Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Alles rund um Windows (https://www.trojaner-board.de/alles-rund-um-windows/)
-   -   Tastaturprobleme Win7 (https://www.trojaner-board.de/94698-tastaturprobleme-win7.html)

MikeJ 13.01.2011 09:36
Tastaturprobleme Win7
 
Hallo zusammen,

ich habe seit einigen Tagen das Problem, dass meine Tastatur zwischendurch mal "spinnt". Das macht sich so bemerkbar, dass so alle 20 min einfach mal groß geschrieben wird - dies kann ich durch drücken der Shift-Taste wieder beheben. ein Anderes mal sieht es aus, als wäre die Windows-Taste gedrückt (wenn ich D-drücke wird das Desktop geräumt und mit L der PC gesperrt). Wieder ein anderes mal werden Buchstaben doppelt ausgegeben und manchmal gehen in bestimmten Programmen die Tasten C,V und H nicht (aber immer diese drei).
Ich benutze ein Dell-Notebook Precision M6400 mit Win 7 64Bit. Angeschlossen daran ein Wirless-Desktop von Logitech. Da ich bereits Fehler in der Hardware vermutet habe, wurde bereits folgendes getauscht:
  • Externe Logitech-Tastatur
  • Interne Notebook-Tastatur
  • Mainboard
Das Problem taucht auch auf, wenn ich am Notebook direkt arbeite - also nicht mit der externen Tastatur. Kompl. neu installiert habe ich den Rechner auch schon, aber der Fehler kommt irgendwann wieder (hatte jetzt ca 6 Monate ruhe). Mein Virenscanner (AntiVir) kann auch nichts finden.

PS: gegoogelt habe ich natürlich auch - aber entweder finde ich Beiträge die dann doch ein Hardwareproblem aufzeigen, oder es sind solche bei denen sich der Fragesteller dann nicht mehr meldet, wenn er das Problem gelöst hat...


Würde mich freuen, wenn mir jemand helfen könnte...
Viele Grüße
Mike

cosinus 13.01.2011 11:03
Hallo und :hallo:

Zitat:
dass so alle 20 min einfach mal groß geschrieben wird
Ist das betriebssystemunabhängig? Wie verhält sich die Tastatur wenn du mal ein Live-Linux wie Ubuntu (im Ausprobiermodus) oder Knoppix bootest?

MikeJ 19.01.2011 20:18
Hi,

bin erst jetzt mal zum Testen gekommen: Das problem scheint nur bei Windows zu bestehen, zumindest konnte ich jetzt bei Ubuntu nichts dergleichen feststellen.
Ich glaube auch nicht, dass es an der Hardware liegt, da
a) fast alles schon getauscht wurde
b) manchmal tasten gesperrt werden (immer C,V und H); dies aber auch nur in bestimmten Programmen und nie gleichzeitig -> Es ist mal im Firefox, mal in Excel oder UltraEdit und heute hatte ich es auch mal im VisualStudio.

Man merkt auch, dass mit der Maus was nicht stimmt: wenn ich versuche einen Text zu markieren, hört die Markierung plötzlich zwischendurch auf, so als würde ich die Maustaste beim Ziehen kurz loslassen.

Gruß Mike

cosinus 19.01.2011 21:11
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

MikeJ 20.01.2011 13:43
So, alles ausgeführt! :-)

Hier der Malwarebytes-Bericht:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5558

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20.01.2011 10:10:15
mbam-log-2011-01-20 (10-10-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 644930
Laufzeit: 1 Stunde(n), 17 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Hier der OTL Bericht:OTL Logfile:
Code:
OTL logfile created on: 20.01.2011 13:29:44 - Run 1
OTL by OldTimer - Version 3.2.20.2    Folder = C:\Users\**meinName**\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 67,00% Memory free
16,00 Gb Paging File | 13,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200,00 Gb Total Space | 53,78 Gb Free Space | 26,89% Space Free | Partition Type: NTFS
Drive D: | 160,00 Gb Total Space | 74,26 Gb Free Space | 46,41% Space Free | Partition Type: NTFS
Drive E: | 236,08 Gb Total Space | 222,83 Gb Free Space | 94,39% Space Free | Partition Type: NTFS
 
Computer Name: M6400 | User Name: **meinName** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\**meinName**\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\NetSetMan\netsetman.exe (Ilja Herlein)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe ()
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe ()
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Program Files (x86)\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files (x86)\Ericsson\Wireless Manager\WirelessManager.exe ()
PRC - C:\Program Files (x86)\STAMPIT\Binary\STRAY.EXE (Deutsche Post AG)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\**meinName**\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (nwtsrv) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin)
SRV:64bit: - (certsrv) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe (AVM Berlin)
SRV:64bit: - (avmike) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin)
SRV:64bit: - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (iked) -- C:\Program Files\ShrewSoft\VPN Client\iked.exe ()
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (dtpd) -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe ()
SRV:64bit: - (ipsecd) -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe ()
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV:64bit: - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV:64bit: - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (RobNetScanHost) -- C:\Program Files (x86)\Common Files\ABB Industrial IT\Robotics IT\RobAPI\RobNetScanHost.exe (ABB)
SRV - (RobComCtrlServer) -- C:\Program Files (x86)\Common Files\ABB Industrial IT\Robotics IT\RobAPI\RobComCtrlServer.exe (ABB)
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (CodeMeter.exe) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (LVUVC64) Logitech Webcam 250(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (dlsusb) -- C:\Windows\SysNative\drivers\dlsusb.sys (Datalogic Scanning, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (RsFx0150) -- C:\Windows\SysNative\drivers\RsFx0150.sys (Microsoft Corporation)
DRV:64bit: - (NWIM) -- C:\Windows\SysNative\drivers\avmnwim.sys (AVM Berlin)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (DisplayLinkUsbPort) -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.2.24075.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (hwmassfilter) -- C:\Windows\SysNative\drivers\ewmassfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (cvusbdrv) -- C:\Windows\SysNative\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Blfp) -- C:\Windows\SysNative\drivers\basp.sys (Broadcom Corporation)
DRV:64bit: - (d553scard) -- C:\Windows\SysNative\drivers\d553scard.sys (Dell)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc)
DRV:64bit: - (d553gps) -- C:\Windows\SysNative\drivers\d553gps64.sys (Dell)
DRV:64bit: - (d553unic) Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM) -- C:\Windows\SysNative\drivers\d553unic.sys (MCCI Corporation)
DRV:64bit: - (d553nd5) Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS) -- C:\Windows\SysNative\drivers\d553nd5.sys (MCCI Corporation)
DRV:64bit: - (d553mdm2) -- C:\Windows\SysNative\drivers\d553mdm2.sys (MCCI Corporation)
DRV:64bit: - (d553mdm) -- C:\Windows\SysNative\drivers\d553mdm.sys (MCCI Corporation)
DRV:64bit: - (d553card) -- C:\Windows\SysNative\drivers\d553card.sys (MCCI Corporation)
DRV:64bit: - (d553bus) Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM) -- C:\Windows\SysNative\drivers\d553bus.sys (MCCI Corporation)
DRV:64bit: - (d553mdfl2) -- C:\Windows\SysNative\drivers\d553mdfl2.sys (MCCI Corporation)
DRV:64bit: - (d553mdfl) -- C:\Windows\SysNative\drivers\d553mdfl.sys (MCCI Corporation)
DRV:64bit: - (PBADRV) -- C:\Windows\SysNative\drivers\PBADRV64.sys (Dell Inc)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (Hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 54 C6 2F 27 53 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.0
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.12 12:19:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.12 12:19:13 | 000,000,000 | ---D | M]
 
[2010.04.23 18:40:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**meinName**\AppData\Roaming\mozilla\Extensions
[2011.01.20 09:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**meinName**\AppData\Roaming\mozilla\Firefox\Profiles\ngdrffd1.default\extensions
[2010.12.28 15:30:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\**meinName**\AppData\Roaming\mozilla\Firefox\Profiles\ngdrffd1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.01.13 08:28:55 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\**meinName**\AppData\Roaming\mozilla\Firefox\Profiles\ngdrffd1.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011.01.07 15:00:07 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Users\**meinName**\AppData\Roaming\mozilla\Firefox\Profiles\ngdrffd1.default\extensions\autopager@mozilla.org
[2010.12.10 08:18:00 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\**meinName**\AppData\Roaming\mozilla\Firefox\Profiles\ngdrffd1.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.11.18 09:22:23 | 000,000,000 | ---D | M] (???????????? ?? ?????????? Logitech) -- C:\Users\**meinName**\AppData\Roaming\mozilla\Firefox\Profiles\ngdrffd1.default\extensions\DeviceDetection@logitech.com
[2010.10.25 14:37:45 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\**meinName**\AppData\Roaming\mozilla\Firefox\Profiles\ngdrffd1.default\extensions\foxmarks@kei.com
[2010.12.19 16:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.12.31 14:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.23 18:14:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.13 08:29:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.09 09:15:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe ()
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RestartNeroSetup]  File not found
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]  File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [NetSetMan] C:\Program Files (x86)\NetSetMan\netsetman.exe (Ilja Herlein)
O4 - HKCU..\Run: [phonostarTimer] C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [STAMPIT-Tray] C:\Program Files (x86)\STAMPIT\Binary\STRAY.EXE (Deutsche Post AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WEBCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WEBCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WEBCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.23 17:07:34 | 000,000,000 | ---D | M] - D:\Automation -- [ NTFS ]
O33 - MountPoints2\{22206398-60f8-11df-9ec8-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{22206398-60f8-11df-9ec8-005056c00008}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24721132-5cc5-11df-94ca-0c607690eacf}\Shell - "" = AutoRun
O33 - MountPoints2\{24721132-5cc5-11df-94ca-0c607690eacf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{247211f3-5cc5-11df-94ca-0c607690eacf}\Shell - "" = AutoRun
O33 - MountPoints2\{247211f3-5cc5-11df-94ca-0c607690eacf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2f63126c-5692-11df-9bb3-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2f63126c-5692-11df-9bb3-005056c00008}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2f63128c-5692-11df-9bb3-0c607690eacf}\Shell - "" = AutoRun
O33 - MountPoints2\{2f63128c-5692-11df-9bb3-0c607690eacf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2f6312ab-5692-11df-9bb3-0c607690eacf}\Shell - "" = AutoRun
O33 - MountPoints2\{2f6312ab-5692-11df-9bb3-0c607690eacf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4edc0a0c-624c-11df-9a73-0c607690eacf}\Shell - "" = AutoRun
O33 - MountPoints2\{4edc0a0c-624c-11df-9a73-0c607690eacf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4edc0a1e-624c-11df-9a73-0c607690eacf}\Shell - "" = AutoRun
O33 - MountPoints2\{4edc0a1e-624c-11df-9a73-0c607690eacf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fb90427f-60c4-11df-b6e6-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{fb90427f-60c4-11df-b6e6-005056c00008}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.20 12:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetSupport
[2011.01.20 12:37:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetSupport Manager
[2011.01.20 10:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVM
[2011.01.20 10:19:02 | 000,000,000 | ---D | C] -- C:\Users\**meinName**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
[2011.01.20 10:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\FRITZ!Fernzugang
[2011.01.20 08:34:52 | 000,000,000 | ---D | C] -- C:\Users\**meinName**\AppData\Roaming\Malwarebytes
[2011.01.20 08:34:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.01.20 08:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.20 08:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.20 08:34:37 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.01.20 08:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.01.18 11:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cobra Adress PLUS
[2011.01.18 11:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\cobra
[2011.01.18 11:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TAPIEx ActiveX Control 3.4
[2011.01.18 11:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Data Dynamics
[2011.01.17 10:02:46 | 000,000,000 | ---D | C] -- C:\Users\**meinName**\AppData\Local\SnippetEditor
[2011.01.14 15:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Tapi Services for FRITZ!Box
[2011.01.14 15:08:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\FBox
[2011.01.14 15:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVM
[2011.01.12 11:26:04 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011.01.12 11:26:04 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011.01.12 11:26:04 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011.01.12 11:26:04 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.01.12 11:26:04 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011.01.12 11:26:04 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.01.12 11:26:04 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.01.12 11:26:03 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011.01.12 11:26:03 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011.01.12 11:26:03 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011.01.12 11:26:03 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.01.12 11:26:03 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.01.12 11:26:03 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.01.12 11:26:03 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.01.12 11:26:03 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011.01.12 11:26:03 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.01.12 11:26:03 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011.01.12 11:26:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011.01.12 11:26:02 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011.01.12 11:26:02 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.01.12 11:26:02 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011.01.12 11:26:02 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011.01.12 11:26:02 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011.01.12 11:26:02 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011.01.12 11:26:02 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011.01.12 11:26:02 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.01.12 11:26:02 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011.01.12 11:25:36 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011.01.12 11:25:36 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011.01.11 10:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ABB Industrial IT
[2011.01.10 09:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011.01.10 09:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011.01.10 09:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2011.01.03 18:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010.12.31 12:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\mjSolutions
[2010.12.30 12:53:13 | 000,000,000 | ---D | C] -- C:\Users\**meinName**\AppData\Roaming\mj_Solutions
[2010.12.28 15:02:47 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010.12.28 15:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2010.12.28 14:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010.12.28 14:46:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010.12.28 14:46:48 | 000,000,000 | ---D | C] -- C:\Users\**meinName**\AppData\Local\Logishrd
[2010.12.28 14:42:04 | 000,000,000 | ---D | C] -- C:\Users\**meinName**\AppData\Roaming\Logishrd
[2010.04.23 18:20:38 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeEF2E.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.20 13:29:07 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.20 12:40:49 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.20 12:40:49 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.20 12:39:44 | 002,077,876 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.01.20 12:39:44 | 000,872,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.01.20 12:39:44 | 000,810,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.01.20 12:39:44 | 000,213,040 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.01.20 12:39:44 | 000,177,806 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.01.20 12:37:58 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\NetSupport Control.lnk
[2011.01.20 12:33:27 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.20 12:33:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.20 12:32:56 | 2137,980,927 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.20 10:22:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011.01.16 16:09:55 | 000,002,052 | -H-- | M] () -- C:\Users\**meinName**\Documents\Default.rdp
[2011.01.14 19:51:45 | 000,021,565 | ---- | M] () -- C:\Users\**meinName**\.recently-used.xbel
[2011.01.14 15:08:08 | 000,002,935 | ---- | M] () -- C:\Users\**meinName**\Desktop\TAPI Services for FRITZ!Box Readme.lnk
[2011.01.13 19:28:24 | 000,000,000 | ---- | M] () -- C:\Users\**meinName**\AppData\Local\debuggee.mdmp
[2011.01.11 09:51:21 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010.12.31 10:25:53 | 000,010,088 | ---- | M] () -- C:\Users\**meinName**\Desktop\Ehlert Schulung.xlsx
[2010.12.30 20:17:16 | 000,000,202 | ---- | M] () -- C:\Users\**meinName**\Desktop\Bearbeiten2
[2010.12.23 15:29:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dlumd9.dll
[2010.12.23 15:29:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd9.dll
[2010.12.23 15:29:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dlumd10.dll
[2010.12.23 15:29:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd10.dll
[2010.12.21 20:31:22 | 000,000,122 | ---- | M] () -- C:\Users\**meinName**\Desktop\Bearbeiten2.bak
 
========== Files Created - No Company Name ==========
 
[2011.01.20 12:37:58 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\NetSupport Control.lnk
[2011.01.20 10:29:23 | 000,036,911 | ---- | C] () -- C:\Windows\SysWow64\pcimsg.dll
[2011.01.14 19:51:45 | 000,021,565 | ---- | C] () -- C:\Users\**meinName**\.recently-used.xbel
[2011.01.14 15:08:08 | 000,002,935 | ---- | C] () -- C:\Users\**meinName**\Desktop\TAPI Services for FRITZ!Box Readme.lnk
[2010.12.23 15:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2010.12.23 15:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd9.dll
[2010.12.23 15:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2010.12.23 15:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd10.dll
[2010.12.21 20:31:21 | 000,000,202 | ---- | C] () -- C:\Users\**meinName**\Desktop\Bearbeiten2
[2010.12.21 20:31:21 | 000,000,122 | ---- | C] () -- C:\Users\**meinName**\Desktop\Bearbeiten2.bak
[2010.11.12 11:15:12 | 000,000,000 | ---- | C] () -- C:\Users\**meinName**\AppData\Local\debuggee.mdmp
[2010.11.10 02:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010.11.10 02:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010.10.25 15:10:28 | 000,000,498 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.10.21 13:30:43 | 000,002,115 | ---- | C] () -- C:\Users\**meinName**\AppData\Roaming\SAS7_000.DAT
[2010.09.23 07:44:33 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.08.25 20:26:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.08 13:52:54 | 000,007,633 | ---- | C] () -- C:\Users\**meinName**\AppData\Local\Resmon.ResmonCfg
[2010.05.29 13:12:54 | 000,003,654 | ---- | C] () -- C:\Windows\SysWow64\drivers\Sonyhcp.dll
[2010.05.21 14:00:48 | 000,018,400 | ---- | C] () -- C:\Users\**meinName**\AppData\Local\psc_634100508489603098.html
[2010.05.12 10:42:00 | 000,016,440 | ---- | C] () -- C:\Users\**meinName**\AppData\Local\psc_634092613209434351.html
[2010.05.12 10:25:35 | 000,016,447 | ---- | C] () -- C:\Users\**meinName**\AppData\Local\psc_634092603357230838.html
[2010.05.11 11:26:52 | 000,014,484 | ---- | C] () -- C:\Users\**meinName**\AppData\Local\psc_634091776123078340.html
[2010.05.11 11:05:49 | 000,014,480 | ---- | C] () -- C:\Users\**meinName**\AppData\Local\psc_634091763490566118.html
[2010.05.11 10:28:20 | 000,014,476 | ---- | C] () -- C:\Users\**meinName**\AppData\Local\psc_634091741004910497.html
[2010.04.23 18:36:29 | 002,098,286 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.23 18:02:59 | 000,011,237 | ---- | C] () -- C:\Users\**meinName**\AppData\Roaming\SmarThruOptions.xml
[2010.04.23 18:02:53 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2010.04.23 18:02:50 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2010.04.23 18:02:49 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2010.04.23 15:22:12 | 000,377,168 | ---- | C] () -- C:\Windows\SysWow64\brcmbsp.dll
[2010.04.23 15:22:06 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2010.04.23 15:13:42 | 001,507,328 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2010.04.23 15:13:42 | 001,101,824 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.07.09 16:23:54 | 000,024,376 | ---- | C] () -- C:\Windows\SysWow64\TALDM32A.dll
[2008.07.09 16:23:52 | 000,052,536 | ---- | C] () -- C:\Windows\SysWow64\TAL12832.DLL
[2008.07.09 16:23:52 | 000,022,832 | ---- | C] () -- C:\Windows\SysWow64\TALDM32.DLL
[2008.07.09 16:23:10 | 000,042,296 | ---- | C] () -- C:\Windows\SysWow64\SBSPAINT.DLL
[2008.07.09 16:23:08 | 000,255,288 | ---- | C] () -- C:\Windows\SysWow64\SBSPAIN3.DLL
[2008.07.09 16:23:06 | 000,050,488 | ---- | C] () -- C:\Windows\SysWow64\SBSPAIN2.DLL
[2008.07.09 16:22:28 | 000,075,576 | ---- | C] () -- C:\Windows\SysWow64\ENCODE32.DLL
[2003.12.08 23:08:20 | 002,539,520 | ---- | C] () -- C:\Windows\SysWow64\Bbgspdf.dll
[2003.12.02 12:39:08 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\InstallPrinter.dll
[2003.01.30 05:04:00 | 000,618,496 | ---- | C] () -- C:\Windows\SysWow64\stlpmt45.dll
[2001.02.14 16:09:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\CHFXGer.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 252 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >
--- --- ---


und Hier der OTL-Extra-Bericht:OTL Logfile:
Code:
OTL Extras logfile created on: 20.01.2011 13:29:44 - Run 1
OTL by OldTimer - Version 3.2.20.2    Folder = C:\Users\**meinName**\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 67,00% Memory free
16,00 Gb Paging File | 13,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200,00 Gb Total Space | 53,78 Gb Free Space | 26,89% Space Free | Partition Type: NTFS
Drive D: | 160,00 Gb Total Space | 74,26 Gb Free Space | 46,41% Space Free | Partition Type: NTFS
Drive E: | 236,08 Gb Total Space | 222,83 Gb Free Space | 94,39% Space Free | Partition Type: NTFS
 
Computer Name: M6400 | User Name: **meinName** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = UltraEdit.html] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.ini [@ = UltraEdit.ini] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
"bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
"bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09821619-C6EE-4E33-BE88-C5CECC9D7259}" = CodeMeter Runtime Kit v4.10c
"{0B4D413C-9E19-4087-AA21-D7BD1A9B3075}" = SQL Server 2008 R2 Common Files
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1A3B22D6-4932-4920-B7D3-7D17D36E9BA4}" = Microsoft SQL Server 2005-Abwärtskompatibilität
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1F0313F5-008A-4BC0-AA0B-6068A8A2E4AE}" = Microsoft Sync Services for ADO.NET v2.0 (x64) de
"{236286C4-3C28-4275-9756-0013EB4D3423}" = SQL Server 2008 R2 Reporting Services
"{2453DBC8-ACC4-4711-BD03-0C15353AA3D8}" = SQL Server 2008 R2 Reporting Services
"{24BB9353-944E-46BC-BBA8-B8F83E8DBB51}" = Microsoft SQL Server 2008 R2-Setup (Deutsch)
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{312E8540-0799-45D5-A02E-DFB8FCA93CCA}" = SQL Server 2008 R2 BI Development Studio
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{3C711911-AC30-4AEF-8BF6-3E9BA0BF0F9C}" = Microsoft Sync Framework Runtime v1.0 (x64) de
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = SQL Server 2008 R2 Database Engine Services
"{45D7270A-B929-4D67-B176-ABC81161B8ED}" = SQL Server 2008 R2 Database Engine Shared
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{62E685A3-1E4F-4A12-B77C-9949DE9E7DFB}" = FRITZ!Fernzugang
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio
"{7754C24B-6908-4DF2-958D-D4A246D8047B}" = SQL Server 2008 R2 BI Development Studio
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8505C641-422E-4E3C-B6B0-0F070E289FDD}" = TAPI Services for FRITZ!Box
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9DFA5914-C275-42E0-810E-C88E46A7F9EA}" = SQL Server 2008 R2 Full text search
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
"{AC888A60-9557-3B74-B52B-F353D01BD544}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - deu
"{ACD875CC-A146-3125-8F99-D3766F46FD86}" = Visual Studio .NET Prerequisites - English
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218
"{BD430C50-784F-32CD-87E7-A8C47EE6107F}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C80F0529-D1D1-4AA2-88F8-BF28118BB9F6}" = Dell 5530 Wireless Broadband Package
"{CB95CD7D-FDCC-449A-86AE-67C257745A0B}" = Microsoft SQL Server 2008 R2 Native Client
"{D39C982F-4FE0-4809-A49F-F156CEC18674}" = DisplayLink Core Software
"{D49B01F1-79D6-4448-916E-152832EC3B64}" = SQL Server 2008 R2 Management Studio
"{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F161E795-1A75-4DBD-AFAE-4980BA7EABDB}" = Dell ControlVault Host Components Installer 64Bit
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F75FFCEC-4807-319D-A186-5117EDFE8115}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"{FBBA9369-3A6B-4EE3-9C53-DA0D29C2FC95}" = Microsoft SQL Server VSS Writer
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows-Treiberpaket - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5)
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-Bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-Bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"NVIDIA Drivers" = NVIDIA Drivers
"nView Desktop Manager" = NVIDIA nView Desktop Manager
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"sp6" = Logitech SetPoint 6.20
"SynTPDeinstKey" = Dell Touchpad
"Ultravnc2_is1" = UltraVNC 1.0.8.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{0536BCDF-7EF6-48F6-8765-A3C065A065A5}" = Microsoft Expression Blend SDK for .NET 4
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1C267DEB-15D0-42C4-BA20-C0333EDF9A18}" = ABB RobotWare 5.12.3023
"{1ED7B9FD-00C9-4974-8F3C-A8F63E67C4C1}" = ABB RobotWare 5.13.1037
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{28FAC14D-695D-3307-AADC-FD40EEFB2574}" = Microsoft Visual Studio 2008 Standard Edition - DEU
"{2AB810A5-4F76-4A6E-B5FD-E67027A2E3DD}" = ABB RobotWare Plastics
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.01
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3522BBFF-73A7-400A-8402-FF96831EBEC3}" = ABB RobotWare 5.13.0225
"{3888A22E-1A9E-4DBE-A93B-42385141F37D}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools DEU
"{3B9F2A30-6230-37E3-A23F-AA996C6EE1F3}" = Microsoft Visual Studio 2008 Shell (integrated mode) - DEU
"{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
"{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148" = Visual C++ 2008 x64 Runtime - v9.0.30729.4148
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4D26B533-269B-4C01-B59E-80A6864824A5}" = Microsoft Expression Encoder 4
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{50ABF86D-0BDB-31AD-97FD-E8A55564EBF9}" = Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6B476007-07E1-48FE-9197-8EAF9A269216}" = cobra Outlook Addin 2010
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78033A38-50E2-4A65-823F-C1B34DF9FE41}" = Microsoft SQL Server 2008 R2-Richtlinien
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{7C668763-D786-460C-8921-079B8954C352}" = Microsoft Expression Studio 3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
"{8343C2D8-09DF-38B3-9D1A-A26148918E45}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{857DA860-472D-483E-AC6E-B9D7DDCDB0BA}" = Microsoft Expression Design 3
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C47092F-B249-43CB-A780-40274329043D}" = eDrawings 2006
"{8DD113A8-811A-404E-A4D7-443D014946AC}" = Microsoft SQL Server Browser
"{8FD0F94D-4594-48A0-BE99-5265367603D8}" = Microsoft Expression Design 4
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A4-0407-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9FFD7E59-7EA4-4D30-98D3-CFB29936BFB8}" = Stampit Home
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A63984E6-B22A-4738-9ACB-3FF4FE447FAB}" = ABB RobotStudio 5.13.02
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC7190A0-EEA1-423C-A531-FCEB4E0EBBB1}" = DWGeditor
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B006B9E9-41DD-4479-9177-3743A53B7735}" = Microsoft Expression Blend 3 SDK
"{B0682940-6FFB-4850-80BA-B2FEF0D64BA8}" = Microsoft Expression Blend SDK for Silverlight 4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C206015D-DAC5-407C-A54B-6D7776A0881C}" = SetIP
"{C3F6EF04-8292-482D-9A2B-47CF5758C8FC}" = Microsoft Expression Studio 4
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software  1.10.13.1
"{CD505398-6AA6-4203-A60D-4E95E40C0752}" = SolidWorks 2006 SP0
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D475588F-91C9-365E-AB40-D588111DD7C4}" = MSDN Library for Visual Studio 2008 - DEU
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DC39A078-4D4C-4EF2-9CAF-69D342D74125}" = Microsoft Sync Framework Runtime v1.0 (x86) de
"{E1023B56-A74E-4FE8-BBBC-19DE287C3964}" = cobra Adress PLUS 2010
"{E1C4F4F3-067B-4E16-87AB-1DF79D287126}" = Microsoft Expression Blend 3
"{E2CBF3FE-A24F-40DF-B25D-8C9E05F0CD63}" = UltraEdit 15.20
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E8D33431-67EA-4DC1-B443-EE989DE532BC}" = Microsoft Sync Framework Services v1.0 (x86) de
"{E8FC40D9-D7E5-49FC-B58C-D366A3F35874}" = Microsoft Expression Encoder 3
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F21D2032-60FE-4729-9C87-46F1615FB965}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7800FC1-6948-4D64-A9BC-3EEDDA408D25}" = Microsoft Expression Blend 4
"{FA6E4D45-51C1-4321-84DE-AA4EDB3C1CA3}" = ABB Mechanical Unit Manager
"{FB847816-1AAC-42C2-8B2D-DE2909B819BA}" = ABB RobotWare 5.13.2039
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FF203294-02C1-4632-832C-762CBD15CF2D}" = Ericsson Wireless Manager
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"ACCON-AGLink" = ACCON-AGLink
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Blend_3.0.1938.0" = Microsoft Expression Blend 3
"Blend_4.0.20621.0" = Microsoft Expression Blend 4
"Design_6.0.1739.0" = Microsoft Expression Design 3
"Design_7.0.20516.0" = Microsoft Expression Design 4
"DevExpress 2010.1 IDETools" = DevExpress 2010.1 IDETools
"ElsterFormular  ***unknown variable buildnummer***" = ElsterFormular
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"Encoder_4.0.1651.0" = Microsoft Expression Encoder 4
"ExpressionStudio_3.0.1064.0" = Microsoft Expression Studio 3
"ExpressionStudio_4.0.20705.0" = Microsoft Expression Studio 4
"FlySpeed SQL Query_is1" = FlySpeed SQL Query 2.7.13.0
"HD Tune_is1" = HD Tune 2.55
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU" = Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Microsoft Visual Studio 2008 Standard Edition - DEU" = Microsoft Visual Studio 2008 Standard Edition - DEU
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Mikogo" = Mikogo
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSDN Library für Visual Studio 2008 - DEU" = MSDN Library für Visual Studio 2008 - DEU
"NetSetMan_is1" = NetSetMan Version 3.1.1
"NetSupport Manager" = NetSupport Manager
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.7
"PNOZmulti Configurator 6.3.0" = PNOZmulti Configurator 6.3.0
"PROR" = Microsoft Office Professional 2007
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"Security Task Manager" = Security Task Manager 1.8c
"SmarThru PC Fax" = SmarThru PC Fax
"Totalcmd" = Total Commander (Remove or Repair)
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VMware_Player" = VMware Player
"Web_3.0.3813.0" = Microsoft Expression Web 3
"Web_4.0.1166.0" = Microsoft Expression Web 4
"WinGimp-2.0_is1" = GIMP 2.6.8
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---


Gruß Mike

cosinus 20.01.2011 14:11
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKLM..\Run: [RestartNeroSetup]  File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.23 17:07:34 | 000,000,000 | ---D | M] - D:\Automation -- [ NTFS ]
O33 - MountPoints2\{22206398-60f8-11df-9ec8-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{22206398-60f8-11df-9ec8-005056c00008}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24721132-5cc5-11df-94ca-0c607690eacf}\Shell - "" = AutoRun
O33 - MountPoints2\{24721132-5cc5-11df-94ca-0c607690eacf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{247211f3-5cc5-11df-94ca-0c607690eacf}\Shell - "" = AutoRun
O33 - MountPoints2\{247211f3-5cc5-11df-94ca-0c607690eacf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2f63126c-5692-11df-9bb3-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2f63126c-5692-11df-9bb3-005056c00008}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2f63128c-5692-11df-9bb3-0c607690eacf}\Shell - "" = AutoRun
O33 - MountPoints2\{2f63128c-5692-11df-9bb3-0c607690eacf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2f6312ab-5692-11df-9bb3-0c607690eacf}\Shell - "" = AutoRun
O33 - MountPoints2\{2f6312ab-5692-11df-9bb3-0c607690eacf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4edc0a0c-624c-11df-9a73-0c607690eacf}\Shell - "" = AutoRun
O33 - MountPoints2\{4edc0a0c-624c-11df-9a73-0c607690eacf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4edc0a1e-624c-11df-9a73-0c607690eacf}\Shell - "" = AutoRun
O33 - MountPoints2\{4edc0a1e-624c-11df-9a73-0c607690eacf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fb90427f-60c4-11df-b6e6-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{fb90427f-60c4-11df-b6e6-005056c00008}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
@Alternate Data Stream - 252 bytes -> C:\ProgramData\TEMP:0FF263E8
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

MikeJ 20.01.2011 14:39
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RestartNeroSetup deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22206398-60f8-11df-9ec8-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22206398-60f8-11df-9ec8-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22206398-60f8-11df-9ec8-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22206398-60f8-11df-9ec8-005056c00008}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24721132-5cc5-11df-94ca-0c607690eacf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24721132-5cc5-11df-94ca-0c607690eacf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24721132-5cc5-11df-94ca-0c607690eacf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24721132-5cc5-11df-94ca-0c607690eacf}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{247211f3-5cc5-11df-94ca-0c607690eacf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{247211f3-5cc5-11df-94ca-0c607690eacf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{247211f3-5cc5-11df-94ca-0c607690eacf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{247211f3-5cc5-11df-94ca-0c607690eacf}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f63126c-5692-11df-9bb3-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f63126c-5692-11df-9bb3-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f63126c-5692-11df-9bb3-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f63126c-5692-11df-9bb3-005056c00008}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f63128c-5692-11df-9bb3-0c607690eacf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f63128c-5692-11df-9bb3-0c607690eacf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f63128c-5692-11df-9bb3-0c607690eacf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f63128c-5692-11df-9bb3-0c607690eacf}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f6312ab-5692-11df-9bb3-0c607690eacf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f6312ab-5692-11df-9bb3-0c607690eacf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f6312ab-5692-11df-9bb3-0c607690eacf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f6312ab-5692-11df-9bb3-0c607690eacf}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4edc0a0c-624c-11df-9a73-0c607690eacf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4edc0a0c-624c-11df-9a73-0c607690eacf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4edc0a0c-624c-11df-9a73-0c607690eacf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4edc0a0c-624c-11df-9a73-0c607690eacf}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4edc0a1e-624c-11df-9a73-0c607690eacf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4edc0a1e-624c-11df-9a73-0c607690eacf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4edc0a1e-624c-11df-9a73-0c607690eacf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4edc0a1e-624c-11df-9a73-0c607690eacf}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb90427f-60c4-11df-b6e6-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb90427f-60c4-11df-b6e6-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb90427f-60c4-11df-b6e6-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb90427f-60c4-11df-b6e6-005056c00008}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
ADS C:\ProgramData\TEMP:0FF263E8 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57482 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ** MeinName **
->Temp folder emptied: 5683056013 bytes
->Temporary Internet Files folder emptied: 129963089 bytes
->Java cache emptied: 4758386 bytes
->FireFox cache emptied: 111507621 bytes
->Flash cache emptied: 18357 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 260594797 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 48128768 bytes

Total Files Cleaned = 5.949,00 mb


OTL by OldTimer - Version 3.2.20.2 log created on 01202011_142940

Files\Folders moved on Reboot...
C:\Users\** MeinName **\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3956.log moved successfully.

Registry entries deleted on Reboot...



Gruß Mike

cosinus 20.01.2011 16:05
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

MikeJ 22.01.2011 14:00
So, hier der Bericht von ComboFix:

Combofix Logfile:
Code:
ComboFix 11-01-21.03 - ** mein Name ** 22.01.2011  13:30:56.1.2 - x64
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.8180.6470 [GMT 1:00]
ausgeführt von:: c:\users\** mein Name **\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpeEF2E.dll
c:\windows\SysWow64\dlumd10.dll
c:\windows\SysWow64\dlumd9.dll

.
(((((((((((((((((((((((  Dateien erstellt von 2010-12-22 bis 2011-01-22  ))))))))))))))))))))))))))))))
.

2011-01-22 12:36 . 2011-01-22 12:36        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-01-22 12:19 . 2011-01-22 12:19        --------        d-----w-        c:\program files\CCleaner
2011-01-21 08:41 . 2011-01-13 10:20        7844688        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B86E31E9-D75D-4384-83F3-133DAE4BFA71}\mpengine.dll
2011-01-20 13:29 . 2011-01-20 13:29        --------        d-----w-        C:\_OTL
2011-01-20 11:37 . 2011-01-20 11:38        --------        d-----w-        c:\program files (x86)\NetSupport Manager
2011-01-20 09:29 . 2003-10-10 07:37        36911        ----a-w-        c:\windows\SysWow64\pcimsg.dll
2011-01-20 09:28 . 2011-01-20 09:28        282756        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-01-20 09:28 . 2011-01-20 09:28        163972        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-01-20 09:28 . 2002-12-05 13:12        692224        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-01-20 09:28 . 2002-12-05 13:10        155648        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-01-20 09:28 . 2002-12-02 14:22        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-01-20 09:28 . 2002-12-02 12:33        57344        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-01-20 09:28 . 2002-12-02 12:33        237568        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-01-20 09:23 . 2011-01-20 09:23        --------        d-----w-        c:\programdata\AVM
2011-01-20 09:19 . 2011-01-20 09:22        --------        d-----w-        c:\program files\FRITZ!Fernzugang
2011-01-20 09:19 . 2011-01-20 09:19        29184        ----a-r-        c:\users\** mein Name **\AppData\Roaming\Microsoft\Installer\{62E685A3-1E4F-4A12-B77C-9949DE9E7DFB}\IconA7C606DF.exe
2011-01-20 07:34 . 2011-01-20 07:34        --------        d-----w-        c:\users\** mein Name **\AppData\Roaming\Malwarebytes
2011-01-20 07:34 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-20 07:34 . 2011-01-20 07:34        --------        d-----w-        c:\programdata\Malwarebytes
2011-01-20 07:34 . 2011-01-20 07:34        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-20 07:34 . 2010-12-20 17:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-01-18 10:40 . 2011-01-18 10:40        --------        d-----w-        c:\program files (x86)\Common Files\cobra
2011-01-18 10:40 . 2011-01-18 10:40        --------        d-----w-        c:\program files (x86)\Common Files\Data Dynamics
2011-01-18 10:40 . 2011-01-18 10:40        --------        d-----w-        c:\program files (x86)\TAPIEx ActiveX Control 3.4
2011-01-17 09:02 . 2011-01-17 09:02        --------        d-----w-        c:\users\** mein Name **\AppData\Local\SnippetEditor
2011-01-14 14:08 . 2011-01-14 14:08        31232        ----a-r-        c:\users\** mein Name **\AppData\Roaming\Microsoft\Installer\{8505C641-422E-4E3C-B6B0-0F070E289FDD}\Icon8505C6411.exe
2011-01-14 14:08 . 2011-01-14 14:08        --------        d-----w-        c:\windows\system32\FBox
2011-01-14 14:08 . 2011-01-14 14:08        --------        d-----w-        c:\program files\Tapi Services for FRITZ!Box
2011-01-14 14:08 . 2011-01-14 14:08        --------        d-----w-        c:\program files (x86)\Common Files\AVM
2011-01-12 10:25 . 2010-10-16 05:17        720896        ----a-w-        c:\windows\system32\odbc32.dll
2011-01-12 10:25 . 2010-10-16 05:16        495616        ----a-w-        c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 10:25 . 2010-10-16 05:16        466944        ----a-w-        c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 10:25 . 2010-10-16 05:16        1425408        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 10:25 . 2010-10-16 05:16        258048        ----a-w-        c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 10:25 . 2010-10-16 04:34        573440        ----a-w-        c:\windows\SysWow64\odbc32.dll
2011-01-12 10:25 . 2010-10-16 04:33        372736        ----a-w-        c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 10:25 . 2010-10-16 04:33        352256        ----a-w-        c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 10:25 . 2010-10-16 04:33        987136        ----a-w-        c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 10:25 . 2010-10-16 04:33        208896        ----a-w-        c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-11 09:33 . 2011-01-11 09:33        --------        d-----w-        c:\program files (x86)\Common Files\ABB Industrial IT
2011-01-10 08:20 . 2011-01-10 08:26        --------        d-----w-        c:\programdata\SecTaskMan
2011-01-10 08:20 . 2011-01-10 08:20        --------        d-----w-        c:\program files (x86)\Security Task Manager
2011-01-03 17:18 . 2011-01-03 17:18        53248        ----a-r-        c:\users\** mein Name **\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-01-03 17:18 . 2011-01-03 17:18        --------        d-----w-        c:\program files\Logitech
2010-12-31 11:29 . 2011-01-17 10:00        --------        d-----w-        c:\programdata\mjSolutions
2010-12-30 11:53 . 2010-12-30 11:53        --------        d-----w-        c:\users\** mein Name **\AppData\Roaming\mj_Solutions
2010-12-28 14:02 . 2011-01-11 08:51        18960        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2010-12-28 13:46 . 2011-01-03 17:18        --------        d-----w-        c:\programdata\LogiShrd
2010-12-28 13:46 . 2010-12-28 13:46        --------        d-----w-        c:\users\** mein Name **\AppData\Local\Logishrd
2010-12-28 13:42 . 2010-12-28 13:42        --------        d-----w-        c:\users\** mein Name **\AppData\Roaming\Logishrd
2010-12-24 11:56 . 2010-12-24 11:56        176488        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin
2010-12-23 14:29 . 2010-12-23 14:29        0        ----a-w-        c:\windows\system32\dlumd9.dll
2010-12-23 14:29 . 2010-12-23 14:29        0        ----a-w-        c:\windows\system32\dlumd10.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-11 09:35 . 2010-07-16 19:23        2382304        ----a-w-        c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll
2010-12-07 15:08 . 2010-12-07 15:08        130560        ----a-w-        c:\windows\system32\avmtfbox.tsp
2010-11-22 10:25 . 2010-04-23 15:01        83120        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-11-10 01:49 . 2010-11-10 01:49        539232        ----a-w-        c:\windows\SysWow64\LVUI2RC.dll
2010-11-10 01:49 . 2010-11-10 01:49        543328        ----a-w-        c:\windows\SysWow64\LVUI2.dll
2010-11-10 01:47 . 2010-11-10 01:47        416352        ----a-w-        c:\windows\SysWow64\lvcodec2.dll
2010-11-10 01:45 . 2010-11-10 01:45        4162784        ----a-w-        c:\windows\system32\drivers\lvuvc64.sys
2010-11-10 01:45 . 2010-11-10 01:45        559712        ----a-w-        c:\windows\system32\LVUIRC64.dll
2010-11-10 01:45 . 2010-11-10 01:45        102744        ----a-w-        c:\windows\SysWow64\LogiDPPApp.exe
2010-11-10 01:45 . 2010-11-10 01:45        102744        ----a-w-        c:\windows\system32\LogiDPPApp.exe
2010-11-10 01:45 . 2010-11-10 01:45        10871128        ----a-w-        c:\windows\SysWow64\LogiDPP.dll
2010-11-10 01:45 . 2010-11-10 01:45        10871128        ----a-w-        c:\windows\system32\LogiDPP.dll
2010-11-10 01:45 . 2010-11-10 01:45        316248        ----a-w-        c:\windows\SysWow64\DevManagerCore.dll
2010-11-10 01:45 . 2010-11-10 01:45        316248        ----a-w-        c:\windows\system32\DevManagerCore.dll
2010-11-10 01:45 . 2010-11-10 01:45        767584        ----a-w-        c:\windows\system32\LVUI64.dll
2010-11-10 01:44 . 2010-11-10 01:44        341856        ----a-w-        c:\windows\system32\drivers\lvrs64.sys
2010-11-10 01:43 . 2010-11-10 01:43        259680        ----a-w-        c:\windows\system32\lvco13101216.dll
2010-11-10 01:43 . 2010-11-10 01:43        400480        ----a-w-        c:\windows\system32\lvcod64.dll
2010-11-10 01:32 . 2010-11-10 01:32        38238        ----a-w-        c:\windows\system32\Repository.reg
2010-11-06 10:08 . 2010-05-29 12:01        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-11-06 10:08 . 2010-05-29 12:01        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-11-04 06:35 . 2010-12-17 08:27        1194496        ----a-w-        c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-17 08:27        57856        ----a-w-        c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-17 08:27        978944        ----a-w-        c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-17 08:27        44544        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-17 08:27        482816        ----a-w-        c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-17 08:27        386048        ----a-w-        c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-17 08:27        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-17 08:27        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-17 08:27        524288        ----a-w-        c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-17 08:27        1169408        ----a-w-        c:\windows\system32\taskschd.dll
2010-11-02 05:17 . 2010-12-17 08:27        473600        ----a-w-        c:\windows\system32\taskcomp.dll
2010-11-02 05:16 . 2010-12-17 08:27        1114624        ----a-w-        c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-17 08:27        464384        ----a-w-        c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-17 08:27        285696        ----a-w-        c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-17 08:27        496128        ----a-w-        c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-17 08:27        305152        ----a-w-        c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-17 08:27        192000        ----a-w-        c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-17 08:27        179712        ----a-w-        c:\windows\SysWow64\schtasks.exe
2010-10-27 05:06 . 2010-12-17 08:27        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-17 08:27        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"phonostarTimer"="c:\program files (x86)\phonostar-Player\phonostarTimer.exe" [2010-04-01 39936]
"STAMPIT-Tray"="c:\program files (x86)\STAMPIT\Binary\Stray.exe" [2008-07-09 83248]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Sony Ericsson PC Suite"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"NetSetMan"="c:\program files (x86)\NetSetMan\netsetman.exe" [2010-12-06 3647752]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-29 222496]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"ICQ"="c:\program files (x86)\ICQ7.0\ICQ.exe" [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5141512]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-12-09 606208]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-01-22 64048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2010-1-13 6352896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 136176]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 acpials;ALS-Sensorfilter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
R3 dlsusb;dlsusb;c:\windows\system32\DRIVERS\dlsusb.sys [2010-06-29 113936]
R3 hwmassfilter;HUAWEI Mass Storage Filter Driver;c:\windows\system32\DRIVERS\ewmassfilter.sys [2009-06-26 10240]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-07-27 271712]
R3 RobComCtrlServer;ABB Industrial Robot Communication Server;c:\program files (x86)\Common Files\ABB Industrial IT\Robotics IT\RobAPI\RobComCtrlServer.exe [2010-10-12 255816]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2009-09-23 12800]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$SQL2008EXPRESS;SQL Server-Agent (SQL2008EXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008EXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2010-03-23 13936]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-04-23 1477728]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2009-01-16 20480]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe [2009-03-02 89600]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-04-23 2480048]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-11-02 403624]
S2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\program files\FRITZ!Fernzugang\avmike.exe [2010-03-30 335224]
S2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\program files\FRITZ!Fernzugang\certsrv.exe [2010-03-30 143224]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2010-01-14 1738048]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-06-26 1040232]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-06-26 31080]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2010-03-23 8610664]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-29 296808]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2009-07-12 50688]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2009-10-01 948224]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2009-07-12 690688]
S2 MSSQL$SQL2008EXPRESS;SQL Server (SQL2008EXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008EXPRESS\MSSQL\Binn\sqlservr.exe [2010-04-03 61913952]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-05-14 4901888]
S2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\program files\FRITZ!Fernzugang\nwtsrv.exe [2010-03-30 189304]
S2 ReportServer$SQL2008EXPRESS;SQL Server Reporting Services (SQL2008EXPRESS);c:\program files\Microsoft SQL Server\MSRS10_50.SQL2008EXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2010-04-03 2175328]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-10-22 11576]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-01-22 80944]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-22 563760]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-04-23 252512]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-02 35104]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-06-26 38440]
S3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\DRIVERS\d553bus.sys [2008-12-19 325120]
S3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\DRIVERS\d553card.sys [2008-12-19 378368]
S3 d553gps;Dell Wireless 5530 HSPA Mobile Broadband Minicard GPS Port;c:\windows\system32\DRIVERS\d553gps64.sys [2009-01-08 88104]
S3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\DRIVERS\d553mdfl.sys [2008-12-19 19456]
S3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\DRIVERS\d553mdfl2.sys [2008-12-19 19456]
S3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\DRIVERS\d553mdm.sys [2008-12-19 422912]
S3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\DRIVERS\d553mdm2.sys [2008-12-19 474112]
S3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\DRIVERS\d553nd5.sys [2008-12-19 34816]
S3 d553scard;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\DRIVERS\d553scard.sys [2009-04-06 57896]
S3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\DRIVERS\d553unic.sys [2008-12-19 431104]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.24075.0.sys [2010-03-23 17408]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2010-03-23 185968]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-11-10 341856]
S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784]
S3 MSSQLFDLauncher$SQL2008EXPRESS;SQL Full-text Filter Daemon Launcher (SQL2008EXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008EXPRESS\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
S3 NWIM;AVM VPN Miniport;c:\windows\system32\DRIVERS\avmnwim.sys [2010-03-30 412024]
S3 RobNetScanHost;ABB Industrial Robot Discovery Server;c:\program files (x86)\Common Files\ABB Industrial IT\Robotics IT\RobAPI\RobNetScanHost.exe [2010-10-12 103240]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 06:36]

2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 06:36]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-06-10 1712672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 16329760]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 93728]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-31 450048]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-10-01 5107712]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362952]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: SmarThru4 Als HTML speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Auswahl erfassen - c:\program files (x86)\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Markierten Text speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\WebCapture.dll
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\users\** mein Name **\AppData\Roaming\Mozilla\Firefox\Profiles\ngdrffd1.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org
FF - Ext: German Dictionary: de-DE@dictionaries.addons.mozilla.org - %profile%\extensions\de-DE@dictionaries.addons.mozilla.org
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-01-22  13:38:47
ComboFix-quarantined-files.txt  2011-01-22 12:38

Vor Suchlauf: 15 Verzeichnis(se), 66.718.412.800 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 66.346.024.960 Bytes frei

- - End Of File - - 87EFA487DC5D3928597C62AF561EE4DD
--- --- ---


Gruß Mike

cosinus 22.01.2011 14:06
Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

MikeJ 22.01.2011 19:26
Hi

hier der GMR Bericht:
GMER Logfile:
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-22 19:22:23
Windows 6.1.7600 
Running: h58doeq3.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607690eacf                                                                                                                                                                     
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607690eacf@0023f1c152ee                                                                                                                                                          0x8F 0x36 0xB0 0x1C ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607690eacf (not active ControlSet)                                                                                                                                                 
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607690eacf@0023f1c152ee                                                                                                                                                              0x8F 0x36 0xB0 0x1C ...
Reg  HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Michael Junge\Downloads\O\xb2 Surfstick\surfstick-treiber-alle-modelle\DriverSetup.exe                                                1
Reg  HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Michael Junge\Downloads\O\xb2 Surfstick\2010\windows-hotfix\Hotfix_0004\Huawei USB Modem Win7 Hotfix_0004.exe                        1
Reg  HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Michael Junge\Downloads\O\xb2 Surfstick\2010\laptop-card-surfstick-treiber-alle-modelle\DriverSetup.exe                              1
Reg  HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Michael Junge\Downloads\O\xb2 Surfstick\2010\windows-hotfix\Huawei USB Modem Win7 Hotfix_0004.exe                                    1
Reg  HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Michael Junge\Downloads\O\xb2 Surfstick\2010\connection-manager-win-update3.5(2)\upload_o2upload_Mobile_Connection_Manager_RC3.5.exe  1
Reg  HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Michael Junge\Downloads\O\xb2 Surfstick\2010\laptop-card-surfstick-treiber-alle-modelle\DriverUninstall.exe                          1

---- EOF - GMER 1.0.15 ----
--- --- ---


und hier der MBR-Check

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Precision M6400
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 254):
0x03202000 \SystemRoot\system32\ntoskrnl.exe
0x037DE000 \SystemRoot\system32\hal.dll
0x00B9B000 \SystemRoot\system32\kdcom.dll
0x00C43000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C87000 \SystemRoot\system32\PSHED.dll
0x00C9B000 \SystemRoot\system32\CLFS.SYS
0x00CF9000 \SystemRoot\system32\CI.dll
0x00E42000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EE6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EF5000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F4C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F55000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F5F000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F92000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F9F000 \SystemRoot\System32\drivers\partmgr.sys
0x00FB4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FBD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FC9000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x01064000 \SystemRoot\System32\drivers\volmgrx.sys
0x010C0000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x010F9000 \SystemRoot\System32\drivers\mountmgr.sys
0x01296000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x01462000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0157E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01589000 \SystemRoot\system32\drivers\fltmgr.sys
0x015D5000 \SystemRoot\system32\drivers\fileinfo.sys
0x01603000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01400000 \SystemRoot\System32\Drivers\msrpc.sys
0x017A6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01200000 \SystemRoot\System32\Drivers\cng.sys
0x017C0000 \SystemRoot\System32\drivers\pcw.sys
0x017D1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01884000 \SystemRoot\system32\drivers\ndis.sys
0x01976000 \SystemRoot\system32\drivers\NETIO.SYS
0x01800000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A03000 \SystemRoot\System32\drivers\tcpip.sys
0x0182B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01113000 \SystemRoot\system32\DRIVERS\timntr.sys
0x019D6000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x013B4000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01C7F000 \SystemRoot\system32\DRIVERS\tdrpm258.sys
0x01DEB000 \SystemRoot\System32\Drivers\spldr.sys
0x01C00000 \SystemRoot\system32\DRIVERS\snapman.sys
0x01C44000 \SystemRoot\System32\drivers\rdyboost.sys
0x01DF3000 \SystemRoot\system32\DRIVERS\PBADRV64.sys
0x019E6000 \SystemRoot\System32\Drivers\mup.sys
0x01875000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01000000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019F8000 \SystemRoot\system32\drivers\dlkmdldr.sys
0x017DB000 \SystemRoot\system32\DRIVERS\disk.sys
0x00E00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x03F48000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03F72000 \SystemRoot\System32\Drivers\Null.SYS
0x03F7B000 \SystemRoot\System32\Drivers\Beep.SYS
0x03F82000 \SystemRoot\System32\drivers\vga.sys
0x03F90000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03FB5000 \SystemRoot\System32\drivers\watchdog.sys
0x03FC5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03FCE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03FD7000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03FE0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03FEB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01273000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03E00000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0408C000 \SystemRoot\system32\drivers\afd.sys
0x04116000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0415B000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x04166000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0416F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04195000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x041AB000 \SystemRoot\system32\DRIVERS\vfilter.sys
0x041B5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x041C4000 \SystemRoot\system32\DRIVERS\serial.sys
0x041E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04000000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04014000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04065000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04071000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0407C000 \SystemRoot\System32\drivers\discache.sys
0x04257000 \SystemRoot\system32\drivers\csc.sys
0x042DA000 \SystemRoot\System32\Drivers\dfsc.sys
0x042F8000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04309000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x0432B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04CE7000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x057DF000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04C00000 \SystemRoot\system32\drivers\dlkmd.sys
0x044E7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04400000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04446000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04453000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x044A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x044BA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x046AB000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x04986000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04993000 \SystemRoot\system32\DRIVERS\b57nd60a.sys
0x04600000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x0463E000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x0465E000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x04674000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x04C4A000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x0468B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04351000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x046A9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x049E1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x049F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x045DB000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x045E6000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04CA1000 \SystemRoot\system32\DRIVERS\parport.sys
0x045F2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x045F7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04CBE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05C8A000 \SystemRoot\system32\DRIVERS\avmnwim.sys
0x05CF4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05D04000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05D1A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05D3E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05D4A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05D79000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05D94000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05DB5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05DCF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x05DDA000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x05DE6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05C00000 \SystemRoot\system32\DRIVERS\ks.sys
0x05C43000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05C55000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0x05C5D000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x0439C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05C67000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06A23000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x06A9E000 \SystemRoot\system32\DRIVERS\portcls.sys
0x06ADB000 \SystemRoot\system32\DRIVERS\drmk.sys
0x06AFD000 \SystemRoot\system32\drivers\ksthunk.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x06B03000 \SystemRoot\System32\drivers\Dxapi.sys
0x06B0F000 \SystemRoot\system32\DRIVERS\d553bus.sys
0x06B61000 \SystemRoot\system32\DRIVERS\d553wh.sys
0x06B6A000 \SystemRoot\system32\DRIVERS\d553mdm.sys
0x06BD4000 \SystemRoot\system32\DRIVERS\d553cm.sys
0x06BDC000 \SystemRoot\system32\drivers\modem.sys
0x06BEB000 \SystemRoot\system32\DRIVERS\d553mdfl.sys
0x03E0D000 \SystemRoot\system32\DRIVERS\d553mdm2.sys
0x06BF3000 \SystemRoot\system32\DRIVERS\d553mdfl2.sys
0x03E83000 \SystemRoot\system32\DRIVERS\d553card.sys
0x06A00000 \SystemRoot\system32\DRIVERS\d553scard.sys
0x06A13000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x05C7C000 \SystemRoot\System32\DRIVERS\scfilter.sys
0x022E9000 \SystemRoot\system32\DRIVERS\d553unic.sys
0x02355000 \SystemRoot\system32\DRIVERS\d553cr.sys
0x0235E000 \SystemRoot\system32\DRIVERS\d553gps64.sys
0x02378000 \SystemRoot\system32\DRIVERS\d553nd5.sys
0x02384000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x02392000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x023AB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x023B4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x023C2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x023CF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x023DD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02200000 \SystemRoot\System32\Drivers\cvusbdrv.sys
0x02250000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04A89000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x04BA5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00420000 \SystemRoot\System32\TSDDD.dll
0x04BB8000 \SystemRoot\system32\drivers\luafv.sys
0x04BDB000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x04A00000 \SystemRoot\system32\drivers\WudfPf.sys
0x07C09000 \SystemRoot\system32\DRIVERS\lvuvc64.sys
0x04A21000 \SystemRoot\system32\drivers\usbaudio.sys
0x007B0000 \SystemRoot\System32\cdd.dll
0x0225E000 \SystemRoot\system32\DRIVERS\lvrs64.sys
0x07C00000 \SystemRoot\system32\DRIVERS\DisplayLinkUsbPort_5.2.24075.0.sys
0x04A3C000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x04A51000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x04A65000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x022B0000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x04A76000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x0220E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04200000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02223000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02236000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x088A5000 \SystemRoot\system32\drivers\HTTP.sys
0x0896D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0898B000 \SystemRoot\System32\drivers\mpsdrv.sys
0x089A3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0884E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08871000 \??\C:\Windows\system32\drivers\hcmon.sys
0x0887D000 \??\C:\Windows\system32\drivers\vmci.sys
0x08895000 \??\C:\Windows\system32\drivers\VMparport.sys
0x08C79000 \??\C:\Windows\system32\drivers\vmx86.sys
0x08D4F000 \SystemRoot\system32\DRIVERS\afcdp.sys
0x08D8F000 \??\C:\Windows\system32\Drivers\DgiVecp.sys
0x08D9F000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x09EB7000 \SystemRoot\System32\Drivers\bthport.sys
0x09F43000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x09F6F000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x09F7F000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x09F9F000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x09E00000 \SystemRoot\system32\drivers\peauth.sys
0x0A46C000 \SystemRoot\system32\DRIVERS\btwavdt.sys
0x0A4E7000 \SystemRoot\system32\drivers\btwaudio.sys
0x0A56D000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x0A579000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x0A57D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0A588000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0A5B5000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0x0A5BD000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0A5CF000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0x0A5D9000 \??\C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
0x0A400000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0AEDF000 \SystemRoot\System32\DRIVERS\srv.sys
0x0AF75000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x0AFEF000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x76F60000 \Windows\System32\ntdll.dll
0x478B0000 \Windows\System32\smss.exe
0xFF280000 \Windows\System32\apisetschema.dll
0xFF160000 \Windows\System32\autochk.exe
0xFF1D0000 \Windows\System32\comdlg32.dll
0xFF0A0000 \Windows\System32\wininet.dll
0xFF020000 \Windows\System32\difxapi.dll
0xFEFA0000 \Windows\System32\shlwapi.dll
0x77130000 \Windows\System32\psapi.dll
0xFEF50000 \Windows\System32\Wldap32.dll
0x76E60000 \Windows\System32\user32.dll
0xFEF00000 \Windows\System32\ws2_32.dll
0xFEE60000 \Windows\System32\clbcatq.dll
0xFEC50000 \Windows\System32\ole32.dll
0xFEAD0000 \Windows\System32\urlmon.dll
0xFE9F0000 \Windows\System32\advapi32.dll
0xFE9C0000 \Windows\System32\imm32.dll
0xFE920000 \Windows\System32\msvcrt.dll
0xFE900000 \Windows\System32\imagehlp.dll
0xFE6A0000 \Windows\System32\iertutil.dll
0xFD910000 \Windows\System32\shell32.dll
0xFD840000 \Windows\System32\usp10.dll
0xFD830000 \Windows\System32\nsi.dll
0xFD700000 \Windows\System32\rpcrt4.dll
0xFD5F0000 \Windows\System32\msctf.dll
0xFD510000 \Windows\System32\oleaut32.dll
0xFD500000 \Windows\System32\lpk.dll
0xFD4E0000 \Windows\System32\sechost.dll
0xFD470000 \Windows\System32\gdi32.dll
0xFD290000 \Windows\System32\setupapi.dll
0x76D40000 \Windows\System32\kernel32.dll
0x77120000 \Windows\System32\normaliz.dll
0xFD250000 \Windows\System32\cfgmgr32.dll
0xFD1E0000 \Windows\System32\KernelBase.dll
0xFD070000 \Windows\System32\crypt32.dll
0xFCFD0000 \Windows\System32\comctl32.dll
0xFCFB0000 \Windows\System32\devobj.dll
0xFCF70000 \Windows\System32\wintrust.dll
0xFCF60000 \Windows\System32\msasn1.dll
0x74DC0000 \Windows\SysWOW64\normaliz.dll

Processes (total 120):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
692 csrss.exe
752 C:\Windows\System32\wininit.exe
764 csrss.exe
800 C:\Windows\System32\services.exe
824 C:\Windows\System32\lsass.exe
832 C:\Windows\System32\lsm.exe
940 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\nvvsvc.exe
528 C:\Windows\System32\svchost.exe
608 C:\Windows\System32\svchost.exe
668 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\svchost.exe
1320 C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
1360 C:\Windows\System32\winlogon.exe
1452 C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
1548 WUDFHost.exe
1652 C:\Windows\System32\svchost.exe
1820 C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
1832 C:\Windows\System32\wlanext.exe
1840 C:\Windows\System32\conhost.exe
1880 C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
1956 C:\Windows\System32\spoolsv.exe
1988 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
2008 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
2028 C:\Windows\System32\svchost.exe
1272 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1484 C:\Windows\System32\svchost.exe
2120 C:\Windows\System32\nvvsvc.exe
2148 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2332 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe
2360 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2396 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
2424 C:\Windows\System32\svchost.exe
2484 C:\Program Files\FRITZ!Fernzugang\avmike.exe
2508 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2516 C:\Windows\System32\conhost.exe
2576 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2636 C:\Program Files\FRITZ!Fernzugang\certsrv.exe
2664 C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
2716 C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
2740 C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
2896 C:\Program Files\ShrewSoft\VPN Client\iked.exe
2928 C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2976 C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008EXPRESS\MSSQL\Binn\sqlservr.exe
3008 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
1148 C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
1800 C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
2272 C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
1672 C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
2880 C:\Windows\System32\WerFault.exe
3196 C:\Program Files\Microsoft SQL Server\MSRS10_50.SQL2008EXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
3328 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
3360 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3388 C:\Windows\System32\svchost.exe
3444 C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
3504 C:\Windows\SysWOW64\vmnat.exe
3532 C:\Windows\System32\svchost.exe
3560 C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
3580 C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
3608 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3716 C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
3836 C:\Windows\SysWOW64\vmnetdhcp.exe
3900 C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008EXPRESS\MSSQL\Binn\fdlauncher.exe
4252 C:\Windows\System32\svchost.exe
4288 C:\Windows\System32\svchost.exe
4360 C:\Windows\System32\svchost.exe
4460 C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008EXPRESS\MSSQL\Binn\fdhost.exe
4508 conhost.exe
4684 WmiPrvSE.exe
4156 C:\Program Files\Windows Media Player\wmpnetwk.exe
3728 C:\Windows\System32\SearchIndexer.exe
4128 C:\Windows\servicing\TrustedInstaller.exe
4660 C:\Windows\System32\taskhost.exe
3876 C:\Windows\System32\dwm.exe
3064 C:\Windows\explorer.exe
3760 C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
2908 C:\Windows\System32\rundll32.exe
688 C:\Program Files\IDT\WDM\sttray64.exe
3688 C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
1056 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1052 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2300 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
4636 C:\Program Files\Logitech\SetPointP\SetPoint.exe
2108 C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
4876 C:\Program Files (x86)\STAMPIT\Binary\STRAY.EXE
2228 C:\Program Files (x86)\Windows Sidebar\sidebar.exe
3800 C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
3028 C:\Windows\System32\audiodg.exe
4708 C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
5216 C:\Program Files (x86)\Skype\Phone\Skype.exe
5260 C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
5276 C:\Program Files (x86)\ICQ7.0\ICQ.exe
5360 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
5388 C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
5464 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5536 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
5712 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
5736 C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
5776 C:\Windows\Samsung\PanelMgr\SSMMgr.exe
5796 C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
5812 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
5652 C:\Windows\Samsung\PanelMgr\caller64.exe
2268 C:\Program Files (x86)\NetSetMan\netsetman.exe
5432 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
6748 C:\Windows\System32\svchost.exe
6844 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
7792 C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
7604 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
7044 C:\Windows\System32\SearchProtocolHost.exe
8084 C:\Windows\System32\SearchFilterHost.exe
3668 MpCmdRun.exe
4452 dllhost.exe
3732 dllhost.exe
4628 C:\Users\**meinName**\Downloads\MBRCheck.exe
7800 C:\Windows\System32\conhost.exe
6676 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000032`06500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000005a`06500000 (NTFS)

PhysicalDrive0 Model Number: ôø€ÿÿ

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

cosinus 24.01.2011 09:22
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

MikeJ 09.02.2011 21:05
Hi,

sorry, dass ich mich erst jetzt wieder melde - meine aktuellen Arbeitszeiten sind nicht gerade "Benutzerfreundlich" :-)

Den letzten Scann konnte ich mangels Zeit noch nicht ausführen, jedoch ist mir aufgefallen, das mein Problem seit beginn der "Säuberungsaktion" nicht mehr aufgetreten ist.
Allerdings bin ich auch seit diesem Zeitpunkt nicht mehr im Büro gewesen, was heißt:
- Notebook nicht mehr an Docking-Station
- keine Externe Tastatur mehr
- andere Maus
- plus weitere Peripherie die "fehlt"

Wenn sich nicht´s ändert komme ich ende Februar wieder ins Büro - dann werde ich sehen ob´s wirklich behoben ist, oder ob´s an der Peripherie liegt.

Ich werde auf jeden Fall berichten.
Bis dahin schon mal vielen Dank für die geleistete Hilfe!

Gruß Mike


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19