.
Aktualisieren: Alte Version deinstallieren und neue herunterladen:-> -> Firefox Kostenloser Download

Code: Alles auswählenAufklappen

ATTFilter

Mozilla Thunderbird
         

aber Achtung!:
bei Bedarf, vorher für dich wichtige (Benutzerdefinierte) Einstellungen zu speichern:-> Mozilla Firefox Backup erstellen
Info:-> Firefox auf die letzte Version aktualisieren

4.
Aktualisieren:

Code: Alles auswählenAufklappen

ATTFilter

OpenOffice.org
         

5.
Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!:
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

6.
Alle Programme/Fenster schliessen
reinige dein System mit CCleaner:

• "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
• "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
• Starte dein System neu auf

7.
Vorbereitung

• Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
• Bitte während der Online-Scans deaktivieren:
  Anti-Virus-Programm und Firewall.
• Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
• unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
  Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
• Während der Online-Scans auf andere Online-Aktivitäten verzichten.
• Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.
• 
  
  .

Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!

• Eset Online Scanner (NOD32)
  • Unterstützte Betriebssysteme: Microsoft Windows 7 - Vista - XP - 2000 - NT.
  • Anmerkung für Vista und Windows 7-User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.
  • Button "ESET Online Scanner" drücken.
  • IE-User müssen das Installieren eines ActiveX Elements erlauben.
  • Einen Haken bei "YES, I accept the Terms of Use." machen und auf den Button "Start" drücken.
  • Einen Haken bei "Remove found threads" und "Scan archives" machen.
  • Start drücken.
  • Signaturen werden heruntergeladen.
  • Der Scan beginnt automatisch.
  • Wenn fertig, das Protokoll speichern und mir posten.
    -> List of found threats
    -> Export to text file
    -> Back
    -> Delete quarantäne files
  • Finish drücken.
  • Browser schließen.
  • Deinstallation nachdem das Protokoll mir gepostet hast: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Hallo Kira,

ich habe alle Schritte durchgeführt. Anbei das Scanprotokoll.

Code: Alles auswählenAufklappen

ATTFilter

C:\Users\Mila\Downloads\registrybooster.exe	a variant of Win32/RegistryBooster application	cleaned by deleting - quarantined
         

Ansonsten scheint der Rechner gut zu funktionieren, ich konnte jedenfalls bisher keine weiteren Probleme feststellen.

Nochmal vilen Dank für Deine Hilfe!

Viele Grüße,
Stefan

** Lass dein System in der nächste Zeit noch unter Beobachtung!
wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes:

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:

Code: Alles auswählenAufklappen

ATTFilter

CCleaner
         

- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

• Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
• Speichere es auf Deinem Desktop.
• Doppelklick auf OTL.exe um das Programm auszuführen.
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Klicke auf den Button "Bereinigung"
• OTL fragt eventuell nach einem Neustart.
  Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes:

• *Systemwiederherstellung deaktivieren: Windows 7 und Vista*
• PC runterfahren
• wieder einschalten
• Systemwiederherstellung aktivieren

also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!
-> Installiere jedes Update das Dir angeboten wird, wiederhole den Vorgang so oft, bis nicht mehr gibt

Lesestoff Nr.1:
Gib Kriminellen Handlungen keine Chance!

Zitat:

Sichere regelmäßig deine Daten (Bilder Musik, Dokumente, Mails (als Textdatei), im Browser Lesezeichen usw) auf CD/DVD, USB-Sticks oder externe Festplatten! Am besten 2x an verschiedenen Orten sichern!

• Wie erstelle ich ein eingeschränktes Benutzerkonto?
• Software immer auf dem neuesten Stand halten!:
  ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
• Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox
• Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
  - Unbekannten E-Mail-Anhang NICHT öffnen!
  - Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen
• Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
  auch noch hier unter: Sicheres Kennwort (Password)
  Die fünf häufigsten Passwort-Fehler
• "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
  Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Während der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
  so wird oft Art von Adware/Spyware mitinstalliert!
• NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
• Programme und Treiber:
  Nur vom Hersteller!
• Onlinebanking:
  Gib deine Passwörter niemals preis!
  Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
• Computer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
  Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
• Wichtige Daten Regelmäßig sichern! - aber denk daran: dein Hauptsystem ist doch kein Lagerhalle!
• Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
• Webseiten ohne Gültiges Impressum nicht besuchen
  - Externe Geräte (Festplatte USB-Stick) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest
• Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
  Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse.
  ► Ausserdem machst Du dich damit strafbar!
• Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
  Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
• Virenscanner
• BSI für Bürger
• SETI@home - [Sicherheit] Sicherheitskonzept

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!

Zitat:

Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -

Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:

• Verlauf, Cache und Cookies: Spuren beseitigen nach dem Surfen
• hier nachlesen und hier microsoft.com
• Wenn dein System reibungslos läuft, kannst zeitweise die alte Wiederherstellungspunkte entfernen: -> Alle Systemwiederherstellungspunkte bis auf den Letzten löschen
• Oft den PC zu optimieren nütz wenig, der braucht jetzt eine Radikalkur (nach ca. 3-4 jahren, aber hängt von der Häufigkeit der Nutzung bzw Belastung ab): Anleitung: Neuaufsetzen des Systems + Absicherung
• Staub, Fingerabdrücke, Handschweiß – PC und Peripherie sehen mit der Zeit ganz schön eklig aus, ausserdem laut, reagiert langsam und wird schnell heiß:
  -> Frühjahrsputz für den PC: Tipps zur Reinigung und Entrümpelung

wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira