Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe (https://www.trojaner-board.de/106651-rechner-gesperrt-eingabeaufforderung-50-freigabe.html)

btt2378 21.12.2011 03:15
Rechner gesperrt; Eingabeaufforderung von 50 € zur Freigabe
 
Hallo, habe das gleiche Problem wie die anderen auch.
Wenn ich den PC ohne Netzwerk Kabel starte funktioniert alles.

Ich freue ich über eure Hilfe, die Meldung kam bei mir wärend des online spielen !!!!

btt2378 21.12.2011 03:41
OTL Logfile:
Code:
OTL logfile created on: 21.12.2011 03:34:49 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = E:\
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 72,98% Memory free
6,00 Gb Paging File | 5,19 Gb Available in Paging File | 86,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 373,98 Gb Free Space | 80,31% Space Free | Partition Type: NTFS
Drive E: | 3,73 Gb Total Space | 2,83 Gb Free Space | 75,85% Space Free | Partition Type: FAT32
 
Computer Name: CK-PC | User Name: ck | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cchservice.exe (Salfeld Computer)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\IZArc\IZArcCM.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (NitroReaderDriverReadSpool) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe (Nitro PDF Software)
SRV - (ksupmgr) -- C:\Windows\System32\ksupmgr.exe (Salfeld Computer)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz)
DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (PLCNDIS5) -- C:\Windows\system32\plcndis5.sys (Intellon, Inc.)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/mb79?a=1ex5XM9l7OY
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 92 AA 65 6D 85 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "WEB.DE Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.googel.de"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.5.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.34
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.5.1
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..keyword.URL: "hxxp://go.web.de/tb/mff_keyurl_search/?su="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.27 16:28:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.17 18:37:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 16:26:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.15 20:24:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.23 08:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.08.05 20:55:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.27 16:28:07 | 000,000,000 | ---D | M]
 
[2010.10.21 19:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ck\AppData\Roaming\mozilla\Extensions
[2010.10.21 19:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ck\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.19 19:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions
[2011.12.07 09:56:56 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.10.07 10:28:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.10 20:00:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.06.17 15:20:43 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\engine@conduit.com
[2011.08.26 13:08:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\ffxtlbr@babylon.com
[2011.05.06 09:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\nostmp
[2011.12.19 19:12:49 | 000,000,933 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\11-suche.xml
[2011.05.25 15:15:10 | 000,000,963 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\conduit.xml
[2011.12.19 19:12:50 | 000,002,419 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 19:12:49 | 000,010,525 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\gmx-suche.xml
[2011.12.19 19:12:49 | 000,002,457 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\lastminute.xml
[2011.06.07 17:27:01 | 000,002,195 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\MyStart Search.xml
[2011.12.19 19:12:49 | 000,005,508 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\webde-suche.xml
[2011.11.09 16:26:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\CK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FRWFKERY.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
() (No name found) -- C:\USERS\CK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FRWFKERY.DEFAULT\EXTENSIONS\TOOLBAR-FF@PAYBACK.DE.XPI
[2011.11.09 16:26:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2011.10.01 22:06:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.01 22:06:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.01 22:06:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 22:06:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 22:06:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 22:06:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\ck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\ck\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\ck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_1\
CHR - Extension: Google Mail = C:\Users\ck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2010.11.23 11:07:59 | 000,000,877 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Programme\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKCU..\Run: [opera.exe] C:\Users\ck\AppData\Roaming\Opera\Opera\opera.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ToolbarsRestrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced:  = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoAdminPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoConfigPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSysPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoProfilePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\ck\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ck\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74878C43-52FA-45FF-B185-972D8D021712}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.21 00:46:30 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\Opera
[2011.12.20 23:36:16 | 000,000,000 | ---D | C] -- C:\Users\ck\Desktop\starmoney rechnungen
[2011.12.20 23:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 7.0
[2011.12.20 23:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\StarMoney 7.0
[2011.12.19 02:01:38 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\Avira
[2011.12.19 01:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.19 01:56:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.12.19 01:56:01 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.19 01:56:01 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.19 01:56:01 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.19 01:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.19 01:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.12.18 22:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011.12.18 22:01:52 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\QuickScan
[2011.12.18 22:00:57 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.12.18 21:59:54 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Local\Google
[2011.12.18 21:59:43 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Local\Deployment
[2011.12.18 21:59:43 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Local\Apps
[2011.12.16 18:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011.12.16 00:55:03 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\ijjigame
[2011.12.14 23:03:33 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.14 23:03:32 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.14 23:03:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.14 23:03:32 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.14 23:03:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.14 23:03:30 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 23:03:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.14 23:03:22 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 23:03:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 23:03:20 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 23:03:19 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.14 12:15:56 | 000,000,000 | ---D | C] -- C:\Users\ck\Desktop\skoda
[2011.12.13 14:05:18 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivox
[2011.12.13 14:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\Vivox
[2011.12.11 22:40:16 | 000,000,000 | ---D | C] -- C:\Users\ck\Desktop\Promo Bilder VD
[2011.12.03 19:34:00 | 000,000,000 | ---D | C] -- C:\Users\ck\Desktop\Bewerbungsordner new
[2011.12.02 17:30:55 | 000,000,000 | ---D | C] -- C:\Users\ck\Desktop\vd promo bilder fläche
[2011.11.27 21:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
[2011.11.27 21:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\Elcomsoft Password Recovery
[2011.11.27 21:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Elcomsoft Password Recovery
[2011.11.27 21:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\Elcomsoft
[2011.11.25 13:35:53 | 000,000,000 | ---D | C] -- C:\Users\ck\Documents\DolbyAxon
[2011.11.25 13:35:48 | 002,262,960 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.0.0.ocx
[2011.11.25 13:35:48 | 000,571,312 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.SkinFramework.Unicode.v13.0.0.ocx
[2011.11.25 13:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon
[2011.11.25 13:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\DolbyAxon
[2011.11.24 22:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.21 03:37:12 | 000,000,164 | ---- | M] () -- C:\Windows\System32\SWCTL.DLL
[2011.12.21 03:34:47 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.21 03:34:47 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.21 03:34:47 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.21 03:34:47 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.21 03:32:21 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.12.21 03:32:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.21 03:32:16 | 2415,308,800 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.21 01:18:38 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.21 01:18:37 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.21 01:04:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001UA.job
[2011.12.21 01:03:47 | 000,353,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.20 23:24:11 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\StarMoney 7.0.lnk
[2011.12.19 02:09:21 | 000,019,684 | ---- | M] () -- C:\Users\ck\Desktop\Offene Posten.sxc
[2011.12.19 01:56:16 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.18 23:55:48 | 000,100,935 | ---- | M] () -- C:\ProgramData\1324248838.bdinstall.bin
[2011.12.18 22:38:29 | 000,240,184 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2011.12.18 22:38:28 | 000,446,160 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2011.12.18 22:10:21 | 000,270,050 | ---- | M] () -- C:\ProgramData\1324242039.bdinstall.bin
[2011.12.18 22:07:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011.12.18 22:04:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001Core.job
[2011.12.18 22:00:59 | 000,002,294 | ---- | M] () -- C:\Users\ck\Desktop\Google Chrome.lnk
[2011.12.15 00:27:06 | 000,008,893 | ---- | M] () -- C:\Windows\System32\cchservice.err
[2011.12.13 14:05:18 | 000,002,929 | ---- | M] () -- C:\Users\ck\Desktop\C3.lnk
[2011.12.11 22:59:37 | 006,439,313 | ---- | M] () -- C:\Users\ck\Desktop\Promo Bilder VD.zip
[2011.12.11 22:36:58 | 001,517,253 | ---- | M] () -- C:\Users\ck\Desktop\FANTEC_Smart_TV_Hub_Box_DE.pdf
[2011.12.09 12:40:20 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.09 12:40:20 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.09 12:40:20 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.03 22:27:40 | 000,024,115 | ---- | M] () -- C:\Users\ck\Desktop\Tourenplanung Kuhn.ods
[2011.12.03 20:03:45 | 000,000,137 | ---- | M] () -- C:\Users\ck\Desktop\Berlin - Kuhn_14.11.11.URL
[2011.12.02 20:09:56 | 000,005,680 | ---- | M] () -- C:\Users\ck\Desktop\Rechnung_update_123.pdf
[2011.11.30 17:28:34 | 000,047,070 | ---- | M] () -- C:\Users\ck\Desktop\Update Zusatz.pdf
[2011.11.30 17:27:51 | 000,065,986 | ---- | M] () -- C:\Users\ck\Desktop\Update Vertrag.pdf
[2011.11.30 12:35:59 | 000,130,687 | ---- | M] () -- C:\Users\ck\Desktop\Christian-Kuhn-20111130-intern.pdf
[2011.11.29 11:43:55 | 000,073,210 | ---- | M] () -- C:\Users\ck\Desktop\ck und janett.jpg
[2011.11.27 22:11:00 | 003,178,822 | ---- | M] () -- C:\Users\ck\Desktop\Sat Vision Videoweb.pdf
[2011.11.24 22:36:44 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011.11.24 22:24:13 | 000,007,607 | ---- | M] () -- C:\Users\ck\AppData\Local\resmon.resmoncfg
[2011.11.24 05:25:27 | 002,342,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.11.21 12:26:05 | 000,087,157 | ---- | M] () -- C:\Users\ck\Desktop\händler liste new (01).pdf
 
========== Files Created - No Company Name ==========
 
[2011.12.20 23:24:10 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\StarMoney 7.0.lnk
[2011.12.19 01:56:16 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.18 23:55:48 | 000,100,935 | ---- | C] () -- C:\ProgramData\1324248838.bdinstall.bin
[2011.12.18 22:10:21 | 000,270,050 | ---- | C] () -- C:\ProgramData\1324242039.bdinstall.bin
[2011.12.18 22:07:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011.12.18 22:00:59 | 000,002,294 | ---- | C] () -- C:\Users\ck\Desktop\Google Chrome.lnk
[2011.12.18 21:59:56 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001UA.job
[2011.12.18 21:59:54 | 000,001,056 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001Core.job
[2011.12.13 14:05:18 | 000,002,929 | ---- | C] () -- C:\Users\ck\Desktop\C3.lnk
[2011.12.11 22:59:36 | 006,439,313 | ---- | C] () -- C:\Users\ck\Desktop\Promo Bilder VD.zip
[2011.12.11 22:36:58 | 001,517,253 | ---- | C] () -- C:\Users\ck\Desktop\FANTEC_Smart_TV_Hub_Box_DE.pdf
[2011.12.03 20:03:45 | 000,000,137 | ---- | C] () -- C:\Users\ck\Desktop\Berlin - Kuhn_14.11.11.URL
[2011.12.02 20:09:19 | 000,005,680 | ---- | C] () -- C:\Users\ck\Desktop\Rechnung_update_123.pdf
[2011.11.30 17:28:34 | 000,047,070 | ---- | C] () -- C:\Users\ck\Desktop\Update Zusatz.pdf
[2011.11.30 17:27:51 | 000,065,986 | ---- | C] () -- C:\Users\ck\Desktop\Update Vertrag.pdf
[2011.11.30 12:35:54 | 000,130,687 | ---- | C] () -- C:\Users\ck\Desktop\Christian-Kuhn-20111130-intern.pdf
[2011.11.29 11:43:55 | 000,073,210 | ---- | C] () -- C:\Users\ck\Desktop\ck und janett.jpg
[2011.11.27 22:47:52 | 000,024,115 | ---- | C] () -- C:\Users\ck\Desktop\Tourenplanung Kuhn.ods
[2011.11.27 22:11:00 | 003,178,822 | ---- | C] () -- C:\Users\ck\Desktop\Sat Vision Videoweb.pdf
[2011.11.24 22:36:43 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2011.11.24 22:21:47 | 000,007,607 | ---- | C] () -- C:\Users\ck\AppData\Local\resmon.resmoncfg
[2011.11.21 12:26:05 | 000,087,157 | ---- | C] () -- C:\Users\ck\Desktop\händler liste new (01).pdf
[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.10.12 11:49:41 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Classical
[2011.10.12 11:49:41 | 000,000,268 | RH-- | C] () -- C:\Users\ck\AppData\Roaming\Channel
[2011.10.12 11:49:41 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.10.12 11:49:41 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions
[2011.10.12 11:49:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clean Electric Guitar
[2011.10.12 11:49:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Classic Thick
[2011.10.12 11:49:06 | 000,000,268 | RH-- | C] () -- C:\Users\ck\AppData\Roaming\Chiller
[2011.10.12 11:49:06 | 000,000,268 | RH-- | C] () -- C:\Users\ck\AppData\Roaming\Carbon
[2011.10.12 11:49:06 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.10.12 11:49:06 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.10.12 11:49:06 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Contents
[2011.10.12 11:49:06 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Compressor
[2011.08.27 13:53:37 | 000,276,080 | ---- | C] () -- C:\Users\ck\AppData\Local\census.cache
[2011.08.27 13:53:24 | 000,132,740 | ---- | C] () -- C:\Users\ck\AppData\Local\ars.cache
[2011.08.05 21:59:05 | 000,000,036 | ---- | C] () -- C:\Users\ck\AppData\Local\housecall.guid.cache
[2011.07.31 20:09:08 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll
[2011.07.18 08:08:52 | 000,000,164 | ---- | C] () -- C:\Windows\System32\SWCTL.DLL
[2011.07.18 08:08:52 | 000,000,145 | -H-- | C] () -- C:\Windows\System32\ctlsw.ini
[2011.07.18 08:08:50 | 000,009,368 | ---- | C] () -- C:\Windows\System32\drivers\mchccinj.sys
[2011.07.18 08:08:49 | 000,000,590 | ---- | C] () -- C:\Windows\System32\nochook.ini
[2011.06.15 18:53:50 | 000,241,182 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.06.15 18:53:50 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2011.06.07 17:13:26 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2011.05.10 23:57:00 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat.temp
[2011.05.04 11:39:33 | 000,132,420 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.03.27 16:46:00 | 000,237,206 | ---- | C] () -- C:\Windows\hpwins26.dat.temp
[2011.03.27 16:46:00 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2011.03.27 16:40:34 | 000,236,543 | ---- | C] () -- C:\Windows\hpwins26.dat
[2011.03.27 16:40:34 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2011.03.27 16:25:10 | 000,196,991 | ---- | C] () -- C:\Windows\hpwins27.dat
[2011.03.27 16:25:10 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat
[2010.11.17 18:23:12 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.11.17 18:03:17 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.10.05 19:24:33 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.10.05 18:45:32 | 000,000,572 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2010.10.05 18:45:22 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.10.07 14:40:34 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2009.10.07 14:38:42 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2009.10.07 14:38:26 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2009.10.07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.09.30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nsldap32v60.dll
[2009.07.14 09:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,353,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\System32\nsldapssl32v60.dll
[2008.10.30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\System32\nsldappr32v60.dll
[2008.07.26 13:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2004.08.13 08:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000096.DLL
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 176 bytes -> C:\Users\ck\Desktop\unterschrift.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\ck\Desktop\Tk-Bescheid.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\ck\Desktop\Gewerbeschein_C.Kuhn.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 21.12.2011 03:34:49 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = E:\
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 72,98% Memory free
6,00 Gb Paging File | 5,19 Gb Available in Paging File | 86,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 373,98 Gb Free Space | 80,31% Space Free | Partition Type: NTFS
Drive E: | 3,73 Gb Total Space | 2,83 Gb Free Space | 75,85% Space Free | Partition Type: FAT32
 
Computer Name: CK-PC | User Name: ck | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17936630-5344-4F18-9970-616129E2A114}_is1" = Dolby Axon - 1.4.0.1
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FA42404-0150-4AB9-BCA7-8168E25773DF}" = StarMoney 7.0
"{52088EA2-01DB-4A59-A302-A5C27DCD85AC}" = StarMoney 8.0
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}" = OLYMPUS Viewer 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7311DD3C-412D-4A6A-B12C-A088391C6EF5}" = Elcomsoft Phone Password Breaker
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AE8768A-5C84-4EC6-9504-A2D37A8C6E99}" = Nitro PDF Reader
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.POWERPOINTR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.POWERPOINTR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.POWERPOINTR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.POWERPOINTR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.POWERPOINTR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.POWERPOINTR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.POWERPOINTR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney
"{91140000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{91140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINTR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8E88489-A304-45F1-9717-242035DE167D}" = PixelPlanet PdfPrinter 6
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE15050E-1FCF-4E23-B10F-65194C7A73EC}" = C3
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7437092-E534-46A5-895B-94FC627139B6}" = COMPUTERBILD-Abzockschutz
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DD3DD99A-BA74-49FD-809D-B96FF518F4FB}" = KFZ-Fahrtenbuch 3
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.26
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"1&1 EasyLogin" = 1&1 EasyLogin
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"DivX Setup.divx.com" = DivX-Setup
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"DTGDesktop" = Documents To Go Desktop for iPhone
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"Foxit PDF Editor" = Foxit PDF Editor
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IncrediMail" = IncrediMail 2.0
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Logitech Vid" = Logitech Vid HD
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.POWERPOINTR" = Microsoft PowerPoint 2010
"PDF Editor 3" = PDF Editor 3
"Personal Backup 5_is1" = Personal Backup 5.0
"PhotoScape" = PhotoScape
"SP6" = Logitech SetPoint 6.30
"SpeedFan" = SpeedFan (remove only)
"Steam App 102700" = Alliance of Valiant Arms
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"User Control_is1" = User Control
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

btt2378 21.12.2011 04:46
Hier nochmal die Werte als Datei Upload.

kira 22.12.2011 07:53
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
absichtlich installiert?:
Zitat:
1&1 EasyLogin
2.
Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere:
Code:
McAfee Security Scan Plus
obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

3.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
  • per Doppelklick starten.
  • gleich mal die Datenbanken zu aktualisieren - online updaten
  • Vollständiger Suchlauf wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

4.
falsch installiert!:
Zitat:
Folder = C:\Windows\system32
also OTL wieder entfernen und erneut herunterladen:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

5.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

btt2378 22.12.2011 16:34
Hey, hier die Files

Code:
Logfile Malewarebytes

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122202

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

22.12.2011 12:58:41
mbam-log-2011-12-22 (12-58-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 395908
Laufzeit: 1 Stunde(n), 44 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL Logfile:
Code:
OTL logfile created on: 22.12.2011 11:22:55 -

Run 3 OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\ck\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 42,18% Memory free
6,00 Gb Paging File | 3,92 Gb Available in Paging File | 65,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 393,81 Gb Free Space | 84,57% Space Free | Partition Type: NTFS
 
Computer Name: CK-PC | User Name: ck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ck\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\G Data\AntiVirus\GUI\GDSC.exe (G Data Software AG)
PRC - C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Programme\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Nitro PDF\Reader\NitroPDFReaderDriverService.exe (Nitro PDF Software)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\System32\cchservice.exe (Salfeld Computer)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll ()
MOD - C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\avutil-51.dll ()
MOD - C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\avformat-53.dll ()
MOD - C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\avcodec-53.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Programme\IZArc\IZArcCM.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AVKService) -- C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (NitroReaderDriverReadSpool) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe (Nitro PDF Software)
SRV - (ksupmgr) -- C:\Windows\System32\ksupmgr.exe (Salfeld Computer)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (GdNetMon) -- C:\Windows\System32\drivers\GdNetMon32.sys (G Data Software AG)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz)
DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (PLCNDIS5) -- C:\Windows\system32\plcndis5.sys (Intellon, Inc.)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/mb79?a=1ex5XM9l7OY
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 92 AA 65 6D 85 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "WEB.DE Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.googel.de"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.5.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.34
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.5.1
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..keyword.URL: "hxxp://go.web.de/tb/mff_keyurl_search/?su="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.27 16:28:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.17 18:37:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 16:26:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.15 20:24:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.23 08:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.08.05 20:55:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.27 16:28:07 | 000,000,000 | ---D | M]
 
[2010.10.21 19:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ck\AppData\Roaming\mozilla\Extensions
[2010.10.21 19:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ck\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.21 18:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions
[2011.12.21 18:01:43 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.10.07 10:28:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.06 09:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ck\AppData\Roaming\mozilla\Firefox\Profiles\frwfkery.default\extensions\nostmp
[2011.12.19 19:12:49 | 000,000,933 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\11-suche.xml
[2011.05.25 15:15:10 | 000,000,963 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\conduit.xml
[2011.12.19 19:12:50 | 000,002,419 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 19:12:49 | 000,010,525 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\gmx-suche.xml
[2011.12.19 19:12:49 | 000,002,457 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\lastminute.xml
[2011.06.07 17:27:01 | 000,002,195 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\MyStart Search.xml
[2011.12.19 19:12:49 | 000,005,508 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\webde-suche.xml
[2011.12.21 15:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.21 15:11:45 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2011.12.21 15:11:45 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2011.12.21 15:11:45 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{906305F7-AAFC-45E9-8BBD-941950A84DAD}
[2011.12.21 15:11:45 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170633FE}
() (No name found) -- C:\USERS\CK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FRWFKERY.DEFAULT\EXTENSIONS\TOOLBAR-FF@PAYBACK.DE.XPI
[2011.11.09 16:26:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2011.10.01 22:06:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.01 22:06:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.01 22:06:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 22:06:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 22:06:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 22:06:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ck\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\ck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\ck\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\ck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_1\
CHR - Extension: Google Mail = C:\Users\ck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2010.11.23 11:07:59 | 000,000,877 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll (G Data Software AG)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKCU..\Run: [opera.exe] C:\Users\ck\AppData\Roaming\Opera\Opera\opera.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ToolbarsRestrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced:  = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoAdminPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoConfigPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSysPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoProfilePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\ck\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ck\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74878C43-52FA-45FF-B185-972D8D021712}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.22 11:25:34 | 000,000,000 | ---D | C] -- C:\Users\ck\Desktop\log files 22.12
[2011.12.22 11:20:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\ck\Desktop\OTL.exe
[2011.12.22 11:13:06 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.21 18:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011.12.21 18:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011.12.21 15:12:08 | 000,049,016 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2011.12.21 15:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data AntiVirus 2012
[2011.12.21 15:11:19 | 000,041,336 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2011.12.21 15:11:18 | 000,079,992 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2011.12.21 15:11:17 | 000,040,440 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2011.12.21 15:11:17 | 000,029,560 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GdNetMon32.sys
[2011.12.21 15:11:15 | 000,054,648 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2011.12.21 15:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2011.12.21 15:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\G Data
[2011.12.21 15:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2011.12.21 15:04:11 | 354,192,696 | ---- | C] (G Data Software AG) -- C:\Users\ck\Desktop\GER_R_FUL_2012_AV.exe
[2011.12.21 15:04:10 | 002,002,416 | ---- | C] (Trend Micro Inc.) -- C:\Users\ck\Desktop\HousecallLauncher.exe
[2011.12.21 13:16:49 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.21 13:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.21 13:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.21 13:16:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.21 13:15:52 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\ck\Desktop\aswMBR.exe
[2011.12.21 04:32:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Windows\System32\OTL.exe
[2011.12.21 04:11:03 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\Malwarebytes
[2011.12.21 04:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.21 04:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.21 04:10:54 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.21 04:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.21 03:47:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.12.21 00:46:30 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\Opera
[2011.12.20 23:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 7.0
[2011.12.20 23:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\StarMoney 7.0
[2011.12.18 22:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011.12.18 22:01:52 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\QuickScan
[2011.12.18 22:00:57 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.12.18 21:59:54 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Local\Google
[2011.12.18 21:59:43 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Local\Deployment
[2011.12.18 21:59:43 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Local\Apps
[2011.12.16 18:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011.12.16 00:55:03 | 000,000,000 | ---D | C] -- C:\Users\ck\AppData\Roaming\ijjigame
[2011.12.14 23:03:33 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.14 23:03:32 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.14 23:03:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.14 23:03:32 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.14 23:03:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.14 23:03:30 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 23:03:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.14 23:03:22 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 23:03:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 23:03:20 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 23:03:19 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.14 12:15:56 | 000,000,000 | ---D | C] -- C:\Users\ck\Desktop\skoda
[2011.12.03 19:34:00 | 000,000,000 | ---D | C] -- C:\Users\ck\Desktop\Bewerbungsordner new
[2011.11.27 21:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
[2011.11.27 21:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Elcomsoft Password Recovery
[2011.11.25 13:35:53 | 000,000,000 | ---D | C] -- C:\Users\ck\Documents\DolbyAxon
[2011.11.25 13:35:48 | 002,262,960 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.0.0.ocx
[2011.11.25 13:35:48 | 000,571,312 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.SkinFramework.Unicode.v13.0.0.ocx
[2011.11.25 13:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon
[2011.11.25 13:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\DolbyAxon
[2011.11.24 22:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.22 11:34:57 | 000,000,164 | ---- | M] () -- C:\Windows\System32\SWCTL.DLL
[2011.12.22 11:20:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ck\Desktop\OTL.exe
[2011.12.22 11:13:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.22 11:04:36 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001UA.job
[2011.12.22 10:34:48 | 000,170,772 | ---- | M] () -- C:\Users\ck\Desktop\andels angebot.pdf
[2011.12.22 10:01:54 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.22 10:01:53 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.22 09:56:00 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011.12.22 09:54:28 | 000,501,690 | ---- | M] () -- C:\Windows\System32\sig.bin
[2011.12.22 09:54:28 | 000,035,305 | ---- | M] () -- C:\Windows\System32\nmp.map
[2011.12.22 09:53:37 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.12.22 09:53:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.22 09:53:19 | 2415,308,800 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.21 18:31:22 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011.12.21 17:06:48 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.21 17:06:48 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.21 17:06:48 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.21 17:06:48 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.21 16:22:14 | 000,079,992 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2011.12.21 16:22:14 | 000,054,648 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2011.12.21 16:22:14 | 000,041,336 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2011.12.21 16:22:14 | 000,040,440 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2011.12.21 15:49:17 | 000,307,794 | ---- | M] () -- C:\Users\ck\AppData\Local\census.cache
[2011.12.21 15:49:13 | 000,132,740 | ---- | M] () -- C:\Users\ck\AppData\Local\ars.cache
[2011.12.21 15:12:08 | 000,049,016 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2011.12.21 15:11:17 | 000,029,560 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GdNetMon32.sys
[2011.12.21 14:46:18 | 002,002,416 | ---- | M] (Trend Micro Inc.) -- C:\Users\ck\Desktop\HousecallLauncher.exe
[2011.12.21 13:16:37 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.21 12:20:42 | 354,192,696 | ---- | M] (G Data Software AG) -- C:\Users\ck\Desktop\GER_R_FUL_2012_AV.exe
[2011.12.21 04:10:58 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.21 03:10:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\OTL.exe
[2011.12.21 03:05:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\ck\Desktop\aswMBR.exe
[2011.12.21 01:03:47 | 000,353,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.18 23:55:48 | 000,100,935 | ---- | M] () -- C:\ProgramData\1324248838.bdinstall.bin
[2011.12.18 22:38:29 | 000,240,184 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2011.12.18 22:38:28 | 000,446,160 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2011.12.18 22:10:21 | 000,270,050 | ---- | M] () -- C:\ProgramData\1324242039.bdinstall.bin
[2011.12.18 22:07:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011.12.18 22:04:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001Core.job
[2011.12.15 00:27:06 | 000,008,893 | ---- | M] () -- C:\Windows\System32\cchservice.err
[2011.11.24 22:36:44 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011.11.24 22:24:13 | 000,007,607 | ---- | M] () -- C:\Users\ck\AppData\Local\resmon.resmoncfg
[2011.11.24 05:25:27 | 002,342,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files Created - No Company Name ==========
 
[2011.12.22 10:34:48 | 000,170,772 | ---- | C] () -- C:\Users\ck\Desktop\andels angebot.pdf
[2011.12.22 09:54:28 | 000,501,690 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.12.22 09:54:28 | 000,035,305 | ---- | C] () -- C:\Windows\System32\nmp.map
[2011.12.21 18:31:23 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011.12.21 18:31:22 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011.12.21 13:16:37 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.21 04:10:58 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.18 23:55:48 | 000,100,935 | ---- | C] () -- C:\ProgramData\1324248838.bdinstall.bin
[2011.12.18 22:10:21 | 000,270,050 | ---- | C] () -- C:\ProgramData\1324242039.bdinstall.bin
[2011.12.18 22:07:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011.12.18 21:59:56 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001UA.job
[2011.12.18 21:59:54 | 000,001,056 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001Core.job
[2011.11.24 22:36:43 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2011.11.24 22:21:47 | 000,007,607 | ---- | C] () -- C:\Users\ck\AppData\Local\resmon.resmoncfg
[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.10.12 11:49:41 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Classical
[2011.10.12 11:49:41 | 000,000,268 | RH-- | C] () -- C:\Users\ck\AppData\Roaming\Channel
[2011.10.12 11:49:41 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.10.12 11:49:41 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions
[2011.10.12 11:49:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clean Electric Guitar
[2011.10.12 11:49:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Classic Thick
[2011.10.12 11:49:06 | 000,000,268 | RH-- | C] () -- C:\Users\ck\AppData\Roaming\Chiller
[2011.10.12 11:49:06 | 000,000,268 | RH-- | C] () -- C:\Users\ck\AppData\Roaming\Carbon
[2011.10.12 11:49:06 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.10.12 11:49:06 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.10.12 11:49:06 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Contents
[2011.10.12 11:49:06 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Compressor
[2011.08.27 13:53:37 | 000,307,794 | ---- | C] () -- C:\Users\ck\AppData\Local\census.cache
[2011.08.27 13:53:24 | 000,132,740 | ---- | C] () -- C:\Users\ck\AppData\Local\ars.cache
[2011.08.05 21:59:05 | 000,000,036 | ---- | C] () -- C:\Users\ck\AppData\Local\housecall.guid.cache
[2011.07.31 20:09:08 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll
[2011.07.18 08:08:52 | 000,000,164 | ---- | C] () -- C:\Windows\System32\SWCTL.DLL
[2011.07.18 08:08:52 | 000,000,145 | -H-- | C] () -- C:\Windows\System32\ctlsw.ini
[2011.07.18 08:08:50 | 000,009,368 | ---- | C] () -- C:\Windows\System32\drivers\mchccinj.sys
[2011.07.18 08:08:49 | 000,000,590 | ---- | C] () -- C:\Windows\System32\nochook.ini
[2011.06.15 18:53:50 | 000,241,182 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.06.15 18:53:50 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2011.06.07 17:13:26 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2011.05.10 23:57:00 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat.temp
[2011.05.04 11:39:33 | 000,132,420 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.03.27 16:46:00 | 000,237,206 | ---- | C] () -- C:\Windows\hpwins26.dat.temp
[2011.03.27 16:46:00 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2011.03.27 16:40:34 | 000,236,543 | ---- | C] () -- C:\Windows\hpwins26.dat
[2011.03.27 16:40:34 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2011.03.27 16:25:10 | 000,196,991 | ---- | C] () -- C:\Windows\hpwins27.dat
[2011.03.27 16:25:10 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat
[2010.11.17 18:23:12 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.11.17 18:03:17 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.10.05 19:24:33 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.10.05 18:45:32 | 000,000,572 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2010.10.05 18:45:22 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.10.07 14:40:34 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2009.10.07 14:38:42 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2009.10.07 14:38:26 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2009.10.07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.09.30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nsldap32v60.dll
[2009.07.14 09:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,353,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\System32\nsldapssl32v60.dll
[2008.10.30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\System32\nsldappr32v60.dll
[2008.07.26 13:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2004.08.13 08:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000096.DLL
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 168 bytes -> C:\Users\ck\Desktop\Gewerbeschein_C.Kuhn.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
--- --- ---


Code:
OTL Extras

TL Extras logfile created on: 22.12.2011 11:22:55 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\ck\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 42,18% Memory free
6,00 Gb Paging File | 3,92 Gb Available in Paging File | 65,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 393,81 Gb Free Space | 84,57% Space Free | Partition Type: NTFS
 
Computer Name: CK-PC | User Name: ck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17936630-5344-4F18-9970-616129E2A114}_is1" = Dolby Axon - 1.4.0.1
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1AD8819A-70E8-4380-92DA-F5B2421DAE35}" = G Data AntiVirus 2012
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FA42404-0150-4AB9-BCA7-8168E25773DF}" = StarMoney 7.0
"{52088EA2-01DB-4A59-A302-A5C27DCD85AC}" = StarMoney 8.0
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}" = OLYMPUS Viewer 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7311DD3C-412D-4A6A-B12C-A088391C6EF5}" = Elcomsoft Phone Password Breaker
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AE8768A-5C84-4EC6-9504-A2D37A8C6E99}" = Nitro PDF Reader
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.POWERPOINTR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.POWERPOINTR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.POWERPOINTR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.POWERPOINTR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.POWERPOINTR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.POWERPOINTR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.POWERPOINTR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney
"{91140000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{91140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINTR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8E88489-A304-45F1-9717-242035DE167D}" = PixelPlanet PdfPrinter 6
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7437092-E534-46A5-895B-94FC627139B6}" = COMPUTERBILD-Abzockschutz
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DD3DD99A-BA74-49FD-809D-B96FF518F4FB}" = KFZ-Fahrtenbuch 3
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"DivX Setup.divx.com" = DivX-Setup
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"DTGDesktop" = Documents To Go Desktop for iPhone
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"Foxit PDF Editor" = Foxit PDF Editor
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HitmanPro35" = Hitman Pro 3.5
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IncrediMail" = IncrediMail 2.0
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.POWERPOINTR" = Microsoft PowerPoint 2010
"PDF Editor 3" = PDF Editor 3
"Personal Backup 5_is1" = Personal Backup 5.0
"PhotoScape" = PhotoScape
"SP6" = Logitech SetPoint 6.30
"SpeedFan" = SpeedFan (remove only)
"Steam App 102700" = Alliance of Valiant Arms
"Uninstall_is1" = Uninstall 1.0.0.1
"User Control_is1" = User Control
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
Code:

AAVUpdateManager        Akademische Arbeitsgemeinschaft        01.10.2010        14,5MB        12.00.0000
ABC Amber Audio Converter                04.12.2010               
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        04.10.2010        6,00MB        10.1.85.3
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        17.11.2011        6,00MB        11.1.102.55
Adobe Reader 9.4.6 - Deutsch        Adobe Systems Incorporated        21.09.2011        263MB        9.4.6
Alliance of Valiant Arms                24.06.2011               
Apple Application Support        Apple Inc.        22.10.2011        61,2MB        2.1.5
Apple Mobile Device Support        Apple Inc.        22.10.2011        24,3MB        4.0.0.96
Apple Software Update        Apple Inc.        22.10.2011        2,38MB        2.1.3.127
Bonjour        Apple Inc.        22.10.2011        1,02MB        3.0.0.10
Bullzip PDF Printer 7.2.0.1304        Bullzip        06.07.2011        6,41MB        7.2.0.1304
CCleaner        Piriform        06.10.2011                3.11
CDBurnerXP        CDBurnerXP        30.10.2011        12,0MB        4.3.8.2631
CloneDVD2        Elaborate Bytes        04.10.2010               
COMPUTERBILD-Abzockschutz        J3S        29.03.2011        2,24MB        1.0.30
cyberJack Base Components        REINER SCT        30.07.2011                6.9.12
devolo dLAN-Konfigurationsassistent        devolo AG        20.08.2011                9.0.0.0
devolo EasyClean        devolo AG        20.08.2011                3.0.0.0
devolo EasyShare        devolo AG        20.08.2011                4.0.0.0
devolo Informer        devolo AG        20.08.2011                15.0.0.0
DHTML Editing Component        Microsoft Corporation        11.10.2011        0,54MB        6.02.0001
DivX-Setup        DivX, LLC        16.07.2011                2.5.0.15
Documents To Go Desktop for iPhone        DataViz, Inc.        25.06.2011                2.0000.006
Dolby Axon - 1.4.0.1        Dolby Laboratories        24.11.2011        24,8MB        1.4.0.1
Dropbox        Dropbox, Inc.        22.06.2011                1.1.35
Elcomsoft Phone Password Breaker        Elcomsoft Co. Ltd.        26.11.2011        9,40MB        1.81.1077.899
Free Audio CD Burner version 1.4        DVDVideoSoft Limited.        26.10.2010        8,19MB       
Free YouTube Download version 3.0.13.815        DVDVideoSoft Ltd.        27.08.2011        42,0MB       
Free YouTube to MP3 Converter version 3.10.11.923        DVDVideoSoft Ltd.        11.10.2011        42,4MB       
G Data AntiVirus 2012        G Data Software AG        20.12.2011        65,6MB        22.0.0.0
Google Chrome        Google Inc.        17.12.2011                16.0.912.63
GPL Ghostscript Lite 8.70                06.07.2011        12,8MB       
Hitman Pro 3.5        SurfRight B.V.        20.12.2011                3.5.9.131
HP Customer Participation Program 13.0        HP        26.03.2011                13.0
HP Document Manager 2.0        HP        26.03.2011                2.0
HP Imaging Device Functions 13.0        HP        26.03.2011                13.0
HP Officejet 4500 G510a-f        HP        26.03.2011                13.0
HP Officejet 4500 G510g-m        HP        26.03.2011                13.0
HP Officejet 4500 G510n-z        HP        14.06.2011                13.0
HP Smart Web Printing 4.5        HP        26.03.2011                4.5
HP Update        Hewlett-Packard        26.03.2011        3,73MB        4.000.011.006
iCloud        Apple Inc.        18.10.2011        23,6MB        1.0.1.29
IncrediMail 2.0        IncrediMail Ltd.        21.08.2011                6.2.9.5055
iTunes        Apple Inc.        22.10.2011        168,7MB        10.5.0.142
IZArc 4.1.2        Ivan Zahariev        30.09.2010        13,8MB        4.1.2
Java(TM) 6 Update 22        Oracle        08.11.2011        97,1MB        6.0.220
Java(TM) 6 Update 26        Oracle        04.10.2010        97,0MB        6.0.260
KFZ-Fahrtenbuch 3        Krämer IT Solutions GmbH        28.02.2011        29,7MB        3.0.80.0
Logitech SetPoint 6.30        Logitech        12.07.2011        39,1MB        6.30.43
Logitech Vid HD        Logitech Inc..        06.06.2011                7.2 (7248)
Logitech Webcam Software        Logitech Inc.        06.06.2011        43,9MB        12.10.1113
Malwarebytes' Anti-Malware Version 1.51.2.1300        Malwarebytes Corporation        20.12.2011        13,8MB        1.51.2.1300
MediaMonkey 3.2        Ventis Media Inc.        15.10.2011                3.2
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        19.10.2010        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        19.10.2010        2,94MB        4.0.30319
Microsoft PowerPoint 2010        Microsoft Corporation        10.11.2011                14.0.6029.1000
Microsoft PowerPoint Viewer        Microsoft Corporation        13.12.2011        175,7MB        14.0.6029.1000
Microsoft Silverlight        Microsoft Corporation        12.10.2011        140,1MB        4.0.60831.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        03.11.2010        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        15.06.2011        0,29MB        8.0.56336
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        12.04.2011        0,58MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        31.03.2011        0,23MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        04.10.2010        0,23MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        04.10.2010        0,58MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        15.06.2011        0,59MB        9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        18.12.2011        15,0MB        10.0.40219
MobileMe Control Panel        Apple Inc.        18.10.2011        12,9MB        3.1.8.0
Mozilla Firefox 8.0 (x86 de)        Mozilla        08.11.2011        36,9MB        8.0
Mozilla Thunderbird (8.0)        Mozilla        14.11.2011                8.0 (de)
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        06.10.2010        37,00KB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        06.10.2010        1,33MB        4.20.9876.0
MSXML 4.0 SP2 Parser and SDK        Microsoft Corporation        09.07.2011        36,00KB        4.20.9818.0
NEC Electronics USB 3.0 Host Controller Driver        NEC Electronics Corporation        27.12.2010        0,97MB        1.0.20.0
Nikon Message Center 2        Nikon        11.10.2011        5,20MB        2.0.1
Nikon Movie Editor        Nikon        11.10.2011        27,0MB        2.2.1
Nitro PDF Reader        Nitro PDF Software        07.03.2011        80,1MB        1.4.0.11
Nur Deinstallierung der CopyTrans Suite möglich.        WindSolutions        07.11.2010                2.15
NVIDIA 3D Vision Controller-Treiber 285.62        NVIDIA Corporation        25.10.2011                285.62
NVIDIA 3D Vision Treiber 285.62        NVIDIA Corporation        25.10.2011                285.62
NVIDIA Drivers        NVIDIA Corporation        16.11.2010        66,3MB        1.10.62.40
NVIDIA Grafiktreiber 285.62        NVIDIA Corporation        25.10.2011                285.62
NVIDIA PhysX-Systemsoftware 9.11.0621        NVIDIA Corporation        25.10.2011                9.11.0621
NVIDIA Update 1.5.20        NVIDIA Corporation        25.10.2011                1.5.20
OCR Software by I.R.I.S. 13.0        HP        26.03.2011                13.0
Olympus ib        OLYMPUS IMAGING CORP.        09.07.2011        274MB        1.3.2207
OLYMPUS Viewer 2        OLYMPUS IMAGING CORP.        09.07.2011        0,20MB        1.1.1
OpenOffice.org 3.3        OpenOffice.org        08.11.2011        424MB        3.3.9567
PDF Editor 3                16.11.2010               
PDF24 Creator 3.0.0        PDF24.org        01.05.2011        33,2MB       
Personal Backup 5.0        J. Rathlev        27.12.2010               
PhotoScape                03.12.2010               
Picture Control Utility        Nikon        11.10.2011        26,0MB        1.3.0
PixelPlanet PdfPrinter 6        PixelPlanet        15.11.2010        34,2MB        6.02.9
QuickTime        Apple Inc.        04.08.2011        73,0MB        7.70.80.34
REACTOR        ijji        14.11.2011                1.00.0000
RENESIS® Player Browser Plugins        examotion® GmbH        02.11.2010        1,83MB        1.1.1
Safari        Apple Inc.        18.10.2011        43,2MB        5.34.51.22
SES Driver        Western Digital        18.05.2011        24,00KB        1.0.0
SpeedFan (remove only)                23.11.2011               
StarMoney 7.0        Star Finanz GmbH        20.12.2011                7.0
StarMoney 8.0        Star Finanz GmbH        27.04.2011                8.0
Steam        Valve Corporation        23.06.2011        35,5MB        1.0.0.0
SUPERAntiSpyware        SUPERAntiSpyware.com        20.12.2011        75,3MB        5.0.1142
Ulead PhotoImpact X3        Corel        11.10.2011        286MB        13.0
Uninstall 1.0.0.1                23.04.2011        10,9MB       
User Control        Salfeld Computer GmbH        17.07.2011        52,5MB       
ViewNX 2        Nikon        11.10.2011        51,6MB        2.2.1
WD SmartWare        Western Digital        18.05.2011        35,1MB        1.4.5.5
Windows Live Essentials        Microsoft Corporation        24.07.2011                15.4.3538.0513
Windows Live Mesh ActiveX control for remote connections        Microsoft Corporation        04.12.2010        5,58MB        15.4.5722.2
Windows Media Player Firefox Plugin        Microsoft Corp        03.04.2011        0,29MB        1.0.0.8
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)        OLYMPUS IMAGING CORP.        09.07.2011                09/09/2009 1.0.0.0
WinPcap 4.1.2        CACE Technologies        13.08.2011                4.1.0.2001
WinRAR 4.00 (32-Bit)        win.rar GmbH        18.04.2011                4.00.0

kira 23.12.2011 05:37
1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.5.1
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
[2011.05.25 15:15:10 | 000,000,963 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\conduit.xml
[2011.10.01 22:06:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKCU..\Run: [opera.exe] C:\Users\ck\AppData\Roaming\Opera\Opera\opera.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ToolbarsRestrictions present
[2011.12.16 18:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011.12.22 11:04:36 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001UA.job
[2011.12.18 21:59:56 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001UA.job
[2011.12.18 21:59:54 | 000,001,056 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001Core.job
@Alternate Data Stream - 168 bytes -> C:\Users\ck\Desktop\Gewerbeschein_C.Kuhn.jpeg:3or4kl4x13tuuug3Byamue2s4b

:Commands
[purity]
[emptytemp]

2.
Start- und Suchseite..hast Du selbst eingetragen? oder sollten wir rauslöschen?:
Code:
[2011.12.19 19:12:49 | 000,000,933 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\11-suche.xml
[2011.12.19 19:12:49 | 000,010,525 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\gmx-suche.xml
[2011.12.19 19:12:49 | 000,002,457 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\lastminute.xml
[2011.06.07 17:27:01 | 000,002,195 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\MyStart Search.xml
[2011.12.19 19:12:49 | 000,005,508 | ---- | M] () -- C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\webde-suche.xml
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/mb79?a=1ex5XM9l7OY
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "WEB.DE Suche"
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.7
FF - prefs.js..keyword.URL: "http://go.web.de/tb/mff_keyurl_search/?su="
3.
deinstalliere:
Zitat:
Hitman Pro 3.5
4.
gilt als unsicher:
Zitat:
IncrediMail
5.
Java aktualisieren
Deine Javaversion ist nicht aktuell.
Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

6.
Die alte Java-Versionen verbleiben auf dem PC...aus Sicherheitsgründen müssen entfernt werden,auch in Zukunft darauf achten!
falls noch existieren...deinstalliere:
Zitat:
Java(TM) 6 Update 22
Java(TM) 6 Update 26
7.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

8.
reinige dein System mit CCleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

9.
  • SUPERAntiSpyware FREE Edition updaten
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

10.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

11.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

12.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird Gmer beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

13.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    mbr.exe -t > C:\mbr.log & C:\mbr.log
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

btt2378 23.12.2011 17:54
Code:
otl

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{990af1c2-5a27-4460-8149-ecc6bc122af3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{990af1c2-5a27-4460-8149-ecc6bc122af3}\ not found.
Prefs.js: engine@conduit.com:3.3.5.1 removed from extensions.enabledItems
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
C:\Users\ck\AppData\Roaming\Mozilla\Firefox\Profiles\frwfkery.default\searchplugins\conduit.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll moved successfully.
File C:\Users\ck\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\opera.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware deleted successfully.
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Privacy\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ToolbarsRestrictions\ deleted successfully.
C:\Program Files\Common Files\Bitdefender\setupinformation\extern folder moved successfully.
C:\Program Files\Common Files\Bitdefender\setupinformation folder moved successfully.
C:\Program Files\Common Files\Bitdefender folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001UA.job moved successfully.
File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001UA.job not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-950739908-1822096089-279015882-1001Core.job moved successfully.
Unable to delete ADS C:\Users\ck\Desktop\Gewerbeschein_C.Kuhn.jpeg:3or4kl4x13tuuug3Byamue2s4b .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: admin
->Temp folder emptied: 754821363 bytes
->Temporary Internet Files folder emptied: 838588 bytes
->FireFox cache emptied: 149993848 bytes
->Flash cache emptied: 470 bytes
 
User: All Users
 
User: ck
->Temp folder emptied: 852623697 bytes
->Temporary Internet Files folder emptied: 51992398 bytes
->Java cache emptied: 6798016 bytes
->FireFox cache emptied: 178068568 bytes
->Google Chrome cache emptied: 8048335 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1903 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Test
->Temp folder emptied: 57658475 bytes
->Temporary Internet Files folder emptied: 33300879 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 135892491 bytes
->Flash cache emptied: 2440 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47677284 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.172,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12232011_135001

Files\Folders moved on Reboot...
File\Folder C:\Users\ck\AppData\Local\Temp\2011-05-11-1140621187_04-RG.PDF  not found!
File\Folder C:\Users\ck\AppData\Local\Temp\2011-06-14-1150221449_04-RG.PDF  not found!
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File\Folder C:\Windows\temp\etilqs_WJgEIROSQYDWy8CSAlax not found!
File\Folder C:\Windows\temp\etilqs_YznoYQlgxBFfuSzYfZmG not found!

Registry entries deleted on Reboot...
Code:
super anti spy
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 12/22/2011 bei 04:47 PM

Version der Applikation : 5.0.1142

Version der Kern-Datenbank : 8081
Version der Spur-Datenbank : 5893

Scan Art      : kompletter Scann
Totale Scann-Zeit : 00:00:11

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Gescannte Speicherelemente  : 0
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 0
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente    : 2
Erfasste Datei-Elemente  : 0
[code]gmer
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-23 17:44:59
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000072 ST350041 rev.CC44
Running: n8flsyow.exe; Driver: C:\Users\ck\AppData\Local\Temp\pxldqpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13D1                                                                                                                      82C84369 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                              82CBDD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[1180] USER32.dll!SetWindowLongA                                                              779D8BA3 5 Bytes  JMP 60523A89 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[1180] USER32.dll!SetWindowLongW                                                              779E4449 5 Bytes  JMP 60523A1B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[1180] USER32.dll!GetWindowInfo                                                                779E4B5E 5 Bytes  JMP 602CC909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[1180] USER32.dll!TrackPopupMenu                                                              779F2228 5 Bytes  JMP 602CCEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[6020] ntdll.dll!LdrLoadDll                                                                            77B022B8 5 Bytes  JMP 6014B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [75B2FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [75B2FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [75B2FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [75B2FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]  [75B2FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]  [75B2FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                    [74792437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                                [74775600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                              [747756BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                      [747924B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                            [74788514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                              [74784CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                            [7478506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                            [74785144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                                                  [74786671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                            [7478826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                        [747887BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                      [7478901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                            [7478E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                                [74784BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000005b                                                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd21984c                                                                       
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd21984c@a8f274dc2a57                                                            0x80 0x76 0xBA 0xAC ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd21984c@109add27ada5                                                            0x78 0xB5 0x5A 0x66 ...
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd21984c (not active ControlSet)                                                   
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd21984c@a8f274dc2a57                                                                0x80 0x76 0xBA 0xAC ...
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd21984c@109add27ada5                                                                0x78 0xB5 0x5A 0x66 ...

---- Files - GMER 1.0.15 ----

File            C:\Windows\Temp\TMP000009BF2EDB49BDC4BDBDBE                                                                                                        0 bytes

---- EOF - GMER 1.0.15 ----
--- --- ---

kira 24.12.2011 07:33
10.,11., und 13., bitte noch


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19