Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Nach vermeindlichen Java-Update: Dokumente aus Ordnern gelöscht? (https://www.trojaner-board.de/122756-vermeindlichen-java-update-dokumente-ordnern-geloescht.html)

relfiewz 25.08.2012 11:53
Nach vermeindlichen Java-Update: Dokumente aus Ordnern gelöscht?
 
Hallo Forengemeinde,

ich habe leider im Thema "Anleitungen, FAQs & Links" keine Beschreibung gefunden, welche exakt auf das vorliegende Problem passt, daher hoffe ich, dass mir jemand anhand der Logfiles weiterhelfen kann. Meine liebe Mutter hat diese Woche versucht irgendein vermeindliches Java-Update zu installieren. Anschließend (nach einem Neustart) waren jedoch alle ihre Datein aus ihren Ordnern gelöscht, welche sie direkt auf dem Desktop angelegt hat. In der Folge hat sie (leider) noch selbst versucht da etwas wieder herzustellen, indem sie u.a. die Daten aus dem Papierkorb wiederhergestellt und mit Avira einen Scan ausgeführt hat. Die erhofften Dokumente sind aber weiterhin nicht sichtbar. Ich war dabei selbst nicht anwesend und kann daher nicht genauer beschreiben, welche Meldungen erschienen sind und was evtl. noch gelaufen ist. Das erschwert mir auch etwas die Suche noch vergleichbaren Problemen.

Dummerweise ist das letzte Backup, welches ich für sie erstellt habe vom Mai diesen Jahres, daher hoffe ich, dass man evtl. noch irgendwie die Daten retten kann. Das Bereinigen des Systems wäre für mich sekundär, da ich vermute, dass eine Neuinstallation weniger zeitaufwendig wäre.

Nun aber zu den Logfiles etc., die Anleitung habe ich abgearbeitet, denke ich:

OTL Logfile:
Code:
OTL logfile created on: 25.08.2012 11:46:02 - Run 1
OTL by OldTimer - Version 3.2.58.1    Folder = D:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 58,11% Memory free
3,75 Gb Paging File | 2,73 Gb Available in Paging File | 72,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,30 Gb Total Space | 3,28 Gb Free Space | 11,19% Space Free | Partition Type: NTFS
Drive D: | 119,65 Gb Total Space | 119,16 Gb Free Space | 99,59% Space Free | Partition Type: NTFS
Drive E: | 262,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PC_AE | User Name: Annette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.25 11:45:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
PRC - [2012.08.08 09:08:29 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 09:56:04 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 09:56:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.05.21 00:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009.11.20 16:55:51 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
PRC - [2009.06.23 17:43:40 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Annette\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
PRC - [2008.11.03 14:21:30 | 000,339,240 | ---- | M] (Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 08:57:49 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll
MOD - [2012.06.14 08:53:41 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.14 08:53:13 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 08:53:05 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.14 09:31:53 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.14 09:31:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.14 09:31:48 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.14 09:31:40 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.15 11:48:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 09:56:04 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 09:56:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 09:56:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 09:56:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.12.13 12:28:20 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?rls=ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 F0 A5 37 F4 69 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKCU\..\SearchScopes\{836EE462-DFDA-4CC8-AD48-06002121558A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=2C7DE87B-3D20-46D5-95B4-0F3E02162D41&apn_sauid=DEB8C006-48DD-4664-B3BF-0C9B8960B199&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?rls=ig"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.22 13:17:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.08.22 13:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annette\AppData\Roaming\mozilla\Extensions
[2012.04.02 09:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.04.02 09:37:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.08.12 08:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [Zoicdir] C:\Users\Annette\AppData\Roaming\Bagiag\edbir.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91EE7D34-39F4-4768-9A82-39E972692B53}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Filter\x-sdch - No CLSID value found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4e3c583b-9564-11df-b322-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{4e3c583b-9564-11df-b322-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{50b70ae8-d5e5-11de-9f34-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{50b70ae8-d5e5-11de-9f34-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{50b70aeb-d5e5-11de-9f34-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{50b70aeb-d5e5-11de-9f34-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{532959fb-d024-11de-ab6f-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{532959fb-d024-11de-ab6f-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{53295a00-d024-11de-ab6f-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{53295a00-d024-11de-ab6f-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{76f3912f-d5a5-11de-94da-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{76f3912f-d5a5-11de-94da-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{b2223ce1-7cfd-11df-808c-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{b2223ce1-7cfd-11df-808c-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.25 11:45:04 | 000,596,480 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.08.25 11:04:18 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.08.23 08:15:33 | 000,000,000 | ---D | C] -- D:\Desktop\SAB
[2012.08.23 08:15:33 | 000,000,000 | ---D | C] -- D:\Desktop\Finanzamt
[2012.08.22 14:50:26 | 000,000,000 | ---D | C] -- C:\Users\Annette\AppData\Roaming\Zuihit
[2012.08.22 14:50:26 | 000,000,000 | ---D | C] -- C:\Users\Annette\AppData\Roaming\Noyvpo
[2012.08.22 14:50:26 | 000,000,000 | ---D | C] -- C:\Users\Annette\AppData\Roaming\Bagiag
[2012.08.21 08:23:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.25 11:48:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.25 11:45:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.08.25 11:44:17 | 000,000,000 | ---- | M] () -- C:\Users\Annette\defogger_reenable
[2012.08.25 11:39:45 | 000,015,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.25 11:39:45 | 000,015,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.25 11:32:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.25 11:32:16 | 1508,761,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.21 08:23:47 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.08.15 15:28:09 | 000,301,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.01 08:32:15 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.01 08:32:15 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.01 08:32:15 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.01 08:32:15 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.01 08:32:15 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2012.08.25 11:44:17 | 000,000,000 | ---- | C] () -- C:\Users\Annette\defogger_reenable
 
========== LOP Check ==========
 
[2012.08.25 13:27:32 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Bagiag
[2009.11.13 16:02:21 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Bytemobile
[2012.05.14 12:37:58 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Canon
[2009.10.18 14:35:17 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Foxit
[2009.11.20 17:48:44 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Foxit Software
[2009.11.13 16:16:51 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\HCM Updater
[2009.11.02 19:18:08 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Lexware
[2012.08.22 14:50:26 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Noyvpo
[2009.10.23 11:54:15 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\OpenOffice.org
[2009.11.20 16:55:49 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\T-Mobile
[2009.11.20 17:29:31 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\T-Mobile Internet Manager
[2012.08.23 08:44:12 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Zuihit
[2012.06.01 09:26:31 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 25.08.2012 11:46:02 - Run 1
OTL by OldTimer - Version 3.2.58.1    Folder = D:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 58,11% Memory free
3,75 Gb Paging File | 2,73 Gb Available in Paging File | 72,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,30 Gb Total Space | 3,28 Gb Free Space | 11,19% Space Free | Partition Type: NTFS
Drive D: | 119,65 Gb Total Space | 119,16 Gb Free Space | 99,59% Space Free | Partition Type: NTFS
Drive E: | 262,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PC_AE | User Name: Annette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{099D9A07-22C0-4F1B-BEAB-4DE9AFD46D5B}" = rport=445 | protocol=6 | dir=out | app=system |
"{0A9D5FD5-7615-4B2F-AED0-589E4A343EA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{273849AD-62A5-43A6-8B3E-0A9EA4009999}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4735883E-3197-493E-84D7-A2B0CE6A2E3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54128BAC-177E-4D0F-BA70-41DE138D33A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{563291E6-D5A7-4858-A582-9BF325ABE359}" = lport=139 | protocol=6 | dir=in | app=system |
"{6C72DD9E-E25B-479A-8EA4-C05395A97153}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8D5B2965-7C06-4B4B-A026-41DE2E2399E3}" = lport=138 | protocol=17 | dir=in | app=system |
"{929E708F-5D4D-41BC-A6B5-2379EFBA68C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{943A908E-02F7-40DC-B254-CAA94FE12959}" = rport=139 | protocol=6 | dir=out | app=system |
"{B78314E7-B5EE-4396-A802-F7B926FC4AD0}" = rport=138 | protocol=17 | dir=out | app=system |
"{C6739EB1-21EC-4806-97E5-D8FF81D955C5}" = lport=445 | protocol=6 | dir=in | app=system |
"{D7E0C6FA-45BA-498F-ADF0-475BC23511AA}" = rport=137 | protocol=17 | dir=out | app=system |
"{E4EAB5CD-21B5-4998-8C29-37163FADD486}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E7BFB3C-D9F1-4829-BF73-E2803D732AD8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C7B26F70-5E50-4E7D-AADE-2B0FB276B085}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EAC36FE9-EFF0-4DB5-ADD2-08296C47C701}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F4855723-025E-4D83-8037-50DD260D25B3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{10E89117-A381-4224-A243-C25FE10399E6}C:\users\annette\appdata\roaming\bagiag\edbir.exe" = protocol=6 | dir=in | app=c:\users\annette\appdata\roaming\bagiag\edbir.exe |
"TCP Query User{1F26F0BE-8C81-45B8-BAB7-635A3017ABAB}C:\users\annette\appdata\roaming\bagiag\edbir.exe" = protocol=6 | dir=in | app=c:\users\annette\appdata\roaming\bagiag\edbir.exe |
"UDP Query User{00F1FE67-7983-4522-9545-BB8CA04658D0}C:\users\annette\appdata\roaming\bagiag\edbir.exe" = protocol=17 | dir=in | app=c:\users\annette\appdata\roaming\bagiag\edbir.exe |
"UDP Query User{9BA463FF-3A53-46EF-A976-C27D1C8460EB}C:\users\annette\appdata\roaming\bagiag\edbir.exe" = protocol=17 | dir=in | app=c:\users\annette\appdata\roaming\bagiag\edbir.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series" = Canon MX330 series MP Drivers
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{225C12AE-BB37-4EE3-8935-583E2F0E6644}" = Lexware reisekosten 2009
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5E0FB219-2A76-448B-997D-4308C4288026}" = Lexware büro easy 2010
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{6C35CAC7-27C9-4CB0-BBB8-CBF9994215DA}" = Lexware online banking
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8940A440-4D53-4CCF-B9AE-5D59FB71DDF6}" = Lexware reisekosten 2009
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{A076D6DF-2D6F-4c50-B032-700A924AA6D1}" = Lexware Abschreibungsrechner
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{DEBC6EBF-FF7A-4E30-9C49-DCFB53B446F0}" = Lexware Elster
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FBBA2B9E-22BA-4ab4-8DA9-8C1FE5861485}" = Lexware Zeiterfassung
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"T-Mobile Internet Manager" = T-Mobile Internet Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.06.2012 04:41:20 | Computer Name = PC_AE | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.06.2012 04:42:09 | Computer Name = PC_AE | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.06.2012 04:42:11 | Computer Name = PC_AE | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 25.06.2012 07:23:05 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x67dee281
ID
 des fehlerhaften Prozesses: 0x5c0  Startzeit der fehlerhaften Anwendung: 0x01cd52c348717ea9
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 21cc96fb-beb8-11e1-b8cd-00241d8ac4bc
 
Error - 25.06.2012 07:23:13 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc000041d  Fehleroffset: 0x67dee281
ID
 des fehlerhaften Prozesses: 0x5c0  Startzeit der fehlerhaften Anwendung: 0x01cd52c348717ea9
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 266d87b5-beb8-11e1-b8cd-00241d8ac4bc
 
Error - 27.06.2012 09:39:25 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x66f78c6d
ID
 des fehlerhaften Prozesses: 0x8b0  Startzeit der fehlerhaften Anwendung: 0x01cd546948e4c2b1
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 81ec3f02-c05d-11e1-aa67-00241d8ac4bc
 
Error - 27.06.2012 09:39:30 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc000041d  Fehleroffset: 0x66f78c6d
ID
 des fehlerhaften Prozesses: 0x8b0  Startzeit der fehlerhaften Anwendung: 0x01cd546948e4c2b1
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 851ba33e-c05d-11e1-aa67-00241d8ac4bc
 
Error - 28.06.2012 03:59:14 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6915e281
ID
 des fehlerhaften Prozesses: 0xb9c  Startzeit der fehlerhaften Anwendung: 0x01cd54fed608f1e2
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 26d029c7-c0f7-11e1-b71c-00241d8ac4bc
 
Error - 28.06.2012 03:59:20 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc000041d  Fehleroffset: 0x6915e281
ID
 des fehlerhaften Prozesses: 0xb9c  Startzeit der fehlerhaften Anwendung: 0x01cd54fed608f1e2
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 2a19c7e1-c0f7-11e1-b71c-00241d8ac4bc
 
Error - 07.08.2012 04:31:20 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
 Zeitstempel: 0x4fc9cd53  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6891e281
ID
 des fehlerhaften Prozesses: 0x23c  Startzeit der fehlerhaften Anwendung: 0x01cd7474cb8f2d2c
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 43104785-e06a-11e1-b435-00241d8ac4bc
 
Error - 07.08.2012 04:31:30 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
 Zeitstempel: 0x4fc9cd53  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc000041d  Fehleroffset: 0x6891e281
ID
 des fehlerhaften Prozesses: 0x23c  Startzeit der fehlerhaften Anwendung: 0x01cd7474cb8f2d2c
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 49599ad3-e06a-11e1-b435-00241d8ac4bc
 
[ Media Center Events ]
Error - 14.05.2012 06:28:23 | Computer Name = PC_AE | Source = MCUpdate | ID = 0
Description = 12:28:21 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..) 
 
[ System Events ]
Error - 23.08.2012 04:26:37 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:28:08 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:29:38 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:31:08 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:32:38 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:34:08 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:35:39 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:37:09 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:38:39 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:40:09 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
 
< End of report >
--- --- ---


Es handelt sich um ein 64bit BS, daher kein Gmer.txt. Insofern die Logs von Avira und Kasparsky noch von Interesse sind, kann ich diese natürlich noch nachliefern. Ich hoffe, dass ich soweit alles halbwegs richtig aufbereitet habe und dass mir jemand von Euch weiterhelfen kann.

kira 28.08.2012 07:38
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!:

- Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen.
Zitat:
-> Systemwiederherstellung
► Bitte wähle das älteste verfügbare Datum für die Wiederherstellung von Windows aus, wo dein Rechner noch einwandfrei funktioniert hat!
  • Du musst dich als Administrator oder als Benutzer mit Administratorrechten anmelden.
  • Die Systemwiederherstellung lässt sich unter Windows Vista/XP/7 wie folgt aufrufen:
  • StartAlle ProgrammeZubehörSystemprogrammeSystemwiederherstellung
->Eine Schritt-für-Schritt-Anleitung zum Einsatz der Systemwiederherstellung unter Windows XP
-> Systemwiederherstellung unter Windows Vista
-> Systemwiederherstellung unter Win 7
->Systemwiederherstellung: Häufig gestellte Fragen Falls nötig, kannst Du es im abgesicherten Modus auch tun - (Link bitte unbedingt anklicken & lesen!)
Die Systemwiederherstellung ist nur ein "Notlösung", das Problem wird damit nie 100%ig beseitigt, da dem Zeitpunkt des Eindringen des Trojaners nicht mehr feststellen kann. Aber man kann damit die Funktionsfähigkeit eines Computersystems erhöhen.
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis)

berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können?

** Achtung!:
Auch nach Systemwiederherstellung können noch (Viren) Probleme auftreten. Daher ich würde noch eine gründliche Systemreinigung und Systemupdate vorschlagen. Also führe die folgenden Schritte in der angegebenen Reihenfolge aus:

2.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malwarevon hier herunter
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

3.
Systemscan mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.

    http://image.hijackthis.eu/upload/otl_screen_neu.jpg
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

4.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

relfiewz 28.08.2012 09:28
Es existiert leider kein Systemwiederherstellungspunkt, der weiterhelfen könnte.

MBAM hat nichts gefunden:
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.28.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Annette :: PC_AE [Administrator]

28.08.2012 09:20:33
mbam-log-2012-08-28 (09-20-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 332746
Laufzeit: 44 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
OTL und Extras:
Code:
OTL logfile created on: 28.08.2012 10:08:31 - Run 2
OTL by OldTimer - Version 3.2.58.1    Folder = D:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 52,05% Memory free
3,75 Gb Paging File | 2,62 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,30 Gb Total Space | 3,29 Gb Free Space | 11,22% Space Free | Partition Type: NTFS
Drive D: | 119,65 Gb Total Space | 119,15 Gb Free Space | 99,58% Space Free | Partition Type: NTFS
 
Computer Name: PC_AE | User Name: Annette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.25 11:45:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
PRC - [2012.08.08 09:08:29 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 09:56:04 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 09:56:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.05.21 00:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009.11.20 16:55:51 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
PRC - [2009.06.23 17:43:40 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Annette\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
PRC - [2008.11.03 14:21:30 | 000,339,240 | ---- | M] (Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 08:57:49 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll
MOD - [2012.06.14 08:53:41 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.14 08:53:13 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 08:53:05 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.14 09:31:53 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.14 09:31:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.14 09:31:48 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.14 09:31:40 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.15 11:48:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 09:56:04 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 09:56:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 09:56:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 09:56:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.12.13 12:28:20 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?rls=ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 F0 A5 37 F4 69 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKCU\..\SearchScopes\{836EE462-DFDA-4CC8-AD48-06002121558A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=2C7DE87B-3D20-46D5-95B4-0F3E02162D41&apn_sauid=DEB8C006-48DD-4664-B3BF-0C9B8960B199&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?rls=ig"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.22 13:17:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.08.22 13:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annette\AppData\Roaming\mozilla\Extensions
[2012.04.02 09:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.04.02 09:37:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.08.12 08:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [Zoicdir] C:\Users\Annette\AppData\Roaming\Bagiag\edbir.exe File not found
O4 - Startup: C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91EE7D34-39F4-4768-9A82-39E972692B53}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Filter\x-sdch - No CLSID value found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4e3c583b-9564-11df-b322-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{4e3c583b-9564-11df-b322-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{50b70ae8-d5e5-11de-9f34-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{50b70ae8-d5e5-11de-9f34-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{50b70aeb-d5e5-11de-9f34-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{50b70aeb-d5e5-11de-9f34-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{532959fb-d024-11de-ab6f-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{532959fb-d024-11de-ab6f-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{53295a00-d024-11de-ab6f-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{53295a00-d024-11de-ab6f-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{76f3912f-d5a5-11de-94da-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{76f3912f-d5a5-11de-94da-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{b2223ce1-7cfd-11df-808c-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{b2223ce1-7cfd-11df-808c-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.28 09:17:32 | 000,000,000 | ---D | C] -- C:\Users\Annette\AppData\Roaming\Malwarebytes
[2012.08.28 09:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.28 09:15:25 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.28 09:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.28 09:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.28 09:11:07 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- D:\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.25 11:45:04 | 000,596,480 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.08.25 11:04:18 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.08.23 08:15:33 | 000,000,000 | ---D | C] -- D:\Desktop\SAB
[2012.08.23 08:15:33 | 000,000,000 | ---D | C] -- D:\Desktop\Finanzamt
[2012.08.22 14:50:26 | 000,000,000 | ---D | C] -- C:\Users\Annette\AppData\Roaming\Zuihit
[2012.08.22 14:50:26 | 000,000,000 | ---D | C] -- C:\Users\Annette\AppData\Roaming\Noyvpo
[2012.08.22 14:50:26 | 000,000,000 | ---D | C] -- C:\Users\Annette\AppData\Roaming\Bagiag
[2012.08.21 08:23:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.15 14:50:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.15 14:50:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.15 14:50:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.15 14:50:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.15 14:50:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.15 14:50:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.15 14:50:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.15 14:50:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.15 14:50:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.15 14:50:26 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.15 14:50:26 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.15 14:50:25 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 14:50:25 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 14:25:26 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 14:25:22 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 14:25:22 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 14:25:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 14:25:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 14:25:20 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 14:25:20 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 14:25:17 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.28 09:48:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.28 09:24:05 | 000,015,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 09:24:05 | 000,015,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 09:16:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.28 09:16:37 | 1508,761,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.28 09:15:26 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.28 09:15:16 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.28 09:15:16 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.28 09:15:16 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.28 09:15:16 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.28 09:15:16 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.28 09:12:12 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- D:\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.25 11:45:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.08.25 11:44:17 | 000,000,000 | ---- | M] () -- C:\Users\Annette\defogger_reenable
[2012.08.21 08:23:47 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.08.15 15:28:09 | 000,301,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 11:48:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 11:48:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.08.28 09:15:26 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.25 11:44:17 | 000,000,000 | ---- | C] () -- C:\Users\Annette\defogger_reenable
 
========== LOP Check ==========
 
[2012.08.25 13:27:32 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Bagiag
[2009.11.13 16:02:21 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Bytemobile
[2012.05.14 12:37:58 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Canon
[2009.10.18 14:35:17 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Foxit
[2009.11.20 17:48:44 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Foxit Software
[2009.11.13 16:16:51 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\HCM Updater
[2009.11.02 19:18:08 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Lexware
[2012.08.22 14:50:26 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Noyvpo
[2009.10.23 11:54:15 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\OpenOffice.org
[2009.11.20 16:55:49 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\T-Mobile
[2009.11.20 17:29:31 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\T-Mobile Internet Manager
[2012.08.23 08:44:12 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Zuihit
[2012.06.01 09:26:31 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Code:
OTL Extras logfile created on: 28.08.2012 10:08:31 - Run 2
OTL by OldTimer - Version 3.2.58.1    Folder = D:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 52,05% Memory free
3,75 Gb Paging File | 2,62 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,30 Gb Total Space | 3,29 Gb Free Space | 11,22% Space Free | Partition Type: NTFS
Drive D: | 119,65 Gb Total Space | 119,15 Gb Free Space | 99,58% Space Free | Partition Type: NTFS
 
Computer Name: PC_AE | User Name: Annette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{099D9A07-22C0-4F1B-BEAB-4DE9AFD46D5B}" = rport=445 | protocol=6 | dir=out | app=system |
"{0A9D5FD5-7615-4B2F-AED0-589E4A343EA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{273849AD-62A5-43A6-8B3E-0A9EA4009999}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4735883E-3197-493E-84D7-A2B0CE6A2E3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54128BAC-177E-4D0F-BA70-41DE138D33A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{563291E6-D5A7-4858-A582-9BF325ABE359}" = lport=139 | protocol=6 | dir=in | app=system |
"{6C72DD9E-E25B-479A-8EA4-C05395A97153}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8D5B2965-7C06-4B4B-A026-41DE2E2399E3}" = lport=138 | protocol=17 | dir=in | app=system |
"{929E708F-5D4D-41BC-A6B5-2379EFBA68C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{943A908E-02F7-40DC-B254-CAA94FE12959}" = rport=139 | protocol=6 | dir=out | app=system |
"{B78314E7-B5EE-4396-A802-F7B926FC4AD0}" = rport=138 | protocol=17 | dir=out | app=system |
"{C6739EB1-21EC-4806-97E5-D8FF81D955C5}" = lport=445 | protocol=6 | dir=in | app=system |
"{D7E0C6FA-45BA-498F-ADF0-475BC23511AA}" = rport=137 | protocol=17 | dir=out | app=system |
"{E4EAB5CD-21B5-4998-8C29-37163FADD486}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E7BFB3C-D9F1-4829-BF73-E2803D732AD8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C7B26F70-5E50-4E7D-AADE-2B0FB276B085}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EAC36FE9-EFF0-4DB5-ADD2-08296C47C701}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F4855723-025E-4D83-8037-50DD260D25B3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{10E89117-A381-4224-A243-C25FE10399E6}C:\users\annette\appdata\roaming\bagiag\edbir.exe" = protocol=6 | dir=in | app=c:\users\annette\appdata\roaming\bagiag\edbir.exe |
"TCP Query User{1F26F0BE-8C81-45B8-BAB7-635A3017ABAB}C:\users\annette\appdata\roaming\bagiag\edbir.exe" = protocol=6 | dir=in | app=c:\users\annette\appdata\roaming\bagiag\edbir.exe |
"UDP Query User{00F1FE67-7983-4522-9545-BB8CA04658D0}C:\users\annette\appdata\roaming\bagiag\edbir.exe" = protocol=17 | dir=in | app=c:\users\annette\appdata\roaming\bagiag\edbir.exe |
"UDP Query User{9BA463FF-3A53-46EF-A976-C27D1C8460EB}C:\users\annette\appdata\roaming\bagiag\edbir.exe" = protocol=17 | dir=in | app=c:\users\annette\appdata\roaming\bagiag\edbir.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series" = Canon MX330 series MP Drivers
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{225C12AE-BB37-4EE3-8935-583E2F0E6644}" = Lexware reisekosten 2009
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5E0FB219-2A76-448B-997D-4308C4288026}" = Lexware büro easy 2010
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{6C35CAC7-27C9-4CB0-BBB8-CBF9994215DA}" = Lexware online banking
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8940A440-4D53-4CCF-B9AE-5D59FB71DDF6}" = Lexware reisekosten 2009
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{A076D6DF-2D6F-4c50-B032-700A924AA6D1}" = Lexware Abschreibungsrechner
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{DEBC6EBF-FF7A-4E30-9C49-DCFB53B446F0}" = Lexware Elster
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FBBA2B9E-22BA-4ab4-8DA9-8C1FE5861485}" = Lexware Zeiterfassung
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"T-Mobile Internet Manager" = T-Mobile Internet Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.06.2012 04:41:20 | Computer Name = PC_AE | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.06.2012 04:42:09 | Computer Name = PC_AE | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.06.2012 04:42:11 | Computer Name = PC_AE | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 25.06.2012 07:23:05 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x67dee281
ID
 des fehlerhaften Prozesses: 0x5c0  Startzeit der fehlerhaften Anwendung: 0x01cd52c348717ea9
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 21cc96fb-beb8-11e1-b8cd-00241d8ac4bc
 
Error - 25.06.2012 07:23:13 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc000041d  Fehleroffset: 0x67dee281
ID
 des fehlerhaften Prozesses: 0x5c0  Startzeit der fehlerhaften Anwendung: 0x01cd52c348717ea9
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 266d87b5-beb8-11e1-b8cd-00241d8ac4bc
 
Error - 27.06.2012 09:39:25 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x66f78c6d
ID
 des fehlerhaften Prozesses: 0x8b0  Startzeit der fehlerhaften Anwendung: 0x01cd546948e4c2b1
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 81ec3f02-c05d-11e1-aa67-00241d8ac4bc
 
Error - 27.06.2012 09:39:30 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc000041d  Fehleroffset: 0x66f78c6d
ID
 des fehlerhaften Prozesses: 0x8b0  Startzeit der fehlerhaften Anwendung: 0x01cd546948e4c2b1
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 851ba33e-c05d-11e1-aa67-00241d8ac4bc
 
Error - 28.06.2012 03:59:14 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6915e281
ID
 des fehlerhaften Prozesses: 0xb9c  Startzeit der fehlerhaften Anwendung: 0x01cd54fed608f1e2
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 26d029c7-c0f7-11e1-b71c-00241d8ac4bc
 
Error - 28.06.2012 03:59:20 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc000041d  Fehleroffset: 0x6915e281
ID
 des fehlerhaften Prozesses: 0xb9c  Startzeit der fehlerhaften Anwendung: 0x01cd54fed608f1e2
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 2a19c7e1-c0f7-11e1-b71c-00241d8ac4bc
 
Error - 07.08.2012 04:31:20 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
 Zeitstempel: 0x4fc9cd53  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6891e281
ID
 des fehlerhaften Prozesses: 0x23c  Startzeit der fehlerhaften Anwendung: 0x01cd7474cb8f2d2c
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 43104785-e06a-11e1-b435-00241d8ac4bc
 
Error - 07.08.2012 04:31:30 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
 Zeitstempel: 0x4fc9cd53  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc000041d  Fehleroffset: 0x6891e281
ID
 des fehlerhaften Prozesses: 0x23c  Startzeit der fehlerhaften Anwendung: 0x01cd7474cb8f2d2c
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 49599ad3-e06a-11e1-b435-00241d8ac4bc
 
[ Media Center Events ]
Error - 14.05.2012 06:28:23 | Computer Name = PC_AE | Source = MCUpdate | ID = 0
Description = 12:28:21 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..) 
 
[ System Events ]
Error - 23.08.2012 04:26:37 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:28:08 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:29:38 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:31:08 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:32:38 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:34:08 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:35:39 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:37:09 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:38:39 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:40:09 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
 
< End of report >
Liste der installierten Programme
Code:
7-Zip 4.65 (x64 edition)        Igor Pavlov        18.10.2009        3,98MB        4.65.00.0
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        15.08.2012        6,00MB        11.3.300.271
Adobe Reader 9.5.2 - Deutsch        Adobe Systems Incorporated        21.08.2012        118MB        9.5.2
Avira Free Antivirus        Avira        08.08.2012        105MB        12.0.0.1167
Canon MP Navigator EX 2.1                14.05.2012               
Canon MX330 series MP Drivers                02.11.2009               
CCleaner        Piriform        22.08.2012                3.22
Google Toolbar for Internet Explorer        Google Inc.        11.12.2009               
Japanese Fonts Support For Adobe Reader 9        Adobe Systems Incorporated        05.01.2011        16,4MB        9.0.0
Java(TM) 6 Update 18        Sun Microsystems, Inc.        07.07.2010        97,1MB        6.0.180
Java(TM) 6 Update 31        Oracle        02.04.2012        95,1MB        6.0.310
Lexware Abschreibungsrechner        Lexware GmbH & Co. KG        02.11.2009        45,6MB        8.00.04.0003
Lexware büro easy 2010        Lexware GmbH & Co. KG        05.07.2010        641MB        22.20.04.0071
Lexware Elster        Lexware GmbH & Co. KG        02.11.2009        107MB        8.10.00.0017
Lexware Info Service        Lexware GmbH & Co. KG        02.11.2009        10,6MB        2.61.00.0033
Lexware online banking        Lexware GmbH & Co. KG        02.11.2009        40,3MB        8.00.00.0067
Lexware reisekosten 2009        Lexware        02.11.2009                16.00.00.0050
Lexware Zeiterfassung        Lexware GmbH & Co. KG        02.11.2009        27,9MB        22.00.04.0005
Malwarebytes Anti-Malware Version 1.62.0.1300        Malwarebytes Corporation        28.08.2012        18,7MB        1.62.0.1300
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        20.12.2010        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        20.12.2010        2,93MB        4.0.30319
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        02.11.2009        428KB        8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022        Microsoft Corporation        07.07.2010        2,52MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218        Microsoft Corporation        07.07.2010        600KB        9.0.21022.218
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        31.10.2011        11,1MB        10.0.40219
Mozilla Firefox 6.0 (x86 de)        Mozilla        22.08.2011        32,5MB        6.0
OpenOffice.org 3.2        OpenOffice.org        04.03.2011        364MB        3.2.9502
RENESIS® Player Browser Plugins        examotion® GmbH        02.11.2009        1,83MB        1.1.1
T-Mobile Internet Manager        T-Mobile D        20.11.2009                11.301.05.17.55

kira 28.08.2012 14:09
wurde auch schon das Tool von Kaspersky eingesetzt?:
C:\Kaspersky Rescue Disk

Systemreinigung und Prüfung:

► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?rls=ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKCU\..\SearchScopes\{836EE462-DFDA-4CC8-AD48-06002121558A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=2C7DE87B-3D20-46D5-95B4-0F3E02162D41&apn_sauid=DEB8C006-48DD-4664-B3BF-0C9B8960B199&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O4 - HKCU..\Run: [Zoicdir] C:\Users\Annette\AppData\Roaming\Bagiag\edbir.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4e3c583b-9564-11df-b322-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{4e3c583b-9564-11df-b322-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{50b70ae8-d5e5-11de-9f34-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{50b70ae8-d5e5-11de-9f34-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{50b70aeb-d5e5-11de-9f34-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{50b70aeb-d5e5-11de-9f34-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{532959fb-d024-11de-ab6f-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{532959fb-d024-11de-ab6f-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{53295a00-d024-11de-ab6f-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{53295a00-d024-11de-ab6f-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{76f3912f-d5a5-11de-94da-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{76f3912f-d5a5-11de-94da-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{b2223ce1-7cfd-11df-808c-00241d8ac4bc}\Shell - "" = AutoRun
O33 - MountPoints2\{b2223ce1-7cfd-11df-808c-00241d8ac4bc}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{10E89117-A381-4224-A243-C25FE10399E6}C:\users\annette\appdata\roaming\bagiag\edbir.exe" =-
"TCP Query User{1F26F0BE-8C81-45B8-BAB7-635A3017ABAB}C:\users\annette\appdata\roaming\bagiag\edbir.exe" =-
"UDP Query User{00F1FE67-7983-4522-9545-BB8CA04658D0}C:\users\annette\appdata\roaming\bagiag\edbir.exe" =-
"UDP Query User{9BA463FF-3A53-46EF-A976-C27D1C8460EB}C:\users\annette\appdata\roaming\bagiag\edbir.exe" =-

:Files
C:\Users\Annette\AppData\Roaming\Zuihit
C:\Users\Annette\AppData\Roaming\Noyvpo
C:\Users\Annette\AppData\Roaming\Bagiag
ipconfig /flushdns /c

:Commands
[purity]
[REBOOT]

2.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

relfiewz 28.08.2012 14:22
Zitat:
Zitat von kira (Beitrag 902008)
wurde auch schon das Tool von Kaspersky eingesetzt?:
C:\Kaspersky Rescue Disk

...
Ja, wie eingangs kurz erwähnt, habe ich vor meiner Fragestellung hier im Forum Avira und Kaspersky im Einsatz gehabt. Letzters habe ich über eine SARDU-Multiboot-DVD oder die klassische Rescue Disk, da bin ich mir gerade nicht ganz sicher, ausgeführt.

Soll ich davon erst noch die Logdateien posten, oder fortfahren, wie Du im Post zuvor beschrieben hast?

kira 28.08.2012 15:01
Zitat:
Soll ich davon erst noch die Logdateien posten, oder fortfahren, wie Du im Post zuvor beschrieben hast?
nein, das kannst auch wenn alles fertig mir später posten

relfiewz 28.08.2012 18:10
Ok, hab' die nächsten Schritte ausgeführt:

Nach dem Fix mit OTL und dem damit verbundenen Neustart konnte ich aber das fragliche Textdokument nicht ausmachen. Wie soll der Dateiname denn sein? (Was mir an dieser Stelle noch aufgefallen ist: das Skript was ich aus der Codebox in OTL eingefügt habe, endet nicht mit: "[emptytemp]" - wie es in dem Anleitungspunkt dazu steht. Keine Ahnung, ob das fehlende Textdokument evtl. daraus resultiert.)

Anbei noch die OTL.txt und Extras.txt

Code:
OTL logfile created on: 28.08.2012 18:42:35 - Run 3
OTL by OldTimer - Version 3.2.58.1    Folder = D:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 65,84% Memory free
3,75 Gb Paging File | 2,89 Gb Available in Paging File | 77,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,30 Gb Total Space | 3,29 Gb Free Space | 11,23% Space Free | Partition Type: NTFS
Drive D: | 119,65 Gb Total Space | 119,15 Gb Free Space | 99,58% Space Free | Partition Type: NTFS
 
Computer Name: PC_AE | User Name: Annette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.25 11:45:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
PRC - [2012.08.08 09:08:29 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 09:56:04 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 09:56:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.05.21 00:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009.11.20 16:55:51 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
PRC - [2009.06.23 17:43:40 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Annette\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
PRC - [2008.11.03 14:21:30 | 000,339,240 | ---- | M] (Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2008.08.25 09:00:51 | 001,340,712 | ---- | M] (Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 08:57:49 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll
MOD - [2012.06.14 08:53:41 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.14 08:53:13 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 08:53:05 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.14 09:31:53 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.14 09:31:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.14 09:31:48 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.14 09:31:40 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.15 11:48:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 09:56:04 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 09:56:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 09:56:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 09:56:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.12.13 12:28:20 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 F0 A5 37 F4 69 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?rls=ig"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.22 13:17:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.08.22 13:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annette\AppData\Roaming\mozilla\Extensions
[2012.04.02 09:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.04.02 09:37:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.08.12 08:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - Startup: C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91EE7D34-39F4-4768-9A82-39E972692B53}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Filter\x-sdch - No CLSID value found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.28 10:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.08.28 10:15:33 | 003,927,560 | ---- | C] (Piriform Ltd) -- D:\Desktop\ccsetup322.exe
[2012.08.28 09:17:32 | 000,000,000 | ---D | C] -- C:\Users\Annette\AppData\Roaming\Malwarebytes
[2012.08.28 09:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.28 09:15:25 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.28 09:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.28 09:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.28 09:11:07 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- D:\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.25 11:45:04 | 000,596,480 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.08.25 11:04:18 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.08.23 08:15:33 | 000,000,000 | ---D | C] -- D:\Desktop\SAB
[2012.08.23 08:15:33 | 000,000,000 | ---D | C] -- D:\Desktop\Finanzamt
[2012.08.21 08:23:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.15 14:50:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.15 14:50:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.15 14:50:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.15 14:50:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.15 14:50:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.15 14:50:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.15 14:50:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.15 14:50:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.15 14:50:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.15 14:50:26 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.15 14:50:26 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.15 14:50:25 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 14:50:25 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 14:25:26 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 14:25:22 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 14:25:22 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 14:25:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 14:25:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 14:25:20 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 14:25:20 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 14:25:17 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.28 18:44:18 | 000,015,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 18:44:18 | 000,015,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 18:36:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.28 18:36:46 | 1508,761,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.28 10:25:40 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.28 10:25:40 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.28 10:25:40 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.28 10:25:40 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.28 10:25:40 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.28 10:16:35 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.28 09:48:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.28 09:15:26 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.28 09:12:36 | 003,927,560 | ---- | M] (Piriform Ltd) -- D:\Desktop\ccsetup322.exe
[2012.08.28 09:12:12 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- D:\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.25 11:45:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.08.25 11:44:17 | 000,000,000 | ---- | M] () -- C:\Users\Annette\defogger_reenable
[2012.08.21 08:23:47 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.08.15 15:28:09 | 000,301,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 11:48:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 11:48:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.08.28 10:16:35 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.28 09:15:26 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.25 11:44:17 | 000,000,000 | ---- | C] () -- C:\Users\Annette\defogger_reenable
 
========== LOP Check ==========
 
[2009.11.13 16:02:21 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Bytemobile
[2012.05.14 12:37:58 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Canon
[2009.10.18 14:35:17 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Foxit
[2009.11.20 17:48:44 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Foxit Software
[2009.11.13 16:16:51 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\HCM Updater
[2009.11.02 19:18:08 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Lexware
[2009.10.23 11:54:15 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\OpenOffice.org
[2009.11.20 16:55:49 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\T-Mobile
[2009.11.20 17:29:31 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\T-Mobile Internet Manager
[2012.06.01 09:26:31 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Code:
OTL Extras logfile created on: 28.08.2012 18:42:35 - Run 3
OTL by OldTimer - Version 3.2.58.1    Folder = D:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 65,84% Memory free
3,75 Gb Paging File | 2,89 Gb Available in Paging File | 77,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,30 Gb Total Space | 3,29 Gb Free Space | 11,23% Space Free | Partition Type: NTFS
Drive D: | 119,65 Gb Total Space | 119,15 Gb Free Space | 99,58% Space Free | Partition Type: NTFS
 
Computer Name: PC_AE | User Name: Annette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{099D9A07-22C0-4F1B-BEAB-4DE9AFD46D5B}" = rport=445 | protocol=6 | dir=out | app=system |
"{0A9D5FD5-7615-4B2F-AED0-589E4A343EA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{273849AD-62A5-43A6-8B3E-0A9EA4009999}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4735883E-3197-493E-84D7-A2B0CE6A2E3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54128BAC-177E-4D0F-BA70-41DE138D33A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{563291E6-D5A7-4858-A582-9BF325ABE359}" = lport=139 | protocol=6 | dir=in | app=system |
"{6C72DD9E-E25B-479A-8EA4-C05395A97153}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8D5B2965-7C06-4B4B-A026-41DE2E2399E3}" = lport=138 | protocol=17 | dir=in | app=system |
"{929E708F-5D4D-41BC-A6B5-2379EFBA68C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{943A908E-02F7-40DC-B254-CAA94FE12959}" = rport=139 | protocol=6 | dir=out | app=system |
"{B78314E7-B5EE-4396-A802-F7B926FC4AD0}" = rport=138 | protocol=17 | dir=out | app=system |
"{C6739EB1-21EC-4806-97E5-D8FF81D955C5}" = lport=445 | protocol=6 | dir=in | app=system |
"{D7E0C6FA-45BA-498F-ADF0-475BC23511AA}" = rport=137 | protocol=17 | dir=out | app=system |
"{E4EAB5CD-21B5-4998-8C29-37163FADD486}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E7BFB3C-D9F1-4829-BF73-E2803D732AD8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C7B26F70-5E50-4E7D-AADE-2B0FB276B085}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EAC36FE9-EFF0-4DB5-ADD2-08296C47C701}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F4855723-025E-4D83-8037-50DD260D25B3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series" = Canon MX330 series MP Drivers
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{225C12AE-BB37-4EE3-8935-583E2F0E6644}" = Lexware reisekosten 2009
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5E0FB219-2A76-448B-997D-4308C4288026}" = Lexware büro easy 2010
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{6C35CAC7-27C9-4CB0-BBB8-CBF9994215DA}" = Lexware online banking
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8940A440-4D53-4CCF-B9AE-5D59FB71DDF6}" = Lexware reisekosten 2009
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{A076D6DF-2D6F-4c50-B032-700A924AA6D1}" = Lexware Abschreibungsrechner
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{DEBC6EBF-FF7A-4E30-9C49-DCFB53B446F0}" = Lexware Elster
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FBBA2B9E-22BA-4ab4-8DA9-8C1FE5861485}" = Lexware Zeiterfassung
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"T-Mobile Internet Manager" = T-Mobile Internet Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.06.2012 04:41:20 | Computer Name = PC_AE | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.06.2012 04:42:09 | Computer Name = PC_AE | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.06.2012 04:42:11 | Computer Name = PC_AE | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 25.06.2012 07:23:05 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x67dee281
ID
 des fehlerhaften Prozesses: 0x5c0  Startzeit der fehlerhaften Anwendung: 0x01cd52c348717ea9
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 21cc96fb-beb8-11e1-b8cd-00241d8ac4bc
 
Error - 25.06.2012 07:23:13 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc000041d  Fehleroffset: 0x67dee281
ID
 des fehlerhaften Prozesses: 0x5c0  Startzeit der fehlerhaften Anwendung: 0x01cd52c348717ea9
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 266d87b5-beb8-11e1-b8cd-00241d8ac4bc
 
Error - 27.06.2012 09:39:25 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x66f78c6d
ID
 des fehlerhaften Prozesses: 0x8b0  Startzeit der fehlerhaften Anwendung: 0x01cd546948e4c2b1
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 81ec3f02-c05d-11e1-aa67-00241d8ac4bc
 
Error - 27.06.2012 09:39:30 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc000041d  Fehleroffset: 0x66f78c6d
ID
 des fehlerhaften Prozesses: 0x8b0  Startzeit der fehlerhaften Anwendung: 0x01cd546948e4c2b1
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 851ba33e-c05d-11e1-aa67-00241d8ac4bc
 
Error - 28.06.2012 03:59:14 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6915e281
ID
 des fehlerhaften Prozesses: 0xb9c  Startzeit der fehlerhaften Anwendung: 0x01cd54fed608f1e2
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 26d029c7-c0f7-11e1-b71c-00241d8ac4bc
 
Error - 28.06.2012 03:59:20 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc000041d  Fehleroffset: 0x6915e281
ID
 des fehlerhaften Prozesses: 0xb9c  Startzeit der fehlerhaften Anwendung: 0x01cd54fed608f1e2
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 2a19c7e1-c0f7-11e1-b71c-00241d8ac4bc
 
Error - 07.08.2012 04:31:20 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
 Zeitstempel: 0x4fc9cd53  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6891e281
ID
 des fehlerhaften Prozesses: 0x23c  Startzeit der fehlerhaften Anwendung: 0x01cd7474cb8f2d2c
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 43104785-e06a-11e1-b435-00241d8ac4bc
 
Error - 07.08.2012 04:31:30 | Computer Name = PC_AE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
 Zeitstempel: 0x4fc9cd53  Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f71ac4e  Ausnahmecode: 0xc000041d  Fehleroffset: 0x6891e281
ID
 des fehlerhaften Prozesses: 0x23c  Startzeit der fehlerhaften Anwendung: 0x01cd7474cb8f2d2c
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: AcroRd32.dll  Berichtskennung: 49599ad3-e06a-11e1-b435-00241d8ac4bc
 
[ Media Center Events ]
Error - 14.05.2012 06:28:23 | Computer Name = PC_AE | Source = MCUpdate | ID = 0
Description = 12:28:21 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..) 
 
[ System Events ]
Error - 23.08.2012 04:28:08 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:29:38 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:31:08 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:32:38 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:34:08 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:35:39 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:37:09 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:38:39 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 23.08.2012 04:40:09 | Computer Name = PC_AE | Source = bowser | ID = 8003
Description =
 
Error - 28.08.2012 12:12:30 | Computer Name = PC_AE | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
Zwischenstand: die vermissten Daten sind leider weiterhin nicht in Sicht.

Im Anhang noch der gepackte report Ordner aus C:\Kaspersky Rescue Disk - ich wusste nicht welches konkrete File da von Interesse sein könnte. Bei Avira hab' ich gar keinen Plan, wo die Logdaten zu finden sein könnten.

kira 28.08.2012 19:24
► Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
C:\_OTL\Moved

Avira Free Antivirus - Funde exportieren

Rechtsklick auf den AntiVir-Schirm in der Taskleiste => Avira Free Antivirus starten => Verwaltung => Ereignisse
Links bei Filter nur "Fund" anhaken.
Jeden Fund markieren (nicht alle Ereignisse, nur Funde) => Rechtsklick auf Funde => Ereignis(se) exportieren
und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten.
Wenn komplette Scanergebnis von Antivir vorliegt bzw spechert hast, auch posten!

► ihr könnt noch hiermit versuchen:
Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
danach wieder rückgängig machen!

relfiewz 28.08.2012 21:28
Das Einblenden von versteckten Dateien etc. habe ich versucht, leider auch kein Erfolg.

08282012_183552:
Code:
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{836EE462-DFDA-4CC8-AD48-06002121558A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{836EE462-DFDA-4CC8-AD48-06002121558A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Zoicdir deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e3c583b-9564-11df-b322-00241d8ac4bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e3c583b-9564-11df-b322-00241d8ac4bc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e3c583b-9564-11df-b322-00241d8ac4bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e3c583b-9564-11df-b322-00241d8ac4bc}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50b70ae8-d5e5-11de-9f34-00241d8ac4bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50b70ae8-d5e5-11de-9f34-00241d8ac4bc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50b70ae8-d5e5-11de-9f34-00241d8ac4bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50b70ae8-d5e5-11de-9f34-00241d8ac4bc}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50b70aeb-d5e5-11de-9f34-00241d8ac4bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50b70aeb-d5e5-11de-9f34-00241d8ac4bc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50b70aeb-d5e5-11de-9f34-00241d8ac4bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50b70aeb-d5e5-11de-9f34-00241d8ac4bc}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{532959fb-d024-11de-ab6f-00241d8ac4bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{532959fb-d024-11de-ab6f-00241d8ac4bc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{532959fb-d024-11de-ab6f-00241d8ac4bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{532959fb-d024-11de-ab6f-00241d8ac4bc}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53295a00-d024-11de-ab6f-00241d8ac4bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53295a00-d024-11de-ab6f-00241d8ac4bc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53295a00-d024-11de-ab6f-00241d8ac4bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53295a00-d024-11de-ab6f-00241d8ac4bc}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76f3912f-d5a5-11de-94da-00241d8ac4bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76f3912f-d5a5-11de-94da-00241d8ac4bc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76f3912f-d5a5-11de-94da-00241d8ac4bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76f3912f-d5a5-11de-94da-00241d8ac4bc}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2223ce1-7cfd-11df-808c-00241d8ac4bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2223ce1-7cfd-11df-808c-00241d8ac4bc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2223ce1-7cfd-11df-808c-00241d8ac4bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2223ce1-7cfd-11df-808c-00241d8ac4bc}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File J:\AutoRun.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{10E89117-A381-4224-A243-C25FE10399E6}C:\users\annette\appdata\roaming\bagiag\edbir.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1F26F0BE-8C81-45B8-BAB7-635A3017ABAB}C:\users\annette\appdata\roaming\bagiag\edbir.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{00F1FE67-7983-4522-9545-BB8CA04658D0}C:\users\annette\appdata\roaming\bagiag\edbir.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9BA463FF-3A53-46EF-A976-C27D1C8460EB}C:\users\annette\appdata\roaming\bagiag\edbir.exe deleted successfully.
========== FILES ==========
C:\Users\Annette\AppData\Roaming\Zuihit folder moved successfully.
C:\Users\Annette\AppData\Roaming\Noyvpo folder moved successfully.
C:\Users\Annette\AppData\Roaming\Bagiag folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
D:\Desktop\cmd.bat deleted successfully.
D:\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.58.1 log created on 08282012_183552
Avira-Fund-Export: (es gab nur einen)
Code:
Exportierte Ereignisse:

23.08.2012 10:40 [System Scanner] Malware gefunden
      Die Datei
      'C:\Users\Annette\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\bd9a54e-7114
      6ca5'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/JAVA.Ternub.Gen'
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55fd4346.qua'
      verschoben!

kira 29.08.2012 07:56
für einen Versuch wert:
-> Daten wiederherstellen mit ShadowExplorer

-> Systemabbild
-> Was ist ein Systemabbild?
-> Wiederherstellen des Computers von einer Systemabbildsicherung

relfiewz 29.08.2012 19:26
Vielen lieben Dank für Deine Mühen kira, leider haben auch die letzten Versuche keinen Erfolg gebracht und ich hab mich nun entschieden die Daten abzuschreiben und den Rechner nochmals sauber aufzusetzen.

kira 30.08.2012 12:26
ein Tipp habe nocht, vlt bring Erfolg:
Zitat:
Falls treten folgende Symptome auf:
Ordner sind leer, unter Startmenü Programme fehlen etc., dieses Tool bietet dir die Lösung:
  • Lade Dir Unhide.exe (http://filepony.de/download-unhide/) (by Grinler) herunter und speichere auf deinem Desktop
    für Windows 7 und Vista mit Rechtsklick als Administrator ausführen
  • Doppelklick auf das Unhide.exe Icon auf dem Desktop - Alles braucht seine Zeit, also ein bisschen Geduld
<Achtung!>: Wenn Dateien etc, die absichtlich von Dir verborgen waren, also unter eigenschaften versteckt eingestellt hast, musst Du wieder auszublenden, nachdem das Tool ausgeführt wird.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131