Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren? (https://www.trojaner-board.de/103090-vista-bka-winlock-mbr-neu-schreiben-freie-bloecke-hd-formatieren.html)

bodobob 01.09.2011 19:43
Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?
 
Hallo,
(hoffe in der richtigen Abteilung gelandet zu sein, sonst verschieben)
ich hatte mir am 28.8.11 einen BKA- Winlock eingefangen und mit der Rescue- CD von DR.Web nach ca. 60 STD. scannen entfernt (also HEUTE :pfeiff:), AVIRA-Rescue-CD fand nach 6 STD. erstmal nichts.

So nun würde ich gern soweit sicher gehen das das Zeug überschrieben ist, ohne das ich Vista unbedingt ganz neu aufsetzen muß.

Unter XP wusste ich noch > booten " abgesicherter modus mit eingabeaufforderung" dann irgendwie "fixmbr" und dann noch was (ist schon länger her und fast vergessen). Dann mit Tool ala defraggler freien bereich überschreiben bzw. formatieren.

:glaskugel:Bei Vista fand ich aber leider nichts derartiges bei der eingabeauffoderung.
Schreib Momentan der Sicherheit wegen vom alten XP- Rechner (staub-hust-).
Oder habt ihr ein neueres "roundabout" für nach (Boot-)Virus?


mfg
bodobob
h.w.

kira 02.09.2011 05:55
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

bodobob 02.09.2011 16:39
Hier erst mal von otl (der infekt war bei 2. User-Scann aber im admin gemacht-):

OTL Logfile:
Code:
OTL logfile created on: 02.09.2011 16:06:38 - Run 1
OTL by OldTimer - Version 3.2.27.0    Folder = D:\Users\ii\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,58% Memory free
13,16 Gb Paging File | 11,78 Gb Available in Paging File | 89,56% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,42 Gb Total Space | 43,15 Gb Free Space | 40,17% Space Free | Partition Type: NTFS
Drive D: | 165,87 Gb Total Space | 98,69 Gb Free Space | 59,50% Space Free | Partition Type: NTFS
Drive E: | 20,00 Gb Total Space | 13,80 Gb Free Space | 69,00% Space Free | Partition Type: FAT32
Drive L: | 7,47 Gb Total Space | 2,36 Gb Free Space | 31,54% Space Free | Partition Type: FAT32
Drive Z: | 1023,00 Mb Total Space | 522,68 Mb Free Space | 51,09% Space Free | Partition Type: FAT32
 
Computer Name: comp* | User Name: ii | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Users\ii\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\MalwarebytesAnti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\TomTomHOME2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\ProgramData\DatacardService\DCService.exe ()
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe (MyPoi World B.V.)
PRC - C:\Windows\System32\WerFault.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
PRC - C:\Programme\BisonCam\BsMnt.exe ()
PRC - C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
PRC - C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
PRC - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
PRC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
PRC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\js3250.dll ()
MOD - C:\Programme\Acronis\TrueImageHome\Common\rpc_client.dll ()
MOD - C:\Programme\Notepad++\NppShell_01.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Programme\BisonCam\BsMnt.exe ()
MOD - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TomTomHOMEService) -- D:\TomTomHOME2\TomTomHOMEService.exe (TomTom)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe ()
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AVerScheduleService) -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
SRV - (AVerRemote) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
SRV - (WDBtnMgrSvc.exe) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (iprip) -- C:\Windows\System32\iprip.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (RRamdisk) -- C:\Windows\system32\DRIVERS\rramdisk.sys (gavotte)
DRV - (AVerFx2hbtv) -- C:\Windows\System32\drivers\AVerFx2hbtv.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (slabser) -- C:\Windows\System32\drivers\slabser.sys (MCCI Corporation)
DRV - (slabbus) CP210x USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\slabbus.sys (MCCI Corporation)
DRV - (WINIO) -- C:\Windows\System32\WinIo.sys (hxxp://www.internals.com)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek)
DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 32 4A B1 6C 5F CC 01  [binary data]
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {ea627165-1724-4db5-ccde-fdc12f45452e}:2.1
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: globefish@projects.6831.courses.csail.mit.edu:1.3.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.03.23 17:59:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.24 09:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.13 10:27:35 | 000,000,000 | ---D | M]
 
[2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Extensions
[2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.18 17:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.09.02 15:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions
[2011.08.20 21:09:37 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.03.24 02:27:42 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011.08.20 21:10:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.27 22:53:23 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2011.08.20 21:11:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.24 02:27:36 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.08.20 21:09:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.08.10 08:53:29 | 000,000,000 | ---D | M] ("AskForSanitize") -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ea627165-1724-4db5-ccde-fdc12f45452e}
[2011.08.20 21:09:52 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011.08.20 21:10:51 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\foxmarks@kei.com
[2011.03.24 02:27:39 | 000,000,000 | ---D | M] (Globefish) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\globefish@projects.6831.courses.csail.mit.edu
[2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011.09.02 15:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.23 17:59:16 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2009.08.26 21:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.24 09:41:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.24 09:41:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.24 09:41:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.24 09:41:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.24 09:41:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BsMnt] C:\Programme\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MyPoi Monitor] C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe (MyPoi World B.V.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\MicrosoftOffice\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: Domain = HAUS
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EE0A647-B058-4D3A-8150-5D95B3474696}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF3540EE-94F0-4C8C-A2FD-34CC2A420F61}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Users\ii\Pictures\57260046-gleitschirmflieger.jpg
O24 - Desktop BackupWallPaper: D:\Users\ii\Pictures\57260046-gleitschirmflieger.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.02.02 16:07:20 | 000,000,271 | -HS- | M] () - L:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009.12.08 16:56:38 | 000,000,220 | ---- | M] () - L:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autostart.exe
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell - "" = AutoRun
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{50f358ef-916f-11de-88a6-ed56e7bc07ec}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.02 16:03:04 | 000,581,120 | ---- | C] (OldTimer Tools) -- D:\Users\ii\Desktop\OTL.exe
[2011.09.02 15:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.09.02 15:39:17 | 000,000,000 | ---D | C] -- C:\Users\ii\AppData\Roaming\Malwarebytes
[2011.09.02 15:39:13 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.09.02 15:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwarebytesAnti-Malware
[2011.09.02 15:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.02 15:39:09 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.02 15:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\MalwarebytesAnti-Malware
[2011.09.01 14:10:45 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011.08.25 15:31:38 | 000,000,000 | ---D | C] -- C:\Users\ii\AppData\Roaming\InstallPad
[2011.08.25 14:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_BilderGrafikVideoTools
[2011.08.25 14:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoZoomClassic2
[2011.08.24 18:52:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.08.21 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\ii\AppData\Roaming\calibre
[2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2011.08.21 00:49:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.08.18 06:05:44 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.18 06:05:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.08.18 06:05:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.08.18 06:05:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.08.18 06:05:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.08.18 06:05:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.08.18 06:05:31 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.18 06:05:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.18 06:05:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.08.18 06:05:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.08.18 06:05:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.08.18 06:05:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.08.18 06:05:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.08.18 06:05:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.08.18 06:05:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.08.18 06:05:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.08.18 06:05:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.08.18 06:05:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.08.18 06:05:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.08.18 06:05:25 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.18 06:05:24 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.02 16:02:12 | 000,723,190 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.02 16:02:12 | 000,674,514 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.02 16:02:12 | 000,131,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.02 16:02:11 | 000,160,622 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.02 15:56:03 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4DA7EAA1-8D17-4D51-8D71-418E4A094BF9}.job
[2011.09.02 15:54:35 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile
[2011.09.02 15:54:33 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.09.02 15:54:10 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.09.02 15:54:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.02 15:54:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.02 15:54:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.02 15:53:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.02 15:49:28 | 000,001,356 | ---- | M] () -- C:\Users\ii\AppData\Local\d3d9caps.dat
[2011.09.02 15:45:23 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.09.02 15:39:13 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.02 15:33:56 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Users\ii\Desktop\OTL.exe
[2011.09.01 18:41:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.09.01 18:39:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.01 13:36:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2F048F96-C6FC-425D-9EF5-D520D5E145A3}.job
[2011.09.01 13:35:34 | 000,254,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.08.25 14:39:10 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk
[2011.08.24 20:34:45 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume D Task.job
[2011.08.24 20:34:43 | 000,003,126 | ---- | M] () -- C:\scheduler.hist
[2011.08.24 19:03:38 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job
[2011.08.23 16:01:03 | 000,000,993 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2011.08.21 17:38:09 | 000,010,752 | ---- | M] () -- C:\Users\ii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.21 16:33:28 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011.08.20 22:03:40 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.08.06 03:36:07 | 000,042,068 | ---- | M] () -- C:\Users\Public\Documents\kontakteE66*****_05082011.csv
[2011.08.06 03:34:39 | 000,042,068 | ---- | M] () -- C:\Users\Public\Documents\kontakteE66******.csv
[2011.08.05 03:13:52 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2011.08.04 16:54:38 | 000,000,000 | ---- | M] () -- C:\Windows\brdfxspd.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.02 15:39:13 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.25 14:39:10 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk
[2011.08.21 16:33:28 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011.08.20 22:03:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.08.06 03:36:07 | 000,042,068 | ---- | C] () -- C:\Users\Public\Documents\kontakteE66*****_05082011.csv
[2011.08.06 03:34:38 | 000,042,068 | ---- | C] () -- C:\Users\Public\Documents\kontakteE66*****.csv
[2011.07.11 14:23:50 | 000,000,136 | ---- | C] () -- C:\Users\ii\AppData\Local\OwnNote.vnt
[2011.06.02 17:43:59 | 000,026,340 | ---- | C] () -- C:\Users\ii\AppData\Roaming\UserTile.png
[2011.05.19 20:27:11 | 000,127,425 | ---- | C] () -- C:\Users\ii\AppData\Local\Foto-0041.jpg
[2011.05.19 20:27:07 | 000,139,674 | ---- | C] () -- C:\Users\ii\AppData\Local\Foto-0042.jpg
[2011.05.19 20:27:04 | 000,114,262 | ---- | C] () -- C:\Users\ii\AppData\Local\Foto-0043.jpg
[2011.05.19 20:27:01 | 000,157,508 | ---- | C] () -- C:\Users\ii\AppData\Local\Foto-0044.jpg
[2011.05.19 20:26:57 | 000,120,206 | ---- | C] () -- C:\Users\ii\AppData\Local\Foto-0045.jpg
[2011.04.05 15:01:07 | 000,000,272 | ---- | C] () -- C:\Windows\{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}_WiseFW.ini
[2011.03.18 03:46:18 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.03.18 03:46:18 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.12 19:19:56 | 000,000,036 | ---- | C] () -- C:\Users\ii\AppData\Local\housecall.guid.cache
[2010.04.19 22:50:46 | 000,495,616 | ---- | C] () -- C:\Windows\System32\D3DX8ab.dll
[2009.12.03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.17 00:37:57 | 000,468,084 | ---- | C] () -- C:\Windows\cluninst.exe
[2009.11.17 00:34:42 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini
[2009.09.17 10:52:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 10:52:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.30 21:04:54 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.08.30 03:45:45 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2009.08.30 02:33:56 | 000,090,112 | ---- | C] () -- C:\Windows\SendToClip.exe
[2009.08.26 17:05:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll
[2009.08.26 17:05:16 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys
[2009.08.26 17:05:05 | 000,565,248 | ---- | C] () -- C:\Windows\System32\sptlib21.dll
[2009.08.26 17:05:05 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll
[2009.08.26 17:05:05 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll
[2009.08.26 17:05:04 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll
[2009.08.26 17:05:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll
[2009.08.26 17:05:04 | 000,245,760 | ---- | C] () -- C:\Windows\System32\sptlib03.dll
[2009.08.26 17:05:04 | 000,241,664 | ---- | C] () -- C:\Windows\System32\sptlib02.dll
[2009.08.26 12:53:28 | 000,000,928 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.26 11:56:47 | 000,000,993 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009.08.26 11:56:47 | 000,000,157 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009.08.26 11:56:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.08.26 11:56:08 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.08.26 11:54:31 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2009.08.26 11:54:18 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009.08.26 11:54:17 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009.08.26 11:54:15 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009.08.26 09:36:32 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009.08.26 03:34:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.08.26 01:27:16 | 000,010,752 | ---- | C] () -- C:\Users\ii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.25 20:21:56 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009.08.25 19:29:32 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.25 18:50:13 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.25 18:36:28 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009.08.25 14:57:02 | 000,001,356 | ---- | C] () -- C:\Users\ii\AppData\Local\d3d9caps.dat
[2009.06.17 14:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008.01.21 09:15:58 | 000,723,190 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,160,622 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,254,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,674,514 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,131,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 8747 bytes -> D:\Users\ii\Documents\Clubinfo :::::::: zu OLC Bundesliga.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\ii\Documents\Clubinfo :::::::: von Dieter.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\ii\Documents\Clubinfo ::::::::  Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 8673 bytes -> D:\Users\ii\Documents\Re_ Clubinfo ::::::::  Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\ii\Documents\Offene Rechnung ._. RG_ HM***** - h****@h-*****.com EILT!.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\ii\Documents\Offene Rechnung ._. RG_ HM****** - h***@h-*****.com  EILT!.eml:OECustomProperty
@Alternate Data Stream - 1263 bytes -> D:\Users\ii\Documents\Re_ looking send to Toy vers. for win98.eml:OECustomProperty
@Alternate Data Stream - 1183 bytes -> D:\Users\ii\Documents\Happy-Load.com MAHNUNG - Ihre RechnungsNr_ HM09-****.eml:OECustomProperty
@Alternate Data Stream - 1175 bytes -> D:\Users\ii\Documents\Daten deines Feedback-Formulars.eml:OECustomProperty
@Alternate Data Stream - 1127 bytes -> D:\Users\ii\Documents\******** in Nymphenburg.eml:OECustomProperty
@Alternate Data Stream - 1075 bytes -> D:\Users\ii\Documents\Formular zur Schadenmeldung, H ***-**** .eml:OECustomProperty
@Alternate Data Stream - 1047 bytes -> D:\Users\ii\Documents\AW_ Empting Kontaktformular BIOS Brennservice.eml:OECustomProperty

< End of report >
--- --- ---

[/code]

und otl-extra
OTL Logfile:
Code:
OTL Extras logfile created on: 02.09.2011 16:06:38 - Run 1
OTL by OldTimer - Version 3.2.27.0    Folder = D:\Users\ii\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,58% Memory free
13,16 Gb Paging File | 11,78 Gb Available in Paging File | 89,56% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,42 Gb Total Space | 43,15 Gb Free Space | 40,17% Space Free | Partition Type: NTFS
Drive D: | 165,87 Gb Total Space | 98,69 Gb Free Space | 59,50% Space Free | Partition Type: NTFS
Drive E: | 20,00 Gb Total Space | 13,80 Gb Free Space | 69,00% Space Free | Partition Type: FAT32
Drive L: | 7,47 Gb Total Space | 2,36 Gb Free Space | 31,54% Space Free | Partition Type: FAT32
Drive Z: | 1023,00 Mb Total Space | 522,68 Mb Free Space | 51,09% Space Free | Partition Type: FAT32
 
Computer Name: comp* | User Name: ii | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = Notepad++_file] -- Reg Error: Key error. File not found
.txt [@ = Notepad++_file] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\MicrosoftOffice\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\MicrosoftOffice\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [sendtotoys1add] -- C:\Program Files\SendToToys\SendToAdd.exe "%1" ()
Directory [sendtotoys1remove] -- C:\Program Files\SendToToys\SendToRemove.exe "%1" ()
Directory [sendtotoys2prompt] -- C:\Program Files\SendToToys\SendToCommandPrompt.exe "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1132503739-529802008-4276434138-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FD153E-ABC9-4D1D-B02D-7AA483D575FF}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe |
"{05108C21-5F10-4660-9785-9E31062633A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{058460DE-836F-42EE-83AB-D7D86F043012}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{0B929043-469B-42BD-AFCA-4F610CF5433E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0BEFFBBD-F3F6-412B-B100-8DE3881C686A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{14BCDDB7-930F-4B33-99B2-853127CCD869}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1CE2363F-CD42-452A-95D2-08BB1401E73F}" = rport=139 | protocol=6 | dir=out | app=system |
"{1EF53F87-F7A4-47A0-BED5-7427C675BBEA}" = lport=80 | protocol=6 | dir=in | app=system |
"{1F254634-052C-4E5C-8E2B-3E90338FA69B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{1FBEA8B2-EC99-4529-9553-364973E48D3D}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{27D45B53-572E-4F87-B1B6-155BA3E89846}" = lport=3390 | protocol=6 | dir=in | app=system |
"{29D9C0C3-3FAF-4161-893F-BBF02BA80600}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{2A8D292A-1CBA-44F0-B647-5CEA310F9F3C}" = rport=1723 | protocol=6 | dir=out | app=system |
"{2BD08FD1-EEA6-43B6-BE00-FED5939BC550}" = lport=445 | protocol=6 | dir=in | app=system |
"{31E7ACC9-9DF1-490C-BAB5-688EF5E80670}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4484C1B4-4559-48BD-A5D9-3D1327171609}" = lport=137 | protocol=17 | dir=in | app=system |
"{4519482D-8173-4CBE-9F6B-C69EA2AEDBCF}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{46161930-3601-4F49-A5DA-E07B38B28320}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{4678B9AB-D840-4DD9-96C6-0BE1CDE286DF}" = lport=2178 | protocol=6 | dir=in | app=system |
"{48494A11-6A2C-45DD-BB00-F6C5AFC1816E}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe |
"{4FBED585-FE2C-4F3D-B6C7-C383F4E8F7BC}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{551A8EE4-3437-46D9-8A2A-0F87A0281903}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5A8ED024-5B80-4C86-AB3A-B4FC7A85CD00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5EFBFD02-627B-480D-BD70-02BEEE8FB70F}" = lport=443 | protocol=6 | dir=in | app=system |
"{5F87C055-C165-4547-8A8C-AF0C04CB4F53}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{63FFA390-0919-46F6-9792-7558AD37F7B8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{6406C504-07B0-4743-AD77-AEF287754416}" = lport=445 | protocol=6 | dir=in | app=system |
"{667285AF-530A-44D3-9A61-8F31F6CB0FA9}" = rport=5358 | protocol=6 | dir=out | app=system |
"{67CD9F97-EBED-438C-931D-9BBD6287F964}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{68448D7E-06ED-468C-B63C-09CC640AE162}" = rport=138 | protocol=17 | dir=out | app=system |
"{76116FDB-8392-4850-B620-84BEE0A7E9A0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7AC00DDD-D5BD-4A96-9852-7C2A44EC805C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{7AD4107B-FB47-4CE1-B09E-D1249C549217}" = rport=2178 | protocol=6 | dir=out | app=system |
"{7C6A5727-EE23-448C-AECD-049DC596CA4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7D0887A0-43DE-4B05-B177-A4D86A9EA486}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EB9613C-5826-47C2-9C49-ADA46206BD80}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B1EAC4F-DAEE-402F-80AA-26FC121F6E0B}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{923DC43A-1F0C-4F70-9721-B664A9180A96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{96229ABB-0170-48D7-94BE-6E907D6ADB1E}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{9DB29835-C9C6-4901-9806-B7E26D075DF0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{A1DB05B0-7921-4A3F-B7B5-C7E3AD46014A}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{A4A9A3A1-D4C3-45F8-B5B9-E0A730044EBB}" = lport=1723 | protocol=6 | dir=in | app=system |
"{A7A630DC-461E-4102-B1FC-9411E1823556}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{AB542126-F6ED-4F66-A811-2B3F6C5A284E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{ABE90B8E-F96F-4B67-971E-F69C2F8622EB}" = rport=137 | protocol=17 | dir=out | app=system |
"{B075176B-8B07-4796-8B32-FC269B0DC942}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B24F6D57-0AFF-4D26-B926-C0FBE048DA63}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B281AF30-0D81-48B5-97D3-6C2B0BE291D4}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{B3FE9E04-893B-4A64-9A64-6FFE3F03CE08}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B4B19C0C-9682-45AE-B194-6745D4872F95}" = rport=10244 | protocol=6 | dir=out | app=system |
"{B4E47337-8D99-4BFE-B46E-8A27768178BE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{B574143D-59E2-46B6-9075-ABD9CF5142A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B57F88C5-D3AD-46C6-A7A6-F64C66A5366E}" = rport=5357 | protocol=6 | dir=out | app=system |
"{B73C1CB5-C854-45F9-9C2F-B3349987B677}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{B7480297-8857-4061-BE1C-5A34C6327821}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B7896275-4170-45F5-A789-F17202BA0509}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B802D91E-C390-420E-A1E5-ED5731E0086B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C29583EF-E729-49DA-8EE7-25ADF1D15827}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C41AC74A-645A-4C95-87FF-25DB26062E40}" = lport=139 | protocol=6 | dir=in | app=system |
"{C51FA661-C2CC-4A78-A6DD-52EF8AE9B084}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D30A1273-E6A1-4059-B0C1-4D680944B960}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{D396F231-97CC-4096-B248-20F1CA8E0206}" = lport=1701 | protocol=17 | dir=in | app=system |
"{D8F5C5D6-C0EA-467B-8415-3BDD3B445222}" = rport=445 | protocol=6 | dir=out | app=system |
"{DB01158B-408D-4A79-AED7-E2B0EF7B5F15}" = lport=443 | protocol=6 | dir=in | app=system |
"{DEEF28BE-A462-47E6-BF7F-C8AEF419864E}" = rport=1701 | protocol=17 | dir=out | app=system |
"{E3C8568D-4133-45C8-80F6-D9538D563F9C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E485FDCD-F930-4B79-98E0-8BA21F87B190}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{E65413C9-8482-426E-8BDC-444A37252E14}" = lport=10244 | protocol=6 | dir=in | app=system |
"{EB081A00-2E6D-42B6-88FE-1CAA112690C0}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{F3B9912E-CB9A-4614-96DC-5CED0E5391EE}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{F8C32060-E8F7-48E0-BBA2-4EBAB856A771}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FCA90AE8-7D55-45FB-97F9-2CE449CBBCBB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F9B129-D974-445A-B93B-D09188499BF9}" = protocol=6 | dir=in | app=d:\tomtomhome2\tomtomhome.exe |
"{061448A8-D7BD-4E0E-9D10-AAD18F809536}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{0BA49DF1-EFD1-4387-990B-607B41704021}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0D66A5CE-1D70-4170-9CB4-4C6E52DFB370}" = protocol=6 | dir=out | app=system |
"{129E9A15-2298-4E14-8288-161C234779F8}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe |
"{21FF1FE9-6865-444B-BA04-A6A44CB9F252}" = protocol=17 | dir=in | app=d:\tomtomhome2\poiedit_manager\mypoimanager.exe |
"{2D9E6E6A-50EA-457B-AD78-FA03FB684177}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\brscutil.exe |
"{2FBBF694-28D3-4284-B0CC-0AB47C6E2C82}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{330257D6-9A31-4119-B667-D08D756D7085}" = protocol=17 | dir=in | app=c:\samsungpcstudio\npsvsvr.exe |
"{48CFC94D-CB23-4453-B885-DFF56BB86311}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4BEC356E-E2C1-4A13-B200-C62CC3C30E6F}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe |
"{51C8DF18-FA0D-44BE-AB89-EECCF1386C00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{53B6C5CD-7CDE-43EA-91D9-F6E9049E4ECC}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{578FF1AE-1352-414C-B248-3F11F9D89768}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58AE3C15-D734-475E-B8FC-1E35244631D6}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{640A1E0F-C651-4DEB-B6BC-A597EC0366D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{67495994-3D57-45AD-99E5-F876E6ED9251}" = protocol=6 | dir=in | app=c:\program files\bluetooth\bluesoleil\bluesoleilcs.exe |
"{6E5B5AED-9138-4DBB-BAD7-39B71CF6E50C}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{72D4842D-3AA8-45F2-8831-CDBD907E8FCB}" = protocol=6 | dir=in | app=c:\samsungpcstudio\npsasvr.exe |
"{7ADACCB9-D490-4A00-BE2F-E8B34D72B14F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D8EFE8A-946A-4A78-9531-A3DF6BB93E1E}" = protocol=17 | dir=in | app=c:\samsungpcstudio\npsasvr.exe |
"{89796D89-7A77-4606-9BFE-B58466D7E0DD}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{8ABAD532-2E0A-4377-8BC4-5610B2C70333}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{8B817D20-54B0-45DE-843F-0F281FCA164E}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{9011EFBE-062A-4A51-8677-E14FC1F6C79F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92FC1989-9FA6-43DD-B5BA-F8777DA8B00C}" = protocol=6 | dir=in | app=c:\samsungpcstudio\npsvsvr.exe |
"{9DA26198-5291-4193-AF86-32BC3DA86B3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A04FC023-9260-44FB-B0FB-B952913B74B8}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{A28E5E8B-BFF9-471A-9FC8-F95884E1A534}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A6C3BAA6-ECF4-48F8-935E-5585911BFEF7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A875B7E5-CBCB-462C-B201-02E93795BDF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A880D1BD-E4C2-4395-956B-47191C9B6FF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B605D757-A24C-42DA-AF7A-EDF9119D894B}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{B7333AE9-40C6-47E7-AAC2-995DFA667ED5}" = protocol=17 | dir=in | app=c:\program files\bluetooth\bluesoleil\bluesoleilcs.exe |
"{BAEE77E4-6A1D-4718-B71C-8B3200FAED4B}" = protocol=6 | dir=out | app=system |
"{C5BBC0BC-B1BC-4C43-B79C-8B6C7DF772D5}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\brscutil.exe |
"{CC1A7A39-98E9-4B54-8A87-81A4BADF076A}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{CCA8B261-FA02-462C-B24F-A235866ACFA6}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{CD5BA620-BBF7-4E39-9BE7-8F8CD75A8285}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CF15445A-D749-4212-8F97-9B53CD9E02E9}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{D2608DCF-496E-4195-9401-443A6546E323}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{D458574E-B561-47D6-91DA-6CB76C753BF7}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{D82C0AFA-C4F2-49C2-AE8A-FFB620876E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D98C0201-96E9-435E-B23B-7E93CFFDAE12}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DB99AF0B-C3D8-401B-B8BC-1C2295FCC341}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe |
"{DC79FC36-D44B-4BAE-A0D0-4DB263B463E0}" = protocol=6 | dir=in | app=d:\tomtomhome2\poiedit_manager\mypoimanager.exe |
"{E45F3597-42AA-43D9-A6F7-51B241D9E052}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{E6FDAD51-1A6F-45EF-A3D4-693717285F07}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe |
"{EB31F3E6-FF20-4BB4-96F2-2D023D0A41F5}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{EC24C1D2-EE8C-4F73-9EE9-BDC524BB40AB}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{F1595F83-DF99-4447-8B1B-FFEBA7E9B741}" = protocol=17 | dir=in | app=d:\tomtomhome2\tomtomhome.exe |
"TCP Query User{3833217A-A628-4F50-B4BD-2AA969E72101}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{52916C38-8E63-4C18-B33E-8D08B2454004}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{6C0A8F47-5A72-4BE8-B6AD-BA04FA21881D}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{A8C79AB3-A44A-4CDD-8951-384CABB6C8A1}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F4B8FEE7-AB6B-47C8-B9CA-5F2F91C1A345}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{735BC4B5-1451-44DE-A389-EA3B025E28E1}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{CCE84ADA-E91A-4123-AC86-8FFE465C7E36}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{DEB7E2CB-8C1D-4B69-AA44-140688BCB941}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{E91B5EB6-BA5F-4722-81B2-2E517B6C1B7D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{F9F70862-719D-4CB0-9786-4137A5D58F18}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}" = MyPoi Manager
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Bison Webcam
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{4EF42AFA-60CB-4745-84FF-C744FF7FAAC4}" = calibre
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73DB9180-4D0C-11DF-A8BB-005056C00008}" =  WD Align System Utility 2.0 (Retail) - Powered By Paragon™ 
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C873AD-946A-4629-92AE-B153FEA8A989}" = locr GPS Photo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90260407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7D5787B-3A91-4433-A753-CFE520671683}" = Acronis True Image WD Edition
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E239F8B2-AE00-467D-9F05-47C8E1FAAFA7}" = WD Align - Powered by Acronis
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E934E2A2-BE3B-4C1A-A3D9-753FFB2B38B4}" = WD Drive Manager (x86)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"AVerMedia A827 series driver" = AVerMedia A827 series driver 1.0.0.88
"AVerMedia MCE Encoder x86" = AVerMedia MCE Encoder x86 3.0.1.5
"AVerMedia Media Center Plug-ins" = AVerMedia Media Center Plug-ins 20.09.02.02
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Digital Editions" = Adobe Digital Editions
"FinePrint" = FinePrint
"GNU Aspell_is1" = GNU Aspell 0.50-3
"InfraRecorder" = InfraRecorder
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IsoBuster_is1" = IsoBuster 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MaxPunkte_is1" = MaxPunkte Ver. 6.2.5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"pdfFactory Pro" = pdfFactory Pro
"PhotoZoom Classic 2" = BenVista PhotoZoom Classic 2.0
"ProInst" = Intel PROSet Wireless
"Recuva" = Recuva
"Send To Toys_is1" = Send To Toys v2.5
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SnadBoy's Revelation v2" = SnadBoy's Revelation v2
"TomTom HOME" = TomTom HOME 2.8.2.2264
"UltraISO_is1" = UltraISO Premium V9.36
"VLC media player" = VLC media player 1.0.1
"X10Hardware" = X10 Hardware(TM)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.09.2011 09:20:56 | Computer Name = comp* | Source = WinMgmt | ID = 10
Description =
 
Error - 02.09.2011 09:21:13 | Computer Name = comp* | Source = EventSystem | ID = 4609
Description =
 
Error - 02.09.2011 09:54:36 | Computer Name = comp* | Source = LCSVRHIS | ID = 1
Description =
 
Error - 02.09.2011 09:54:57 | Computer Name = comp* | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 02.09.2011 09:55:05 | Computer Name = comp* | Source = WinMgmt | ID = 10
Description =
 
Error - 02.09.2011 09:55:31 | Computer Name = comp* | Source = Windows Search Service | ID = 1006
Description =
 
Error - 02.09.2011 09:56:37 | Computer Name = comp* | Source = Windows Search Service | ID = 1006
Description =
 
Error - 02.09.2011 09:58:37 | Computer Name = comp* | Source = Windows Search Service | ID = 1006
Description =
 
Error - 02.09.2011 09:58:37 | Computer Name = comp* | Source = Windows Search Service | ID = 3026
Description =
 
Error - 02.09.2011 09:59:29 | Computer Name = comp* | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ System Events ]
Error - 02.09.2011 09:21:13 | Computer Name = comp* | Source = DCOM | ID = 10005
Description =
 
Error - 02.09.2011 09:21:15 | Computer Name = comp* | Source = DCOM | ID = 10005
Description =
 
Error - 02.09.2011 09:55:06 | Computer Name = comp* | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02.09.2011 09:55:06 | Computer Name = comp* | Source = Service Control Manager | ID = 7026
Description =
 
Error - 02.09.2011 09:55:55 | Computer Name = comp* | Source = Service Control Manager | ID = 7024
Description =
 
Error - 02.09.2011 09:55:55 | Computer Name = comp* | Source = Service Control Manager | ID = 7031
Description =
 
Error - 02.09.2011 09:56:38 | Computer Name = comp* | Source = Service Control Manager | ID = 7024
Description =
 
Error - 02.09.2011 09:56:38 | Computer Name = comp* | Source = Service Control Manager | ID = 7031
Description =
 
Error - 02.09.2011 09:58:38 | Computer Name = comp* | Source = Service Control Manager | ID = 7024
Description =
 
Error - 02.09.2011 09:58:38 | Computer Name = comp* | Source = Service Control Manager | ID = 7034
Description =
 
 
< End of report >
--- --- ---

[/code]

nun ccleaner prg´s

Code:

 WD Align System Utility 2.0 (Retail) - Powered By Paragon™          Paragon Software        13.09.2010        43,1MB        90.00.0003
7-Zip 4.65                25.08.2009        4,28MB       
Acronis True Image WD Edition        Acronis        13.09.2010        118,3MB        13.0.14010
Adobe Digital Editions                29.07.2011        9,42MB       
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        16.06.2011                10.3.181.26
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        12.07.2011                10.3.181.26
Adobe Reader 9.4.5 - Deutsch        Adobe Systems Incorporated        12.07.2011                9.4.5
Adobe SVG Viewer 3.0                01.12.2009        3,22MB        3.0
Aspell English Dictionary-0.50-2        GNU        05.10.2010        13,4MB       
Aspell German Dictionary-0.50-2        GNU        05.10.2010        13,4MB       
AVerMedia A827 series driver 1.0.0.88        AVerMedia TECHNOLOGIES, Inc.        25.08.2009        1,26MB        1.0.0.88
AVerMedia MCE Encoder x86 3.0.1.5        AVerMedia Technologies, Inc.        25.08.2009        0,50MB        3.0.1.5
AVerMedia Media Center Plug-ins 20.09.02.02        AVerMedia TECHNOLOGIES, Inc.        25.08.2009        2,66MB        20.09.02.02
AVerTV        AVerMedia Technologies, Inc.        25.08.2009        55,8MB        6.0.18
Avira AntiVir Premium        Avira GmbH        11.07.2011        75,6MB        10.2.0.719
Azurewave Wireless LAN        RaLink        30.09.2009        2,42MB        1.00.0000
BenVista PhotoZoom Classic 2.0        BenVista Ltd        24.08.2011        6,95MB        2.0
Bison Webcam        Bison Webcam        25.08.2009        5,39MB        7.96.701.12a
Brother MFL-Pro Suite MFC-490CW        Brother Industries, Ltd.        25.08.2009        9,67MB        1.1.5.0
calibre        Kovid Goyal        20.08.2011        119,7MB        0.8.15
CCleaner        Piriform        01.09.2011        1,96MB        3.10
Compatibility Pack für 2007 Office System        Microsoft Corporation        16.06.2011                12.0.6425.1000
Defraggler        Piriform        23.05.2011        2,13MB        2.05
ElsaWin                01.12.2009        8.040MB       
FinePrint                25.08.2009               
GNU Aspell 0.50-3        GNU        05.10.2010        13,4MB       
Google Earth        Google        28.09.2010        85,4MB        5.2.1.1588
HP USB Disk Storage Format Tool                28.09.2010        0,61MB       
InfraRecorder                08.09.2010        6,27MB       
Intel(R) Matrix Storage Manager        Intel Corporation        24.08.2009        8,99MB       
Intel(R) PROSet/Wireless WiFi Software        Intel(R) Corporation        27.09.2009        78,9MB        12.00.0004
IsoBuster 2.0        Smart Projects        14.09.2010        5,51MB        2.0
Java(TM) 6 Update 22        Sun Microsystems, Inc.        19.09.2010        94,5MB        6.0.220
locr GPS Photo        locr        20.03.2010        0,41MB        1.2.3
Malwarebytes' Anti-Malware Version 1.51.1.1800        Malwarebytes Corporation        01.09.2011        4,40MB        1.51.1.1800
MaxPunkte Ver. 6.2.5                27.06.2010        10,9MB       
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        25.08.2009        37,0MB       
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        25.08.2009        37,0MB       
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        25.06.2010        70,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        25.06.2010        14,7MB        4.0.30319
Microsoft .NET Framework 4 Extended        Microsoft Corporation        24.08.2011        19,4MB        4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        24.08.2011        3,91MB        4.0.30319
Microsoft Office XP Professional mit FrontPage        Microsoft Corporation        16.06.2011                10.0.6626.0
Microsoft Office XP Web Components        Microsoft Corporation        15.09.2010                10.0.6626.0
Microsoft Silverlight        Microsoft Corporation        16.06.2011                4.0.60531.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        25.08.2009        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        16.06.2011        0,29MB        8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        25.08.2009        0,19MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        16.04.2011        0,58MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        16.09.2010        1,41MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        24.08.2009        0,58MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        16.06.2011        0,58MB        9.0.30729.6161
Mobile Partner        Huawei Technologies Co.,Ltd        05.01.2011                11.302.09.04.528
Mozilla Firefox (3.6.17)        Mozilla        23.05.2011        19,0MB        3.6.17 (de)
MSXML 4.0 SP2 (KB927978)        Microsoft Corporation        14.07.2010        34,00KB        4.20.9841.0
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        14.07.2010        34,00KB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        14.07.2010        1,34MB        4.20.9876.0
MyPoi Manager        MyPoi World        04.04.2011        23,5MB        1.6.0.90
Nokia Connectivity Cable Driver        Nokia        22.03.2011        3,27MB        7.1.36.0
Nokia Map Loader        Nokia        14.07.2010        4,05MB        3.0.28
Nokia PC Suite        Nokia        22.03.2011        28,7MB        7.1.60.0
Nokia Software Updater        Nokia Corporation        04.08.2011        45,4MB        02.06.006.44298
Notepad++                05.10.2010        5,85MB        5.8.1
NVIDIA Drivers        NVIDIA Corporation        25.08.2009                1.4
PC Connectivity Solution        Nokia        22.03.2011        12,9MB        10.50.2.0
pdfFactory Pro                25.08.2009               
Realtek 8169 8168 8101E 8102E Ethernet Driver        Realtek        25.08.2009        1,67MB        1.00.0000
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        25.08.2009        9,29MB        6.0.1.5730
Realtek USB 2.0 Card Reader        Realtek Semiconductor Corp.        25.08.2009        1,50MB        6.0.6000.20111
Recuva        Piriform        09.11.2010        1,36MB        1.38
Samsung New PC Studio        Samsung Electronics Co., Ltd.        17.03.2011        175,5MB        1.00.0000
SAMSUNG USB Driver for Mobile Phones        SAMSUNG Electronics Co., Ltd.        17.03.2011        20,5MB        1.3.650.0
Samsung_MonSetup        Samsung        16.09.2010        1,78MB        1.00.0000
Send To Toys v2.5        Gabriele Ponti        12.06.2010        1,13MB       
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)                20.03.2010               
SnadBoy's Revelation v2        SnadBoy Software        05.07.2011        0,15MB        2.0.1.100
Spelling Dictionaries Support For Adobe Reader 9        Adobe Systems Incorporated        26.08.2009        29,7MB        9.0.0
TomTom HOME 2.8.2.2264        TomTom        20.06.2011        48,8MB        2.8.2.2264
TomTom HOME Visual Studio Merge Modules        TomTom International B.V.        16.08.2010        1,88MB        1.0.2
UltraISO Premium V9.36                28.09.2010        4,43MB       
VLC media player 1.0.1        VideoLAN Team        25.08.2009        72,7MB        1.0.1
WD Align - Powered by Acronis        Acronis        13.09.2010        47,0MB        1.0.316
WD Drive Manager (x86)        Western Digital        25.08.2009        3,99MB        2.103
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)        Nokia        22.03.2011                08/22/2008 7.0.0.0
X10 Hardware(TM)                29.08.2009        32,00KB
Malwarebytes scan:

Code:

Datenbank Version: 7637

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

02.09.2011 16:59:28
mbam-log-2011-09-02 (16-59-07).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 1079172
Laufzeit: 54 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\System32\D3DX8ab.dll (Trojan.FakeAlert) -> No action taken.
:pfeiff:

sch***e hab in Malwarebytes die falsche Taste erwischt, statt Abwahl die Auswahl entfernen.... :headbang: totalAbsturtz und reboot mit HD- scann...

kira 02.09.2011 19:47
1.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.08 16:56:38 | 000,000,220 | ---- | M] () - L:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autostart.exe
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell - "" = AutoRun
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{50f358ef-916f-11de-88a6-ed56e7bc07ec}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell\AutoRun\command - "" = I:\AutoRun.exe
@Alternate Data Stream - 8747 bytes -> D:\Users\ii\Documents\Clubinfo :::::::: zu OLC Bundesliga.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\ii\Documents\Clubinfo :::::::: von Dieter.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\ii\Documents\Clubinfo ::::::::  Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 8673 bytes -> D:\Users\ii\Documents\Re_ Clubinfo ::::::::  Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\ii\Documents\Offene Rechnung ._. RG_ HM***** - h****@h-*****.com EILT!.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\ii\Documents\Offene Rechnung ._. RG_ HM****** - h***@h-*****.com  EILT!.eml:OECustomProperty
@Alternate Data Stream - 1263 bytes -> D:\Users\ii\Documents\Re_ looking send to Toy vers. for win98.eml:OECustomProperty
@Alternate Data Stream - 1183 bytes -> D:\Users\ii\Documents\Happy-Load.com MAHNUNG - Ihre RechnungsNr_ HM09-****.eml:OECustomProperty
@Alternate Data Stream - 1175 bytes -> D:\Users\ii\Documents\Daten deines Feedback-Formulars.eml:OECustomProperty
@Alternate Data Stream - 1127 bytes -> D:\Users\ii\Documents\******** in Nymphenburg.eml:OECustomProperty
@Alternate Data Stream - 1075 bytes -> D:\Users\ii\Documents\Formular zur Schadenmeldung, H ***-**** .eml:OECustomProperty
@Alternate Data Stream - 1047 bytes -> D:\Users\ii\Documents\AW_ Empting Kontaktformular BIOS Brennservice.eml:OECustomProperty

:Commands
[purity]
[emptytemp]

2.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

4.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?

bodobob 03.09.2011 09:33
Zitat:
Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
Nach der Malwarebytes- Panne versuchte ich nach Neustart nochmal Malwarebytes auszuführen um Änderungen rückgängig zu machen. Malwarebytes blockierte aber Vista kompl./ blieb hängen und rückgängig machen unmöglich (kein Protokoll, keine Quarantäne, etc.). Versuchte dann mit Piriform Recuva (??) die gelöschten Teile wieder zu finden. Danach über Vista- CD "Rep.BootLaufwerk" dann "Wiederherstellung zu früheren Zeitpunkt" (nach Zeitpunkt von BKA- Virus entfernen).

Ingesamt lahmt Vista sehr, auch im abgesicherten Modus ohne Netzwerk, auch nach Wiederherstellung (läuft etwa besser als davor), Malwarebytes startet, aber hängt.
(Bei allen Aktionen war Netzkabel abgesteckt)

Muß bei dem Otl-Script erst wieder User(ii) etc. (::) (***) auf Original ändern, oder? :crazy:

Bis So. Abend ist erst mal PC- Pause bei mir. Dann kommt auch Ergebnis Protokoll.

Und :abklatsch: fürs Erste.

Grüsse...

kira 04.09.2011 02:48
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

bodobob 06.09.2011 09:01
hier der neue OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 06.09.2011 08:48:29 - Run 1
OTL by OldTimer - Version 3.2.27.0    Folder = D:\Users\**\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 39,51% Memory free
13,17 Gb Paging File | 11,30 Gb Available in Paging File | 85,80% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,42 Gb Total Space | 39,39 Gb Free Space | 36,67% Space Free | Partition Type: NTFS
Drive D: | 165,87 Gb Total Space | 98,34 Gb Free Space | 59,29% Space Free | Partition Type: NTFS
Drive E: | 20,00 Gb Total Space | 13,42 Gb Free Space | 67,12% Space Free | Partition Type: FAT32
Drive Z: | 1023,00 Mb Total Space | 510,62 Mb Free Space | 49,91% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.06 08:39:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe
PRC - [2011.07.12 03:57:05 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011.07.12 03:57:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.24 09:41:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.05.15 16:14:10 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- D:\TomTomHOME2\TomTomHOMEService.exe
PRC - [2011.03.10 16:34:47 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.04.30 12:16:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:28:10 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.11.03 14:14:12 | 000,217,088 | ---- | M] () -- C:\Programme\BisonCam\BsMnt.exe
PRC - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
PRC - [2008.05.16 17:12:44 | 000,102,400 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008.05.16 17:12:08 | 000,430,080 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.13 10:30:55 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.05.24 09:41:12 | 001,014,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll
MOD - [2010.09.23 02:48:44 | 001,060,864 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\PPKLITE.DEU
MOD - [2009.12.22 00:57:32 | 007,573,504 | ---- | M] () -- c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU
MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Programme\Notepad++\NppShell_01.dll
MOD - [2009.10.03 02:48:16 | 000,106,496 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu
MOD - [2009.10.03 02:45:02 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU
MOD - [2009.02.27 17:40:12 | 001,712,128 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
MOD - [2009.02.27 17:40:10 | 000,274,432 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\DigSig.DEU
MOD - [2009.02.27 17:39:46 | 000,999,424 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Acroform.DEU
MOD - [2009.02.27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2008.11.03 14:14:12 | 000,217,088 | ---- | M] () -- C:\Programme\BisonCam\BsMnt.exe
MOD - [2007.11.16 16:02:18 | 000,479,232 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007.11.16 16:02:18 | 000,401,408 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.12 03:57:05 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.07.12 03:57:05 | 000,340,136 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.07.12 03:57:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.15 16:14:10 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- D:\TomTomHOME2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.06.07 17:48:38 | 000,817,264 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.12.10 02:01:50 | 000,405,504 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008.10.22 04:51:04 | 000,352,256 | ---- | M] (AVerMedia) [Disabled | Stopped] -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008.09.06 01:05:26 | 000,147,456 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm)
SRV - [2008.09.06 01:03:06 | 000,217,088 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis)
SRV - [2008.09.06 01:02:10 | 000,258,048 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrSaz.exe -- (LcSvrSaz)
SRV - [2008.09.06 01:01:26 | 001,306,624 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf)
SRV - [2008.09.06 00:57:04 | 000,368,640 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS)
SRV - [2008.09.06 00:56:36 | 000,241,664 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba)
SRV - [2008.05.16 17:12:44 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 04:25:27 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.11.02 14:36:18 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.12 03:57:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.12 03:57:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.09.14 19:28:38 | 000,594,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010.09.14 19:28:26 | 000,170,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010.08.27 14:53:46 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.08.07 18:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.07.30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.07.30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.07.30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.07.30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.07.27 16:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.07.27 10:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.07.26 13:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.07.26 13:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 04:25:12 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2010.04.27 04:25:12 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2010.04.27 04:25:12 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2010.01.29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Programme\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009.07.01 23:29:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.06.26 15:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.06.17 14:02:46 | 000,029,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.07 17:22:20 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.04 19:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008.11.12 17:24:24 | 000,012,288 | ---- | M] (gavotte) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\rramdisk.sys -- (RRamdisk)
DRV - [2008.09.30 04:29:32 | 000,272,640 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerFx2hbtv.sys -- (AVerFx2hbtv)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2007.03.01 12:12:16 | 000,075,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2007.03.01 12:12:16 | 000,058,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) CP210x USB Composite Device driver (WDM)
DRV - [2007.01.04 11:15:08 | 000,009,336 | ---- | M] (hxxp://www.internals.com) [Kernel | On_Demand | Running] -- C:\Windows\System32\WinIo.sys -- (WINIO)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006.11.02 09:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2005.07.28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D CC EF 8E 5E 6C CC 01  [binary data]
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {ea627165-1724-4db5-ccde-fdc12f45452e}:2.1
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: globefish@projects.6831.courses.csail.mit.edu:1.3.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:4.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.03.23 17:59:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.24 09:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.13 10:27:35 | 000,000,000 | ---D | M]
 
[2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions
[2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.18 17:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.09.06 08:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions
[2011.08.20 21:09:37 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.03.24 02:27:42 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011.08.20 21:10:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.27 22:53:23 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2011.08.20 21:11:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.24 02:27:36 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.08.20 21:09:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.08.10 08:53:29 | 000,000,000 | ---D | M] ("AskForSanitize") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ea627165-1724-4db5-ccde-fdc12f45452e}
[2011.08.20 21:09:52 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011.08.20 21:10:51 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\foxmarks@kei.com
[2011.03.24 02:27:39 | 000,000,000 | ---D | M] (Globefish) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\globefish@projects.6831.courses.csail.mit.edu
[2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011.09.06 08:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.23 17:59:16 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2009.08.26 21:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.24 09:41:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.24 09:41:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.24 09:41:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.24 09:41:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.24 09:41:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BsMnt] C:\Programme\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1132503739-529802008-4276434138-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\MicrosoftOffice\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: Domain = HAUS
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EE0A647-B058-4D3A-8150-5D95B3474696}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF3540EE-94F0-4C8C-A2FD-34CC2A420F61}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - d:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Users\**\Pictures\57260046-gleitschirmflieger.jpg
O24 - Desktop BackupWallPaper: D:\Users\**\Pictures\57260046-gleitschirmflieger.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell - "" = AutoRun
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{50f358ef-916f-11de-88a6-ed56e7bc07ec}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.06 08:39:21 | 000,581,120 | ---- | C] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe
[2011.09.02 23:17:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.09.02 23:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwarebytesAnti-Malware
[2011.09.02 23:16:57 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.02 15:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.09.02 15:39:17 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\Malwarebytes
[2011.09.02 15:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.02 15:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\MalwarebytesAnti-Malware
[2011.09.01 14:10:45 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011.08.25 15:31:38 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\InstallPad
[2011.08.25 14:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_BilderGrafikVideoTools
[2011.08.25 14:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoZoomClassic2
[2011.08.24 18:52:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.08.21 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\calibre
[2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2011.08.21 00:49:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.08.18 06:05:44 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.18 06:05:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.08.18 06:05:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.08.18 06:05:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.08.18 06:05:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.08.18 06:05:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.08.18 06:05:31 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.18 06:05:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.18 06:05:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.08.18 06:05:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.08.18 06:05:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.08.18 06:05:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.08.18 06:05:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.08.18 06:05:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.08.18 06:05:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.08.18 06:05:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.08.18 06:05:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.08.18 06:05:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.08.18 06:05:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.08.18 06:05:25 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.18 06:05:24 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.06 08:39:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe
[2011.09.06 08:39:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.06 08:29:36 | 000,723,918 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.06 08:29:36 | 000,675,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.06 08:29:36 | 000,161,350 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.06 08:29:36 | 000,132,300 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.06 08:26:11 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4DA7EAA1-8D17-4D51-8D71-418E4A094BF9}.job
[2011.09.06 08:22:26 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.09.06 08:21:50 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.09.06 08:21:43 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.06 08:21:37 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile
[2011.09.06 08:21:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.06 08:21:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.06 08:21:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.03 07:26:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.09.02 23:17:01 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.02 15:49:28 | 000,001,356 | ---- | M] () -- C:\Users\**\AppData\Local\d3d9caps.dat
[2011.09.01 13:36:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2F048F96-C6FC-425D-9EF5-D520D5E145A3}.job
[2011.09.01 13:35:34 | 000,254,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.08.25 14:39:10 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk
[2011.08.24 20:34:45 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume D Task.job
[2011.08.24 20:34:43 | 000,003,126 | ---- | M] () -- C:\scheduler.hist
[2011.08.24 19:03:38 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job
[2011.08.23 16:01:03 | 000,000,993 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2011.08.21 17:38:09 | 000,010,752 | ---- | M] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.21 16:33:28 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011.08.20 22:03:40 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.02 23:17:01 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.25 14:39:10 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk
[2011.08.21 16:33:28 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011.08.20 22:03:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.07.11 14:23:50 | 000,000,136 | ---- | C] () -- C:\Users\**\AppData\Local\OwnNote.vnt
[2011.06.02 17:43:59 | 000,026,340 | ---- | C] () -- C:\Users\**\AppData\Roaming\UserTile.png
[2011.05.19 20:27:11 | 000,127,425 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0041.jpg
[2011.05.19 20:27:07 | 000,139,674 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0042.jpg
[2011.05.19 20:27:04 | 000,114,262 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0043.jpg
[2011.05.19 20:27:01 | 000,157,508 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0044.jpg
[2011.05.19 20:26:57 | 000,120,206 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0045.jpg
[2011.04.05 15:01:07 | 000,000,272 | ---- | C] () -- C:\Windows\{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}_WiseFW.ini
[2011.03.18 03:46:18 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.03.18 03:46:18 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.12 19:19:56 | 000,000,036 | ---- | C] () -- C:\Users\**\AppData\Local\housecall.guid.cache
[2010.04.19 22:50:46 | 000,495,616 | ---- | C] () -- C:\Windows\System32\D3DX8ab.dll
[2009.12.03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.17 00:37:57 | 000,468,084 | ---- | C] () -- C:\Windows\cluninst.exe
[2009.11.17 00:34:42 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini
[2009.09.17 10:52:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 10:52:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.30 21:04:54 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.08.30 03:45:45 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2009.08.30 02:33:56 | 000,090,112 | ---- | C] () -- C:\Windows\SendToClip.exe
[2009.08.26 17:05:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll
[2009.08.26 17:05:16 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys
[2009.08.26 17:05:05 | 000,565,248 | ---- | C] () -- C:\Windows\System32\sptlib21.dll
[2009.08.26 17:05:05 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll
[2009.08.26 17:05:05 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll
[2009.08.26 17:05:04 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll
[2009.08.26 17:05:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll
[2009.08.26 17:05:04 | 000,245,760 | ---- | C] () -- C:\Windows\System32\sptlib03.dll
[2009.08.26 17:05:04 | 000,241,664 | ---- | C] () -- C:\Windows\System32\sptlib02.dll
[2009.08.26 12:53:28 | 000,000,928 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.26 11:56:47 | 000,000,993 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009.08.26 11:56:47 | 000,000,157 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009.08.26 11:56:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.08.26 11:56:08 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.08.26 11:54:31 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2009.08.26 11:54:18 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009.08.26 11:54:17 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009.08.26 11:54:15 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009.08.26 09:36:32 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009.08.26 03:34:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.08.26 01:27:16 | 000,010,752 | ---- | C] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.25 20:21:56 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009.08.25 19:29:32 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.25 18:50:13 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.25 18:36:28 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009.08.25 14:57:02 | 000,001,356 | ---- | C] () -- C:\Users\**\AppData\Local\d3d9caps.dat
[2009.06.17 14:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008.01.21 09:15:58 | 000,723,918 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,161,350 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,254,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,675,242 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,132,300 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009.12.20 00:24:27 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Awem
[2011.08.22 12:18:24 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\calibre
[2011.03.03 00:34:40 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Nokia
[2010.10.06 21:52:21 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Notepad++
[2010.10.16 13:25:02 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PC Suite
[2011.08.04 16:54:38 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PC-FAX TX
[2009.12.19 23:17:56 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Peace Craft
[2010.06.13 09:39:15 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PeerNetworking
[2010.02.20 22:36:25 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PlayFirst
[2011.03.31 15:16:20 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Samsung
[2011.08.29 01:00:05 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Thunderbird
[2010.08.17 10:20:19 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\TomTom
[2010.02.16 22:34:11 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Zylom
[2010.09.14 23:34:54 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Acronis
[2011.08.21 17:33:10 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\calibre
[2010.02.18 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\FairyTale
[2010.09.14 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\InfraRecorder
[2011.08.25 15:31:38 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\InstallPad
[2010.07.28 11:32:50 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Nokia
[2011.09.03 00:09:25 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Notepad++
[2010.07.13 12:33:46 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PC Suite
[2010.08.19 20:58:33 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PC-FAX TX
[2011.06.02 17:43:59 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PeerNetworking
[2010.01.30 21:12:39 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Playrix Entertainment
[2011.03.18 03:45:56 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Samsung
[2009.11.08 22:29:34 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\SecretIslandDeuBF
[2010.08.18 17:32:57 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\TomTom
[2009.11.08 21:22:31 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\YoudaGames
[2011.08.24 19:03:38 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume C Task.job
[2011.08.24 20:34:45 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume D Task.job
[2011.09.06 04:36:26 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.01 13:36:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2F048F96-C6FC-425D-9EF5-D520D5E145A3}.job
[2011.09.06 08:26:11 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4DA7EAA1-8D17-4D51-8D71-418E4A094BF9}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 8747 bytes -> D:\Users\**\Documents\Clubinfo rrrr zu OLC Bundesliga.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\**\Documents\Clubinfo rrrr von Dieter.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\**\Documents\Clubinfo rrrr  Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 8673 bytes -> D:\Users\**\Documents\Re_ Clubinfo rrrr  Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\**\Documents\Offene Rechnung ._. RG_ HM,, - <<<@###.com EILT!.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\**\Documents\Offene Rechnung ._. RG_ HM,, - <<<@###.com  EILT!.eml:OECustomProperty
@Alternate Data Stream - 1263 bytes -> D:\Users\**\Documents\Re_ looking send to Toy vers. for win98.eml:OECustomProperty
@Alternate Data Stream - 1183 bytes -> D:\Users\**\Documents\Happy-Load.com MAHNUNG - Ihre RechnungsNr_ HM,,,.eml:OECustomProperty
@Alternate Data Stream - 1175 bytes -> D:\Users\**\Documents\Daten deines Feedback-Formulars.eml:OECustomProperty
@Alternate Data Stream - 1127 bytes -> D:\Users\**\Documents\Fenster putzen in Nymphenburg.eml:OECustomProperty
@Alternate Data Stream - 1075 bytes -> D:\Users\**\Documents\Formular zur Schadenmeldung, H µµµµµ .eml:OECustomProperty
@Alternate Data Stream - 1047 bytes -> D:\Users\**\Documents\AW_ SSSSS Kontaktformular BIOS Brennservice.eml:OECustomProperty

< End of report >
--- --- ---


next...

bodobob 06.09.2011 09:04
hier der neue OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 06.09.2011 08:48:29 - Run 1
OTL by OldTimer - Version 3.2.27.0    Folder = D:\Users\**\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 39,51% Memory free
13,17 Gb Paging File | 11,30 Gb Available in Paging File | 85,80% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,42 Gb Total Space | 39,39 Gb Free Space | 36,67% Space Free | Partition Type: NTFS
Drive D: | 165,87 Gb Total Space | 98,34 Gb Free Space | 59,29% Space Free | Partition Type: NTFS
Drive E: | 20,00 Gb Total Space | 13,42 Gb Free Space | 67,12% Space Free | Partition Type: FAT32
Drive Z: | 1023,00 Mb Total Space | 510,62 Mb Free Space | 49,91% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.06 08:39:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe
PRC - [2011.07.12 03:57:05 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011.07.12 03:57:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.24 09:41:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.05.15 16:14:10 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- D:\TomTomHOME2\TomTomHOMEService.exe
PRC - [2011.03.10 16:34:47 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.04.30 12:16:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:28:10 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.11.03 14:14:12 | 000,217,088 | ---- | M] () -- C:\Programme\BisonCam\BsMnt.exe
PRC - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
PRC - [2008.05.16 17:12:44 | 000,102,400 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008.05.16 17:12:08 | 000,430,080 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.13 10:30:55 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.05.24 09:41:12 | 001,014,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll
MOD - [2010.09.23 02:48:44 | 001,060,864 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\PPKLITE.DEU
MOD - [2009.12.22 00:57:32 | 007,573,504 | ---- | M] () -- c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU
MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Programme\Notepad++\NppShell_01.dll
MOD - [2009.10.03 02:48:16 | 000,106,496 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu
MOD - [2009.10.03 02:45:02 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU
MOD - [2009.02.27 17:40:12 | 001,712,128 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
MOD - [2009.02.27 17:40:10 | 000,274,432 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\DigSig.DEU
MOD - [2009.02.27 17:39:46 | 000,999,424 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Acroform.DEU
MOD - [2009.02.27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2008.11.03 14:14:12 | 000,217,088 | ---- | M] () -- C:\Programme\BisonCam\BsMnt.exe
MOD - [2007.11.16 16:02:18 | 000,479,232 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007.11.16 16:02:18 | 000,401,408 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.12 03:57:05 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.07.12 03:57:05 | 000,340,136 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.07.12 03:57:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.15 16:14:10 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- D:\TomTomHOME2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.06.07 17:48:38 | 000,817,264 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.12.10 02:01:50 | 000,405,504 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008.10.22 04:51:04 | 000,352,256 | ---- | M] (AVerMedia) [Disabled | Stopped] -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008.09.06 01:05:26 | 000,147,456 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm)
SRV - [2008.09.06 01:03:06 | 000,217,088 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis)
SRV - [2008.09.06 01:02:10 | 000,258,048 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrSaz.exe -- (LcSvrSaz)
SRV - [2008.09.06 01:01:26 | 001,306,624 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf)
SRV - [2008.09.06 00:57:04 | 000,368,640 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS)
SRV - [2008.09.06 00:56:36 | 000,241,664 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba)
SRV - [2008.05.16 17:12:44 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 04:25:27 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.11.02 14:36:18 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.12 03:57:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.12 03:57:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.09.14 19:28:38 | 000,594,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010.09.14 19:28:26 | 000,170,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010.08.27 14:53:46 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.08.07 18:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.07.30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.07.30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.07.30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.07.30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.07.27 16:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.07.27 10:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.07.26 13:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.07.26 13:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 04:25:12 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2010.04.27 04:25:12 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2010.04.27 04:25:12 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2010.01.29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Programme\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009.07.01 23:29:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.06.26 15:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.06.17 14:02:46 | 000,029,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.07 17:22:20 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.04 19:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008.11.12 17:24:24 | 000,012,288 | ---- | M] (gavotte) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\rramdisk.sys -- (RRamdisk)
DRV - [2008.09.30 04:29:32 | 000,272,640 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerFx2hbtv.sys -- (AVerFx2hbtv)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2007.03.01 12:12:16 | 000,075,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2007.03.01 12:12:16 | 000,058,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) CP210x USB Composite Device driver (WDM)
DRV - [2007.01.04 11:15:08 | 000,009,336 | ---- | M] (hxxp://www.internals.com) [Kernel | On_Demand | Running] -- C:\Windows\System32\WinIo.sys -- (WINIO)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006.11.02 09:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2005.07.28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D CC EF 8E 5E 6C CC 01  [binary data]
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {ea627165-1724-4db5-ccde-fdc12f45452e}:2.1
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: globefish@projects.6831.courses.csail.mit.edu:1.3.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:4.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.03.23 17:59:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.24 09:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.13 10:27:35 | 000,000,000 | ---D | M]
 
[2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions
[2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.18 17:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.09.06 08:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions
[2011.08.20 21:09:37 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.03.24 02:27:42 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011.08.20 21:10:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.27 22:53:23 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2011.08.20 21:11:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.24 02:27:36 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.08.20 21:09:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.08.10 08:53:29 | 000,000,000 | ---D | M] ("AskForSanitize") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ea627165-1724-4db5-ccde-fdc12f45452e}
[2011.08.20 21:09:52 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011.08.20 21:10:51 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\foxmarks@kei.com
[2011.03.24 02:27:39 | 000,000,000 | ---D | M] (Globefish) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\globefish@projects.6831.courses.csail.mit.edu
[2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011.09.06 08:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.23 17:59:16 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2009.08.26 21:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.24 09:41:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.24 09:41:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.24 09:41:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.24 09:41:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.24 09:41:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BsMnt] C:\Programme\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1132503739-529802008-4276434138-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\MicrosoftOffice\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: Domain = HAUS
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EE0A647-B058-4D3A-8150-5D95B3474696}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF3540EE-94F0-4C8C-A2FD-34CC2A420F61}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - d:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Users\**\Pictures\57260046-gleitschirmflieger.jpg
O24 - Desktop BackupWallPaper: D:\Users\**\Pictures\57260046-gleitschirmflieger.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell - "" = AutoRun
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{50f358ef-916f-11de-88a6-ed56e7bc07ec}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.06 08:39:21 | 000,581,120 | ---- | C] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe
[2011.09.02 23:17:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.09.02 23:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwarebytesAnti-Malware
[2011.09.02 23:16:57 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.02 15:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.09.02 15:39:17 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\Malwarebytes
[2011.09.02 15:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.02 15:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\MalwarebytesAnti-Malware
[2011.09.01 14:10:45 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011.08.25 15:31:38 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\InstallPad
[2011.08.25 14:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_BilderGrafikVideoTools
[2011.08.25 14:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoZoomClassic2
[2011.08.24 18:52:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.08.21 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\calibre
[2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2011.08.21 00:49:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.08.18 06:05:44 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.18 06:05:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.08.18 06:05:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.08.18 06:05:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.08.18 06:05:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.08.18 06:05:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.08.18 06:05:31 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.18 06:05:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.18 06:05:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.08.18 06:05:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.08.18 06:05:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.08.18 06:05:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.08.18 06:05:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.08.18 06:05:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.08.18 06:05:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.08.18 06:05:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.08.18 06:05:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.08.18 06:05:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.08.18 06:05:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.08.18 06:05:25 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.18 06:05:24 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.06 08:39:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe
[2011.09.06 08:39:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.06 08:29:36 | 000,723,918 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.06 08:29:36 | 000,675,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.06 08:29:36 | 000,161,350 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.06 08:29:36 | 000,132,300 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.06 08:26:11 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4DA7EAA1-8D17-4D51-8D71-418E4A094BF9}.job
[2011.09.06 08:22:26 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.09.06 08:21:50 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.09.06 08:21:43 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.06 08:21:37 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile
[2011.09.06 08:21:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.06 08:21:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.06 08:21:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.03 07:26:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.09.02 23:17:01 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.02 15:49:28 | 000,001,356 | ---- | M] () -- C:\Users\**\AppData\Local\d3d9caps.dat
[2011.09.01 13:36:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2F048F96-C6FC-425D-9EF5-D520D5E145A3}.job
[2011.09.01 13:35:34 | 000,254,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.08.25 14:39:10 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk
[2011.08.24 20:34:45 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume D Task.job
[2011.08.24 20:34:43 | 000,003,126 | ---- | M] () -- C:\scheduler.hist
[2011.08.24 19:03:38 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job
[2011.08.23 16:01:03 | 000,000,993 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2011.08.21 17:38:09 | 000,010,752 | ---- | M] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.21 16:33:28 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011.08.20 22:03:40 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.02 23:17:01 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.25 14:39:10 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk
[2011.08.21 16:33:28 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011.08.20 22:03:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.07.11 14:23:50 | 000,000,136 | ---- | C] () -- C:\Users\**\AppData\Local\OwnNote.vnt
[2011.06.02 17:43:59 | 000,026,340 | ---- | C] () -- C:\Users\**\AppData\Roaming\UserTile.png
[2011.05.19 20:27:11 | 000,127,425 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0041.jpg
[2011.05.19 20:27:07 | 000,139,674 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0042.jpg
[2011.05.19 20:27:04 | 000,114,262 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0043.jpg
[2011.05.19 20:27:01 | 000,157,508 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0044.jpg
[2011.05.19 20:26:57 | 000,120,206 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0045.jpg
[2011.04.05 15:01:07 | 000,000,272 | ---- | C] () -- C:\Windows\{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}_WiseFW.ini
[2011.03.18 03:46:18 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.03.18 03:46:18 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.12 19:19:56 | 000,000,036 | ---- | C] () -- C:\Users\**\AppData\Local\housecall.guid.cache
[2010.04.19 22:50:46 | 000,495,616 | ---- | C] () -- C:\Windows\System32\D3DX8ab.dll
[2009.12.03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.17 00:37:57 | 000,468,084 | ---- | C] () -- C:\Windows\cluninst.exe
[2009.11.17 00:34:42 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini
[2009.09.17 10:52:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 10:52:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.30 21:04:54 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.08.30 03:45:45 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2009.08.30 02:33:56 | 000,090,112 | ---- | C] () -- C:\Windows\SendToClip.exe
[2009.08.26 17:05:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll
[2009.08.26 17:05:16 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys
[2009.08.26 17:05:05 | 000,565,248 | ---- | C] () -- C:\Windows\System32\sptlib21.dll
[2009.08.26 17:05:05 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll
[2009.08.26 17:05:05 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll
[2009.08.26 17:05:04 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll
[2009.08.26 17:05:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll
[2009.08.26 17:05:04 | 000,245,760 | ---- | C] () -- C:\Windows\System32\sptlib03.dll
[2009.08.26 17:05:04 | 000,241,664 | ---- | C] () -- C:\Windows\System32\sptlib02.dll
[2009.08.26 12:53:28 | 000,000,928 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.26 11:56:47 | 000,000,993 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009.08.26 11:56:47 | 000,000,157 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009.08.26 11:56:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.08.26 11:56:08 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.08.26 11:54:31 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2009.08.26 11:54:18 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009.08.26 11:54:17 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009.08.26 11:54:15 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009.08.26 09:36:32 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009.08.26 03:34:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.08.26 01:27:16 | 000,010,752 | ---- | C] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.25 20:21:56 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009.08.25 19:29:32 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.25 18:50:13 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.25 18:36:28 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009.08.25 14:57:02 | 000,001,356 | ---- | C] () -- C:\Users\**\AppData\Local\d3d9caps.dat
[2009.06.17 14:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008.01.21 09:15:58 | 000,723,918 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,161,350 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,254,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,675,242 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,132,300 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009.12.20 00:24:27 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Awem
[2011.08.22 12:18:24 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\calibre
[2011.03.03 00:34:40 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Nokia
[2010.10.06 21:52:21 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Notepad++
[2010.10.16 13:25:02 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PC Suite
[2011.08.04 16:54:38 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PC-FAX TX
[2009.12.19 23:17:56 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Peace Craft
[2010.06.13 09:39:15 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PeerNetworking
[2010.02.20 22:36:25 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PlayFirst
[2011.03.31 15:16:20 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Samsung
[2011.08.29 01:00:05 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Thunderbird
[2010.08.17 10:20:19 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\TomTom
[2010.02.16 22:34:11 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Zylom
[2010.09.14 23:34:54 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Acronis
[2011.08.21 17:33:10 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\calibre
[2010.02.18 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\FairyTale
[2010.09.14 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\InfraRecorder
[2011.08.25 15:31:38 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\InstallPad
[2010.07.28 11:32:50 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Nokia
[2011.09.03 00:09:25 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Notepad++
[2010.07.13 12:33:46 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PC Suite
[2010.08.19 20:58:33 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PC-FAX TX
[2011.06.02 17:43:59 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PeerNetworking
[2010.01.30 21:12:39 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Playrix Entertainment
[2011.03.18 03:45:56 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Samsung
[2009.11.08 22:29:34 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\SecretIslandDeuBF
[2010.08.18 17:32:57 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\TomTom
[2009.11.08 21:22:31 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\YoudaGames
[2011.08.24 19:03:38 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume C Task.job
[2011.08.24 20:34:45 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume D Task.job
[2011.09.06 04:36:26 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.01 13:36:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2F048F96-C6FC-425D-9EF5-D520D5E145A3}.job
[2011.09.06 08:26:11 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4DA7EAA1-8D17-4D51-8D71-418E4A094BF9}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 8747 bytes -> D:\Users\**\Documents\Clubinfo rrrr zu OLC Bundesliga.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\**\Documents\Clubinfo rrrr von Dieter.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\**\Documents\Clubinfo rrrr  Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 8673 bytes -> D:\Users\**\Documents\Re_ Clubinfo rrrr  Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\**\Documents\Offene Rechnung ._. RG_ HM,, - <<<@###.com EILT!.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\**\Documents\Offene Rechnung ._. RG_ HM,, - <<<@###.com  EILT!.eml:OECustomProperty
@Alternate Data Stream - 1263 bytes -> D:\Users\**\Documents\Re_ looking send to Toy vers. for win98.eml:OECustomProperty
@Alternate Data Stream - 1183 bytes -> D:\Users\**\Documents\Happy-Load.com MAHNUNG - Ihre RechnungsNr_ HM,,,.eml:OECustomProperty
@Alternate Data Stream - 1175 bytes -> D:\Users\**\Documents\Daten deines Feedback-Formulars.eml:OECustomProperty
@Alternate Data Stream - 1127 bytes -> D:\Users\**\Documents\Fenster putzen in Nymphenburg.eml:OECustomProperty
@Alternate Data Stream - 1075 bytes -> D:\Users\**\Documents\Formular zur Schadenmeldung, H µµµµµ .eml:OECustomProperty
@Alternate Data Stream - 1047 bytes -> D:\Users\**\Documents\AW_ SSSSS Kontaktformular BIOS Brennservice.eml:OECustomProperty

< End of report >
--- --- ---

[/code]

next... egen Fehlermeldungen vom Board...

bodobob 06.09.2011 09:08
-nach Fehlermeldungen vom Board-

und der Extra.txt

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 06.09.2011 08:48:29 - Run 1
OTL by OldTimer - Version 3.2.27.0    Folder = D:\Users\**\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 39,51% Memory free
13,17 Gb Paging File | 11,30 Gb Available in Paging File | 85,80% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,42 Gb Total Space | 39,39 Gb Free Space | 36,67% Space Free | Partition Type: NTFS
Drive D: | 165,87 Gb Total Space | 98,34 Gb Free Space | 59,29% Space Free | Partition Type: NTFS
Drive E: | 20,00 Gb Total Space | 13,42 Gb Free Space | 67,12% Space Free | Partition Type: FAT32
Drive Z: | 1023,00 Mb Total Space | 510,62 Mb Free Space | 49,91% Space Free | Partition Type: FAT32
 
Computer Name: &&& | User Name: ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = Notepad++_file] -- Reg Error: Key error. File not found
.txt [@ = Notepad++_file] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\MicrosoftOffice\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\MicrosoftOffice\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [sendtotoys1add] -- C:\Program Files\SendToToys\SendToAdd.exe "%1" ()
Directory [sendtotoys1remove] -- C:\Program Files\SendToToys\SendToRemove.exe "%1" ()
Directory [sendtotoys2prompt] -- C:\Program Files\SendToToys\SendToCommandPrompt.exe "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1132503739-529802008-4276434138-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FD153E-ABC9-4D1D-B02D-7AA483D575FF}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe |
"{05108C21-5F10-4660-9785-9E31062633A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{058460DE-836F-42EE-83AB-D7D86F043012}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{0B929043-469B-42BD-AFCA-4F610CF5433E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0BEFFBBD-F3F6-412B-B100-8DE3881C686A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{14BCDDB7-930F-4B33-99B2-853127CCD869}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1CE2363F-CD42-452A-95D2-08BB1401E73F}" = rport=139 | protocol=6 | dir=out | app=system |
"{1EF53F87-F7A4-47A0-BED5-7427C675BBEA}" = lport=80 | protocol=6 | dir=in | app=system |
"{1F254634-052C-4E5C-8E2B-3E90338FA69B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{1FBEA8B2-EC99-4529-9553-364973E48D3D}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{27D45B53-572E-4F87-B1B6-155BA3E89846}" = lport=3390 | protocol=6 | dir=in | app=system |
"{29D9C0C3-3FAF-4161-893F-BBF02BA80600}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{2A8D292A-1CBA-44F0-B647-5CEA310F9F3C}" = rport=1723 | protocol=6 | dir=out | app=system |
"{2BD08FD1-EEA6-43B6-BE00-FED5939BC550}" = lport=445 | protocol=6 | dir=in | app=system |
"{31E7ACC9-9DF1-490C-BAB5-688EF5E80670}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4484C1B4-4559-48BD-A5D9-3D1327171609}" = lport=137 | protocol=17 | dir=in | app=system |
"{4519482D-8173-4CBE-9F6B-C69EA2AEDBCF}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{46161930-3601-4F49-A5DA-E07B38B28320}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{4678B9AB-D840-4DD9-96C6-0BE1CDE286DF}" = lport=2178 | protocol=6 | dir=in | app=system |
"{48494A11-6A2C-45DD-BB00-F6C5AFC1816E}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe |
"{4FBED585-FE2C-4F3D-B6C7-C383F4E8F7BC}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{551A8EE4-3437-46D9-8A2A-0F87A0281903}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5A8ED024-5B80-4C86-AB3A-B4FC7A85CD00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5EFBFD02-627B-480D-BD70-02BEEE8FB70F}" = lport=443 | protocol=6 | dir=in | app=system |
"{5F87C055-C165-4547-8A8C-AF0C04CB4F53}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{63FFA390-0919-46F6-9792-7558AD37F7B8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{6406C504-07B0-4743-AD77-AEF287754416}" = lport=445 | protocol=6 | dir=in | app=system |
"{667285AF-530A-44D3-9A61-8F31F6CB0FA9}" = rport=5358 | protocol=6 | dir=out | app=system |
"{67CD9F97-EBED-438C-931D-9BBD6287F964}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{68448D7E-06ED-468C-B63C-09CC640AE162}" = rport=138 | protocol=17 | dir=out | app=system |
"{76116FDB-8392-4850-B620-84BEE0A7E9A0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7AC00DDD-D5BD-4A96-9852-7C2A44EC805C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{7AD4107B-FB47-4CE1-B09E-D1249C549217}" = rport=2178 | protocol=6 | dir=out | app=system |
"{7C6A5727-EE23-448C-AECD-049DC596CA4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7D0887A0-43DE-4B05-B177-A4D86A9EA486}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EB9613C-5826-47C2-9C49-ADA46206BD80}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B1EAC4F-DAEE-402F-80AA-26FC121F6E0B}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{923DC43A-1F0C-4F70-9721-B664A9180A96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{96229ABB-0170-48D7-94BE-6E907D6ADB1E}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{9DB29835-C9C6-4901-9806-B7E26D075DF0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{A1DB05B0-7921-4A3F-B7B5-C7E3AD46014A}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{A4A9A3A1-D4C3-45F8-B5B9-E0A730044EBB}" = lport=1723 | protocol=6 | dir=in | app=system |
"{A7A630DC-461E-4102-B1FC-9411E1823556}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{AB542126-F6ED-4F66-A811-2B3F6C5A284E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{ABE90B8E-F96F-4B67-971E-F69C2F8622EB}" = rport=137 | protocol=17 | dir=out | app=system |
"{B075176B-8B07-4796-8B32-FC269B0DC942}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B24F6D57-0AFF-4D26-B926-C0FBE048DA63}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B281AF30-0D81-48B5-97D3-6C2B0BE291D4}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{B3FE9E04-893B-4A64-9A64-6FFE3F03CE08}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B4B19C0C-9682-45AE-B194-6745D4872F95}" = rport=10244 | protocol=6 | dir=out | app=system |
"{B4E47337-8D99-4BFE-B46E-8A27768178BE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{B574143D-59E2-46B6-9075-ABD9CF5142A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B57F88C5-D3AD-46C6-A7A6-F64C66A5366E}" = rport=5357 | protocol=6 | dir=out | app=system |
"{B73C1CB5-C854-45F9-9C2F-B3349987B677}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{B7480297-8857-4061-BE1C-5A34C6327821}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B7896275-4170-45F5-A789-F17202BA0509}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B802D91E-C390-420E-A1E5-ED5731E0086B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C29583EF-E729-49DA-8EE7-25ADF1D15827}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C41AC74A-645A-4C95-87FF-25DB26062E40}" = lport=139 | protocol=6 | dir=in | app=system |
"{C51FA661-C2CC-4A78-A6DD-52EF8AE9B084}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D30A1273-E6A1-4059-B0C1-4D680944B960}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{D396F231-97CC-4096-B248-20F1CA8E0206}" = lport=1701 | protocol=17 | dir=in | app=system |
"{D8F5C5D6-C0EA-467B-8415-3BDD3B445222}" = rport=445 | protocol=6 | dir=out | app=system |
"{DB01158B-408D-4A79-AED7-E2B0EF7B5F15}" = lport=443 | protocol=6 | dir=in | app=system |
"{DEEF28BE-A462-47E6-BF7F-C8AEF419864E}" = rport=1701 | protocol=17 | dir=out | app=system |
"{E3C8568D-4133-45C8-80F6-D9538D563F9C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E485FDCD-F930-4B79-98E0-8BA21F87B190}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{E65413C9-8482-426E-8BDC-444A37252E14}" = lport=10244 | protocol=6 | dir=in | app=system |
"{EB081A00-2E6D-42B6-88FE-1CAA112690C0}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{F3B9912E-CB9A-4614-96DC-5CED0E5391EE}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{F8C32060-E8F7-48E0-BBA2-4EBAB856A771}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FCA90AE8-7D55-45FB-97F9-2CE449CBBCBB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F9B129-D974-445A-B93B-D09188499BF9}" = protocol=6 | dir=in | app=d:\tomtomhome2\tomtomhome.exe |
"{061448A8-D7BD-4E0E-9D10-AAD18F809536}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{0BA49DF1-EFD1-4387-990B-607B41704021}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0D66A5CE-1D70-4170-9CB4-4C6E52DFB370}" = protocol=6 | dir=out | app=system |
"{129E9A15-2298-4E14-8288-161C234779F8}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe |
"{21FF1FE9-6865-444B-BA04-A6A44CB9F252}" = protocol=17 | dir=in | app=d:\tomtomhome2\poiedit_manager\mypoimanager.exe |
"{2D9E6E6A-50EA-457B-AD78-FA03FB684177}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\brscutil.exe |
"{2FBBF694-28D3-4284-B0CC-0AB47C6E2C82}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{330257D6-9A31-4119-B667-D08D756D7085}" = protocol=17 | dir=in | app=c:\samsungpcstudio\npsvsvr.exe |
"{48CFC94D-CB23-4453-B885-DFF56BB86311}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4BEC356E-E2C1-4A13-B200-C62CC3C30E6F}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe |
"{51C8DF18-FA0D-44BE-AB89-EECCF1386C00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{53B6C5CD-7CDE-43EA-91D9-F6E9049E4ECC}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{578FF1AE-1352-414C-B248-3F11F9D89768}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58AE3C15-D734-475E-B8FC-1E35244631D6}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{640A1E0F-C651-4DEB-B6BC-A597EC0366D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{67495994-3D57-45AD-99E5-F876E6ED9251}" = protocol=6 | dir=in | app=c:\program files\bluetooth\bluesoleil\bluesoleilcs.exe |
"{6E5B5AED-9138-4DBB-BAD7-39B71CF6E50C}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{72D4842D-3AA8-45F2-8831-CDBD907E8FCB}" = protocol=6 | dir=in | app=c:\samsungpcstudio\npsasvr.exe |
"{7ADACCB9-D490-4A00-BE2F-E8B34D72B14F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D8EFE8A-946A-4A78-9531-A3DF6BB93E1E}" = protocol=17 | dir=in | app=c:\samsungpcstudio\npsasvr.exe |
"{89796D89-7A77-4606-9BFE-B58466D7E0DD}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{8ABAD532-2E0A-4377-8BC4-5610B2C70333}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{8B817D20-54B0-45DE-843F-0F281FCA164E}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{9011EFBE-062A-4A51-8677-E14FC1F6C79F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92FC1989-9FA6-43DD-B5BA-F8777DA8B00C}" = protocol=6 | dir=in | app=c:\samsungpcstudio\npsvsvr.exe |
"{9DA26198-5291-4193-AF86-32BC3DA86B3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A04FC023-9260-44FB-B0FB-B952913B74B8}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{A28E5E8B-BFF9-471A-9FC8-F95884E1A534}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A6C3BAA6-ECF4-48F8-935E-5585911BFEF7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A875B7E5-CBCB-462C-B201-02E93795BDF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A880D1BD-E4C2-4395-956B-47191C9B6FF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B605D757-A24C-42DA-AF7A-EDF9119D894B}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{B7333AE9-40C6-47E7-AAC2-995DFA667ED5}" = protocol=17 | dir=in | app=c:\program files\bluetooth\bluesoleil\bluesoleilcs.exe |
"{BAEE77E4-6A1D-4718-B71C-8B3200FAED4B}" = protocol=6 | dir=out | app=system |
"{C5BBC0BC-B1BC-4C43-B79C-8B6C7DF772D5}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\brscutil.exe |
"{CC1A7A39-98E9-4B54-8A87-81A4BADF076A}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{CCA8B261-FA02-462C-B24F-A235866ACFA6}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{CD5BA620-BBF7-4E39-9BE7-8F8CD75A8285}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CF15445A-D749-4212-8F97-9B53CD9E02E9}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{D2608DCF-496E-4195-9401-443A6546E323}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{D458574E-B561-47D6-91DA-6CB76C753BF7}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{D82C0AFA-C4F2-49C2-AE8A-FFB620876E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D98C0201-96E9-435E-B23B-7E93CFFDAE12}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DB99AF0B-C3D8-401B-B8BC-1C2295FCC341}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe |
"{DC79FC36-D44B-4BAE-A0D0-4DB263B463E0}" = protocol=6 | dir=in | app=d:\tomtomhome2\poiedit_manager\mypoimanager.exe |
"{E45F3597-42AA-43D9-A6F7-51B241D9E052}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{E6FDAD51-1A6F-45EF-A3D4-693717285F07}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe |
"{EB31F3E6-FF20-4BB4-96F2-2D023D0A41F5}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{EC24C1D2-EE8C-4F73-9EE9-BDC524BB40AB}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{F1595F83-DF99-4447-8B1B-FFEBA7E9B741}" = protocol=17 | dir=in | app=d:\tomtomhome2\tomtomhome.exe |
"TCP Query User{3833217A-A628-4F50-B4BD-2AA969E72101}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{52916C38-8E63-4C18-B33E-8D08B2454004}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{6C0A8F47-5A72-4BE8-B6AD-BA04FA21881D}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{A8C79AB3-A44A-4CDD-8951-384CABB6C8A1}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F4B8FEE7-AB6B-47C8-B9CA-5F2F91C1A345}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{735BC4B5-1451-44DE-A389-EA3B025E28E1}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{CCE84ADA-E91A-4123-AC86-8FFE465C7E36}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{DEB7E2CB-8C1D-4B69-AA44-140688BCB941}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{E91B5EB6-BA5F-4722-81B2-2E517B6C1B7D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{F9F70862-719D-4CB0-9786-4137A5D58F18}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}" = MyPoi Manager
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{10B75CF6-5A54-4D7B-9169-70AD17181DE1}_is1" = Oxin's Style! 3D Sexvilla 2.058.002
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Bison Webcam
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{4EF42AFA-60CB-4745-84FF-C744FF7FAAC4}" = calibre
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73DB9180-4D0C-11DF-A8BB-005056C00008}" =  WD Align System Utility 2.0 (Retail) - Powered By Paragon™ 
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C873AD-946A-4629-92AE-B153FEA8A989}" = locr GPS Photo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90260407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7D5787B-3A91-4433-A753-CFE520671683}" = Acronis True Image WD Edition
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E239F8B2-AE00-467D-9F05-47C8E1FAAFA7}" = WD Align - Powered by Acronis
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E934E2A2-BE3B-4C1A-A3D9-753FFB2B38B4}" = WD Drive Manager (x86)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"AVerMedia A827 series driver" = AVerMedia A827 series driver 1.0.0.88
"AVerMedia MCE Encoder x86" = AVerMedia MCE Encoder x86 3.0.1.5
"AVerMedia Media Center Plug-ins" = AVerMedia Media Center Plug-ins 20.09.02.02
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Digital Editions" = Adobe Digital Editions
"ElsaWin" = ElsaWin
"ETKA" = ETKA
"FinePrint" = FinePrint
"GNU Aspell_is1" = GNU Aspell 0.50-3
"InfraRecorder" = InfraRecorder
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IsoBuster_is1" = IsoBuster 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MaxPunkte_is1" = MaxPunkte Ver. 6.2.5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"pdfFactory Pro" = pdfFactory Pro
"PhotoZoom Classic 2" = BenVista PhotoZoom Classic 2.0
"ProInst" = Intel PROSet Wireless
"Recuva" = Recuva
"Send To Toys_is1" = Send To Toys v2.5
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SnadBoy's Revelation v2" = SnadBoy's Revelation v2
"TomTom HOME" = TomTom HOME 2.8.2.2264
"UltraISO_is1" = UltraISO Premium V9.36
"VLC media player" = VLC media player 1.0.1
"X10Hardware" = X10 Hardware(TM)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.09.2011 01:31:18 | Computer Name = &&& | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
 
Error - 03.09.2011 01:31:48 | Computer Name = &&& | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 03.09.2011 01:31:50 | Computer Name = &&& | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
 
Error - 03.09.2011 01:52:42 | Computer Name = &&& | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 03.09.2011 01:52:42 | Computer Name = &&& | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 03.09.2011 01:52:53 | Computer Name = &&& | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 03.09.2011 01:52:54 | Computer Name = &&& | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 06.09.2011 02:22:20 | Computer Name = &&& | Source = WinMgmt | ID = 10
Description =
 
Error - 06.09.2011 02:22:23 | Computer Name = &&& | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 06.09.2011 02:38:49 | Computer Name = &&& | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Public\Downloads\dfsetup200\Defraggler64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 03.09.2011 00:50:35 | Computer Name = &&& | Source = Service Control Manager | ID = 7001
Description =
 
Error - 03.09.2011 01:10:32 | Computer Name = &&& | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03.09.2011 01:10:32 | Computer Name = &&& | Source = Service Control Manager | ID = 7001
Description =
 
Error - 03.09.2011 01:10:32 | Computer Name = &&& | Source = Service Control Manager | ID = 7026
Description =
 
Error - 03.09.2011 01:28:00 | Computer Name = &&& | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03.09.2011 01:28:00 | Computer Name = &&& | Source = Service Control Manager | ID = 7001
Description =
 
Error - 03.09.2011 01:28:00 | Computer Name = &&& | Source = Service Control Manager | ID = 7026
Description =
 
Error - 03.09.2011 01:31:18 | Computer Name = &&& | Source = Service Control Manager | ID = 7001
Description =
 
Error - 06.09.2011 02:22:23 | Computer Name = &&& | Source = Service Control Manager | ID = 7000
Description =
 
Error - 06.09.2011 02:22:23 | Computer Name = &&& | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---

[/code]

P.S.: OTL- Scann für ALLE B.Konten!

SUPERAntiSpyware FREE Edition scan läuft bis Mittagspause (hope so)

Grüße nach Wien.. :abklatsch:

bodobob 06.09.2011 23:24
SUPERAntiSpyware fand nur google- cockies (harmlose)

soll ich nun dein otl-script anwenden? >
:heilig:
Zitat:
Zitat von kira (Beitrag 699116)
1.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
[code]
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.08 16:56:38 | 000,000,220 | ---- | M] () - L:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell - "" = ...

kira 07.09.2011 06:07
Ja, aus Posting #4 - 1., und 2., noch ausführen
Zitat:
Achtung wichtig!:

Die mit Stern gekennzeichneten Teile, musst Du durch die Originalbezeichnung ersetzen (z.B DeinName) und so in Script einfügen! sonst funktioniert nicht!

kira 10.09.2011 06:27
bitte kein PN, stell deine Fragen gleich hier in deinem Thread!
Posting #11 - bitte nochmal gründlich lesen, steht da was Du noch erledigen musst!


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131