Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Sirefef.bv.2 in System32 - verschiedene Dateien (https://www.trojaner-board.de/112471-sirefef-bv-2-system32-verschiedene-dateien.html)

c0re1 28.03.2012 07:59
Sirefef.bv.2 in System32 - verschiedene Dateien
 
Liebe Helfer,

seit ein paar Tagen kommt immer wieder die Meldung meines Virenscanners, dass verschiedene Dateien im System32-Ordner mit dem Sirefef.bv.2 infiziert seien.
Das Entfernen dieser Dateien führt nicht weiter weil neue auftauchen.

Hier die Infos gem. der Anleitung:

1. defogger friert nach dem disable ein. Hier die gebildete defogger_disable:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:19 on 26/03/2012 (Hans Mustermann)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


2. DDS und attach:

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by *** at 15:41:30 on 2012-03-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3070.1967 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\TEMP\qyecsj\setup.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hamachi\hamachi-2.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\rpcnet.exe
C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
mStart Page = about:
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - c:\program files\vshare.tv plugin\BarLcher.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - c:\program files\vshare.tv plugin\BarLcher.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
uRun: [Google Update] "c:\users\***\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Ocs_SM] c:\users\***\appdata\roaming\ocs\sm\SearchAnonymizer.exe
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [NBAgent] "c:\program files\nero\nero 11\nero backitup\NBAgent.exe" /WinStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LogMeIn Hamachi Ui] "c:\program files\hamachi\hamachi-2-ui.exe" --auto-start
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
dRun: [ImperioServer] c:\program files\imperio\imperio server\ImperioServer.exe MIN
dRun: [NTsrv] c:\windows\temp\tqcsbb\setup.exe
StartupFolder: c:\users\bertra~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\***\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
uPolicies-explorer: NoRealMode = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Alles mit FDM herunterladen - file://c:\program files\free download manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\free download manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\free download manager\dllink.htm
IE: Free YouTube Download - c:\users\***\appdata\roaming\dvdvideosoftiehelpers\youtubedownload.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\free download manager\dlfvideo.htm
IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\icq7.6\ICQ.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{59D881D9-BB50-4E09-8623-7F4B65C90596} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\0553 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\142736F627D2537344245373 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\16C6963656E27776 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\4435C475C414E4D4F64656D6230303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\64259445A51224F6870264F6E60275C414E40273137303 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\830323E21387 : DhcpNameServer = 134.2.200.2 134.2.3.191
TCP: Interfaces\{BC893878-2B76-4518-86C8-D7680A8E757C} : DhcpNameServer = 10.93.8.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\***\appdata\roaming\mozilla\firefox\profiles\q30dsgm9.default\
FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\common files\mpdrm\NPMPDRM.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\***\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\***\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\users\***\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\***\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 AMService;AMService;c:\windows\temp\qyecsj\setup.exe run --> c:\windows\temp\qyecsj\setup.exe run [?]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2012-3-7 40560]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-1-14 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-1-14 12464]
R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2011-2-21 13440]
R0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\system32\drivers\OCDE.sys [2007-8-25 30480]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-17 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-2-16 242240]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\abbyy finereader 9.0\NetworkLicenseServer.exe [2007-11-8 566560]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-17 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-17 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-17 74640]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2011-5-24 1840128]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\hamachi\hamachi-2.exe [2012-2-28 1373576]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-1-6 331608]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\***\appdata\roaming\ocs\sm\SearchAnonymizerHelper.exe [2011-3-29 40960]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]
R3 b57nd60x;Broadcom NetXtreme-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-3-11 245760]
R3 NETwLv32; Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-11-18 6639616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 136176]
S2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\netbalancer\SeriousBit.NetBalancer.Service.exe [2010-12-12 10240]
S2 nod32krn;Whoisd32;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-2-25 30312]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2011-7-14 13184]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2011-4-26 2702848]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 136176]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-14 20992]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-3-7 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-3-7 11104]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-2-25 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-2-25 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-2-25 136680]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2011-2-25 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2011-2-25 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2011-2-25 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [2011-2-25 100352]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-19 1343400]
S3 wxpSvc;webcamXP Service;c:\program files\webcamxp 5\wService.exe [2011-7-27 5023744]
.
=============== Created Last 30 ================
.
2012-03-24 10:25:54 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-19 17:03:08 -------- d-----w- c:\program files\Origin Games
2012-03-19 17:02:47 -------- d-----w- c:\users\***\appdata\local\Origin
2012-03-19 17:02:46 -------- d-----w- c:\programdata\Origin
2012-03-19 17:00:21 -------- d-----w- c:\users\***\appdata\roaming\Origin
2012-03-19 17:00:20 -------- d-----w- c:\programdata\Electronic Arts
2012-03-19 17:00:08 -------- d-----w- c:\program files\Origin
2012-03-14 20:55:44 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 20:55:43 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 17:00:13 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:00:12 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 13:54:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 13:54:41 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 13:54:41 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:54:38 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 13:54:38 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 13:54:37 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-11 19:38:24 -------- d-----w- c:\users\***\appdata\roaming\Zeon
2012-03-11 19:33:57 -------- d-----w- c:\users\***\appdata\roaming\FLEXnet
2012-03-11 19:33:47 -------- d-----w- c:\users\***\appdata\roaming\ControlCenter4
2012-03-11 19:25:33 -------- d-----w- C:\Brother
2012-03-11 19:25:28 -------- d-----w- c:\programdata\ControlCenter4
2012-03-11 19:25:28 -------- d-----w- c:\program files\Browny02
2012-03-11 19:25:21 -------- d-----w- c:\program files\ControlCenter4
2012-03-11 19:16:55 217088 ----a-w- c:\windows\system32\BrJDec.dll
2012-03-11 19:16:55 1475072 ----a-w- c:\windows\system32\BrWi209d.dll
2012-03-11 19:16:52 55808 ----a-w- c:\windows\system32\BrUsi09d.dll
2012-03-11 19:16:51 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL
2012-03-11 19:16:48 103736 ----a-w- c:\windows\system32\BRRBTOOL.EXE
2012-03-11 19:16:46 77824 ----a-w- c:\windows\system32\BRLMW03A.DLL
2012-03-11 19:16:46 25299 ----a-w- c:\windows\system32\BRLM03A.DLL
2012-03-11 19:14:02 -------- d-----w- c:\programdata\zeon
2012-03-11 19:13:00 -------- d-----w- c:\users\***\appdata\roaming\Nuance
2012-03-11 19:12:04 -------- d-----w- c:\program files\common files\ScanSoft Shared
2012-03-11 19:12:00 -------- d-----w- c:\programdata\Nuance
2012-03-11 19:12:00 -------- d-----w- c:\program files\Nuance
2012-03-07 17:21:36 -------- d-----w- c:\users\***\appdata\local\DDMSettings
2012-03-07 08:16:18 -------- d-----w- c:\programdata\createonepart
2012-03-07 08:16:12 -------- d-----w- c:\programdata\explauncher
2012-03-07 08:16:11 -------- d-----w- c:\programdata\launcher
2012-03-07 08:15:44 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2012-03-07 08:15:32 -------- d-----w- c:\program files\Paragon Software
2012-03-07 08:01:47 922184 ----a-w- c:\windows\system32\pwNative.exe
2012-03-07 08:01:46 16472 ------w- c:\windows\system32\pwdrvio.sys
2012-03-07 08:01:45 11104 ------w- c:\windows\system32\pwdspio.sys
2012-03-07 08:01:40 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 7.1
2012-03-01 12:06:36 -------- d-----w- c:\program files\Hamachi
.
==================== Find3M ====================
.
2012-03-26 13:35:10 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-03-26 13:35:07 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-03-24 10:26:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 21:37:18 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-16 21:29:17 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-01-22 13:31:01 27248 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 Disk: ST9120822AS rev.3.CLF -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83408000]<< >>UNKNOWN [0x8CF99000]<< >>UNKNOWN [0x8CF88000]<< >>UNKNOWN [0x86FD3FD0]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 nt!IofCallDriver[0x83436FAE] -> \Device\Harddisk0\DR0[0x86CE9A10]
\Driver\Disk[0x86CE8B38] -> IRP_MJ_CREATE -> 0x8CF9D39F
3 [0x8CF9D59E] -> nt!IofCallDriver[0x83436FAE] -> [0x87012EF8]
\Driver\00001221[0x86DFD180] -> IRP_MJ_CREATE -> 0x86FD3FD0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:45:48,29 ===============


attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 18.05.2010 23:41:46
System Uptime: 26.03.2012 15:32:51 (0 hours ago)
.
Motherboard: LENOVO | | IEL10
Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz | U2E1 | 1467/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 106 GiB total, 1,135 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 5 GiB total, 5,045 GiB free.
G: is CDROM ()
I: is CDROM ()
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
ABBYY FineReader 9.0 Professional Edition
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0) - Deutsch
Advertising Center
Alnera FeedBuster
AmoK Playlist Copy 2.06
ANNO 1602 Königs-Edition
Anti-Twin (Installation 06.09.2011)
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Audible Download Manager
AudibleManager
Audiograbber 1.83 SE
Audiograbber MP3-Plugin
Auto Gordian Knot 2.55
Avira Free Antivirus
AviSynth 2.5
BGHSt CD-ROM - Grundwerk Band 1-46
BGHZ CD-ROM - Grundwerk Band 1-146
Bluetooth Stack for Windows by Toshiba
Brother MFL-Pro Suite DCP-7010
Brother MFL-Pro Suite DCP-7055
Camtasia Studio 7
capella 7
CCleaner
CDBurnerXP
Cisco Systems VPN Client 5.0.07.0290
CloneDVD2
Compatibility Pack für 2007 Office System
Convert AVI to MP4 1.3
D-Fend Reloaded 1.0.3 (deinstallieren)
D3DX10
DAEMON Tools Lite
Desktop Icon für Amazon
Digital Video Repair 2.2.0.1
DivX-Setup
DolbyFiles
Dropbox
Efficient Elements for presentations 1.3.0.78
eSupport UndeletePlus 3.0.2.1214
FIFA 10
Fifa 12 (c) Electronic Arts version 1
FIFA 2001
Firebird SQL Server - MAGIX Edition
FormatFactory 2.70
Free Download Manager 3.0
Free M4a to MP3 Converter 6.2
Free Studio version 4.6
Gigaflat
GoldWave v5.58
GOM Player
Google Chrome
Google Earth Plug-in
Google Gears
Google Talk Plugin
Google Update Helper
Hama Webcam Suite
High-Definition Video Playback
Hotspot Shield 2.24
ICQ 7.6 Build #5618 Banner Remover 1.0
ICQ Status Checker 1.8
ICQ7.6
ImagXpress
IrfanView (remove only)
iRotate
iTunes
Java Auto Updater
Java(TM) 6 Update 26
JDownloader
Kuffs Password Safe
Last.fm 1.5.4.27091
Logitech iTouch Software
LogMeIn Hamachi
LucasArts Star Wars: Episode I Racer
Lyrics Plugin for Winamp
Magic ISO Maker v5.5 (build 0281)
MediaCoder PMP Edition
Menu Templates - Starter Kit
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MiniTool Partition Wizard Home Edition 7.1
Movie Templates - Starter Kit
Mozilla Firefox 8.0.1 (x86 de)
Mozilla Thunderbird 11.0 (x86 de)
MSVC80_x86
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
mufin player 2.5
MusicBrainz Tagger 0.10.5
MyFreeCodec
MyPhoneExplorer
Nat Geo Quiz! Wild Life
NAVIGON Fresh 3.2.0
Nero 11
Nero 11 Disc Menus Basic
Nero 11 Effects Basic
Nero 11 Image Samples
Nero 11 Kwik Themes Basic
Nero 11 PiP Effects Basic
Nero Audio Pack 1
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Backup Drivers
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero CoverDesigner
Nero CoverDesigner 11
Nero CoverDesigner 11 Help (CHM)
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero Express 11
Nero Express 11 Help (CHM)
Nero InfoTool
Nero Installer
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode 11
Nero Recode 11 Help (CHM)
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero RescueAgent Help
Nero ShowTime
Nero SoundTrax 11
Nero SoundTrax 11 Help (CHM)
Nero StartSmart
Nero StartSmart Help
Nero Update
Nero Video 11
Nero Video 11 Help (CHM)
Nero Vision
Nero WaveEditor
Nero WaveEditor 11
Nero WaveEditor 11 Help (CHM)
Nero WaveEditor Help
nero.prerequisites.msi
NeroBurningROM
NeroExpress
neroxml
NetBalancer
No23 Recorder
Nokia Connectivity Cable Driver
NoteBurner 2.31
Nuance PaperPort 12
Nuance PDF Viewer Plus
NVIDIA Drivers
NVIDIA PhysX
OpenOffice.org 3.2
Opera 11.50
Oracle VM VirtualBox 4.1.8
Origin
Original CD Emulator Personal Edition
PaperPort Image Printer
Paragon Partition Manager™ 11 Free Edition
PC Connectivity Solution
PDF Combine
PDFCreator
PL-2303 USB-to-Serial
Prince of Persia T2T
Privoxy (remove only)
ProtectDisc Driver, Version 11
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recuva
Rosetta Stone Version 3
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Scansoft PDF Professional
Schlag den Raab
SearchAnonymizer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SHOUTcast Source DSP 1.9.1 (remove only)
Shutdown Buddy 1.0.0
simfy
Skype Click to Call
Skype™ 5.8
SopCast 3.2.9
SoundTrax
SRWare Iron 14.0.850.0
Streamripper (Remove only)
StreamTorrent 1.0
StreamTransport version: 1.0.2.2171
Subtitle Workshop 2.51
SubViewer
Synaptics Pointing Device Driver
System Requirements Lab
TightVNC 2.0.2
TmUnitedForever
TVUPlayer 2.5.3.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
Veetle TV 0.9.18
VLC media player 1.0.5
vShare.tv plugin 1.3
webcamXP 5
welcome
Win7codecs
Winamp
Winamp Anwendungserkennung
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR
WISO Steuer-Sparbuch 2011
XviD MPEG4 Video Codec (remove only)
YOU DON'T KNOW JACK®
Zattoo4 4.0.5
Zip Motion Block Video codec (Remove Only)
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Toolbar
.
==== End Of File ===========================


3. Gmer:

Ich habe das scannen nach etwa 24 Stunden gestoppt weil es nicht mehr weiterging. Das Log bis dahin trotzdem im Anhang.

Ich hoffe ihr könnt mir weiterhelfen.

Chris4You 28.03.2012 08:26
Hi,

das wird wohl Neuaufsetzen werden...

Bitte ein OTL-Log erstellen, lt. GMER haben wir Ihn hier (Rootkit):
C:\Windows\$NtUninstallKB21903$\2985288800

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

Danach lassen wir CF los:

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden...

Dann MAM:
Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

c0re1 28.03.2012 08:50
Danke für die schnelle Antwort. Hier die Logfiles:

OTL.Txt:
OTL Logfile:
Code:
OTL logfile created on: 28.03.2012 09:29:30 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 53,47% Memory free
5,99 Gb Paging File | 4,43 Gb Available in Paging File | 73,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106,41 Gb Total Space | 1,12 Gb Free Space | 1,05% Space Free | Partition Type: NTFS
Drive E: | 5,38 Gb Total Space | 5,04 Gb Free Space | 93,74% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Temp\qyecsj\setup.exe ()
PRC - C:\Programme\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\SRWare Iron\iron.exe (SRWare)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.)
PRC - C:\Programme\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\TightVNC\tvnserver.exe (GlavSoft LLC.)
PRC - C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\ABBYY FineReader 9.0\NetworkLicenseServer.exe (ABBYY (BIT Software))
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Programme\Hotspot Shield\bin\openvpntray.exe ()
MOD - C:\Programme\Hotspot Shield\bin\lang\gui-eng.dll ()
MOD - C:\Programme\SRWare Iron\avcodec-53.dll ()
MOD - C:\Programme\SRWare Iron\avformat-53.dll ()
MOD - C:\Programme\SRWare Iron\avutil-51.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - \\?\globalroot\systemroot\system32\mswsock.DLL ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (z800obex) -- %systemroot%\system32\ssoftservice.dll File not found
SRV - (vpcvmm) -- %systemroot%\system32\OneCareMP.dll File not found
SRV - (UsbDiag) -- %systemroot%\system32\NTIDrvr.dll File not found
SRV - (U81xmdm) -- %systemroot%\system32\avg7rsxp.dll File not found
SRV - (tsscoreservice) -- %systemroot%\system32\A4S2600.dll File not found
SRV - (tmlisten) -- %systemroot%\system32\mindretrieve.dll File not found
SRV - (tap0901) -- %systemroot%\system32\ctdvda2k.dll File not found
SRV - (susbser) -- %systemroot%\system32\portmapper.dll File not found
SRV - (Stltrk2k) -- %systemroot%\system32\USB11LDR.dll File not found
SRV - (smartscaps) -- %systemroot%\system32\wacomvhid.dll File not found
SRV - (se58bus) -- %systemroot%\system32\oracleservicesecinst.dll File not found
SRV - (se2Dnd5) -- %systemroot%\system32\vrmonsvc.dll File not found
SRV - (SANDRA) -- %systemroot%\system32\z800mdm.dll File not found
SRV - (s616mdm) -- %systemroot%\system32\lightscribeservice.dll File not found
SRV - (rtm) -- %systemroot%\system32\swupdtmr.dll File not found
SRV - (ROCKEYNT) -- %systemroot%\system32\{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}.dll File not found
SRV - (RivaTuner32) -- %systemroot%\system32\pinetmgr.dll File not found
SRV - (REVOSENS) -- %systemroot%\system32\mr2kserv.dll File not found
SRV - (Rawwan) -- %systemroot%\system32\Video3D.dll File not found
SRV - (qmofiltr) -- %systemroot%\system32\mgactrl.dll File not found
SRV - (procexp90) -- %systemroot%\system32\dmserver.dll File not found
SRV - (pmounter) -- %systemroot%\system32\ndiscm.dll File not found
SRV - (pgpsdkservice) -- %systemroot%\system32\hpzid412.dll File not found
SRV - (pdscheduler) -- %systemroot%\system32\adaptecstoragemanageragent.dll File not found
SRV - (pdlnemsg) -- %systemroot%\system32\retrolauncher.dll File not found
SRV - (OracleOraHome92ClientCache) -- %systemroot%\system32\SNC.dll File not found
SRV - (ntrtscan) -- %systemroot%\system32\vaiomediaplatform-musicserver-appserver.dll File not found
SRV - (nod32krn) -- %systemroot%\system32\iaimtv0.dll File not found
SRV - (NETw3v32) -- %systemroot%\system32\lckfldservice.dll File not found
SRV - (nbf) -- %systemroot%\system32\autostore.dll File not found
SRV - (mqdmmdfl) -- %systemroot%\system32\ssoftservice.dll File not found
SRV - (mfcom) -- %systemroot%\system32\pxfhmdfl.dll File not found
SRV - (mcmispupdmgr) -- %systemroot%\system32\npptnt2.dll File not found
SRV - (lxcf_device) -- %systemroot%\system32\avcgbfl.dll File not found
SRV - (LPCFilter) -- %systemroot%\system32\GVCplDrv.dll File not found
SRV - (licensemanagersocket) -- %systemroot%\system32\themes.dll File not found
SRV - (ksthunk) -- %systemroot%\system32\SrvcSSIOMngr.dll File not found
SRV - (jsdaemon) -- %systemroot%\system32\ipfilterdriver.dll File not found
SRV - (imapiservice) -- %systemroot%\system32\Dell1100_FUService.dll File not found
SRV - (ihcservice) -- %systemroot%\system32\sfdrv01.dll File not found
SRV - (HWSCtrl) -- %systemroot%\system32\razerusb.dll File not found
SRV - (guardian2) -- %systemroot%\system32\ZTEusbser6k.dll File not found
SRV - (emitray) -- %systemroot%\system32\oraclesnmppeerencapsulator.dll File not found
SRV - (DritekPortIO) -- %systemroot%\system32\mdvrmng.dll File not found
SRV - (DfwWebAgent) -- %systemroot%\system32\VX3000.dll File not found
SRV - (dcsloader) -- %systemroot%\system32\awservice.dll File not found
SRV - (db2licd) -- %systemroot%\system32\agnwifi.dll File not found
SRV - (CTEXFIFX.DLL) -- %systemroot%\system32\rslinx.dll File not found
SRV - (CnxTrUsb) -- %systemroot%\system32\pcidump.dll File not found
SRV - (cfosspeed) -- %systemroot%\system32\patrol_scheduler.dll File not found
SRV - (cdaudio) -- %systemroot%\system32\dlcg_device.dll File not found
SRV - (btnhnd) -- %systemroot%\system32\agpcpq.dll File not found
SRV - (botcbs) -- %systemroot%\system32\SE2Bmdfl.dll File not found
SRV - (bltrust) -- %systemroot%\system32\ati2mtaa.dll File not found
SRV - (aw_host) -- %systemroot%\system32\cwcpsvc20.dll File not found
SRV - (ATSWPDRV) -- %systemroot%\system32\NWSAP.dll File not found
SRV - (alerter) -- %systemroot%\system32\zpjava.dll File not found
SRV - (AMService) -- C:\Windows\TEMP\qyecsj\setup.exe ()
SRV - (Hamachi2Svc) -- C:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (vsmon) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SearchAnonymizer) -- C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (wxpSvc) -- C:\Program Files\webcamXP 5\wService.exe (Moonware Studios)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (NetBalancer Windows Service) -- C:\Programme\NetBalancer\SeriousBit.NetBalancer.Service.exe (Microsoft)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (tvnserver) -- C:\Programme\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (PDFProFiltSrvPP) -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (alertservice) -- C:\Windows\System32\sparrow.dll ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- C:\Programme\ABBYY FineReader 9.0\NetworkLicenseServer.exe (ABBYY (BIT Software))
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (tclondrv) -- system32\DRIVERS\tclondrv.sys File not found
DRV - (NPF) -- system32\drivers\npf.sys File not found
DRV - (FsUsbExDisk) -- C:\Windows\system32\FsUsbExDisk.SYS File not found
DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found
DRV - (Bcim) -- system32\DRIVERS\bcim.sys File not found
DRV - (AmDriver) -- C:\Windows\system32\AMDriver.sys File not found
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation)
DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG)
DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (vncmirror) -- C:\Windows\System32\drivers\vncmirror.sys (RealVNC Ltd.)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\Windows\System32\drivers\ssceserd.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (NETwLv32)    Intel(R) -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (toshidpt) -- C:\Windows\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ntcdrdrv) -- C:\Windows\System32\drivers\ntcdrdrv.sys (NoteBurn Software)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (OCDE) -- C:\Windows\System32\drivers\OCDE.sys (ZTekWare.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (itchfltr) -- C:\Windows\System32\drivers\itchfltr.sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\Windows\System32\drivers\Lhidusb.sys (Logitech, Inc.)
DRV - (LCcfltr) -- C:\Windows\System32\drivers\LCCFLTR.SYS (Logitech, Inc.)
DRV - (ZSMC301b) -- C:\Windows\System32\drivers\usbVM31b.sys (VM)
DRV - (Aspi32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:PA
IE - HKLM\..\SearchScopes,DefaultScope = {40439b93-f815-4122-8073-d03bed94c303}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{40439b93-f815-4122-8073-d03bed94c303}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-shoutcast-chromesbox-en-us
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.hotspotshield.com/g/?c=h
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD 7D 34 AC D3 F6 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&k=0
IE - HKCU\..\SearchScopes\{084DCDAA-E105-4634-B236-6C4B7DE3B473}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{3B631C1A-5821-44BE-83BF-188C95772858}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://www.mystart.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E6D7973746172742E636F6D2F7365617263685F772E7068703F747970653D776262746F6F6C315F306D7363682666723D6368722D766D6E26713D7B7365617263685465726D737D2665693D5554462D38&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&k=0
IE - HKCU\..\SearchScopes\{40439b93-f815-4122-8073-d03bed94c303}: "URL" = hxxp://slirsredirect.search.aol.com.anonymize-me.de/?anonymto=687474703A2F2F736C69727372656469726563742E7365617263682E616F6C2E636F6D2F736C6972735F687474702F7372656469723F7372656469723D323638352671756572793D7B7365617263685465726D737D26696E766F636174696F6E547970653D746235302D69652D73686F7574636173742D6368726F6D6573626F782D656E2D7573&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&k=0
IE - HKCU\..\SearchScopes\{6D255F23-0DF8-4E26-A82D-9CF0DD332544}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{812F297E-4D50-43B6-A008-CAE7BA221C12}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{82BF699D-898F-4954-8FEE-EE00CA355F76}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826747970653D33303233393826703D7B7365617263685465726D737D&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&k=0
IE - HKCU\..\SearchScopes\{BF05D949-8E82-4BAD-A937-1DB55CA9C848}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{C3CC3850-B41C-488C-9AA9-9307825DFAE3}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.07.28 14:01:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.03.10 13:57:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.07 19:18:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.09 19:29:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.27 20:22:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.30 10:20:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.07.29 22:30:04 | 000,000,000 | ---D | M]
 
[2011.12.09 18:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.05.19 01:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.09 19:29:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.05 01:04:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.10.19 13:58:40 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2011.11.21 06:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.08.31 12:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.11.21 03:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 03:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.21 03:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 03:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.29 13:36:46 | 000,004,015 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml
[2011.03.29 13:36:46 | 000,002,345 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\webblog.xml
[2011.11.21 03:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 03:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Znout (de) (Enabled)
CHR - default_search_provider: search_url = hxxp://de.znout.org.anonymize-me.de/?anonymto=687474703A2F2F64652E7A6E6F75742E6F72672F7365617263682E7068703F713D7B7365617263685465726D737D&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&k=0
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files\Common Files\mpDRM\NPMPDRM.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: vshare plugin = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
 
O1 HOSTS File: ([2011.05.18 20:18:46 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59D881D9-BB50-4E09-8623-7F4B65C90596}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC893878-2B76-4518-86C8-D7680A8E757C}: DhcpNameServer = 10.93.8.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c47b7489-58e5-11e1-9bd1-c4a4d2bbc869}\Shell - "" = AutoRun
O33 - MountPoints2\{c47b7489-58e5-11e1-9bd1-c4a4d2bbc869}\Shell\AutoRun\command - "" = J:\racer.exe
O33 - MountPoints2\{e1712cc3-6378-11df-bf6d-001c26ee4cdb}\Shell - "" = AutoRun
O33 - MountPoints2\{e1712cc3-6378-11df-bf6d-001c26ee4cdb}\Shell\AutoRun\command - "" = F:\start.exe /auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.28 09:28:12 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.03.28 08:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.28 08:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.26 15:06:29 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\***\Desktop\dds.com
[2012.03.24 13:46:13 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Dateien Jacoby
[2012.03.19 19:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2012.03.19 19:02:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Origin
[2012.03.19 19:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.03.19 19:00:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Origin
[2012.03.19 19:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012.03.19 19:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.03.19 19:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2012.03.14 22:55:44 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.03.14 22:55:43 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.03.14 21:22:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\TBBT
[2012.03.14 19:00:13 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.14 19:00:12 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.14 15:54:41 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.03.14 15:54:41 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.03.14 15:54:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.03.14 15:54:38 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.03.11 21:38:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Zeon
[2012.03.11 21:38:18 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene PaperPort-Dokumente
[2012.03.11 21:33:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FLEXnet
[2012.03.11 21:33:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ControlCenter4
[2012.03.11 21:25:33 | 000,000,000 | ---D | C] -- C:\Brother
[2012.03.11 21:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4
[2012.03.11 21:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2012.03.11 21:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4
[2012.03.11 21:16:55 | 001,475,072 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrWi209d.dll
[2012.03.11 21:16:55 | 000,217,088 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrJDec.dll
[2012.03.11 21:16:52 | 000,055,808 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrUsi09d.dll
[2012.03.11 21:16:48 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2012.03.11 21:16:46 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BRLMW03A.DLL
[2012.03.11 21:16:46 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\System32\BRLM03A.DLL
[2012.03.11 21:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon
[2012.03.11 21:13:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nuance
[2012.03.11 21:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2012.03.11 21:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
[2012.03.11 21:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2012.03.11 21:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012.03.11 21:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2012.03.11 21:12:00 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MeineWebSeiten
[2012.03.07 19:21:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DDMSettings
[2012.03.07 10:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\createonepart
[2012.03.07 10:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2012.03.07 10:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2012.03.07 10:15:44 | 000,040,560 | ---- | C] (Paragon Software Group) -- C:\Windows\System32\drivers\hotcore3.sys
[2012.03.07 10:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 11 Free Edition
[2012.03.07 10:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2012.03.07 10:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 7.1
[2012.03.07 10:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\MiniTool Partition Wizard Home Edition 7.1
[2012.03.05 01:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.05 01:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.03.01 14:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamachi
[2012.03.01 14:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Hamachi
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
[1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ]
[1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.28 09:38:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.28 09:38:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.28 09:28:15 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.03.28 09:12:22 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2669674786-3467101850-3848234698-1001UA.job
[2012.03.28 08:58:08 | 000,009,310 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip
[2012.03.28 08:54:40 | 000,007,017 | ---- | M] () -- C:\Users\***\Desktop\Gmer.7z
[2012.03.28 08:49:30 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.28 08:49:30 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.28 08:47:35 | 009,311,158 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.28 08:47:35 | 003,602,036 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.28 08:47:35 | 000,344,180 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.28 08:47:35 | 000,055,934 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.28 08:39:32 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2012.03.28 08:39:29 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2012.03.28 08:38:34 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012.03.28 08:38:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.28 08:38:20 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.27 15:12:22 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2669674786-3467101850-3848234698-1001Core.job
[2012.03.26 15:49:49 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\l2bg6sd1.exe
[2012.03.26 15:06:33 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\***\Desktop\dds.com
[2012.03.26 15:05:58 | 000,000,156 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.03.26 15:04:36 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.03.26 14:41:49 | 000,427,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.25 22:52:40 | 000,039,230 | ---- | M] () -- C:\Users\***\Desktop\Text Collage-1.pdf
[2012.03.24 13:05:19 | 000,000,914 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2012.03.24 12:26:01 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.03.23 16:40:17 | 000,115,000 | ---- | M] () -- C:\Users\***\Desktop\1155l6f_20.jpeg
[2012.03.19 19:00:20 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.03.16 13:39:05 | 000,001,062 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.03.11 21:39:09 | 000,103,457 | ---- | M] () -- C:\Users\***\Desktop\Bafög bescheid.pdf
[2012.03.07 08:42:39 | 000,415,916 | ---- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012.02.29 20:02:48 | 000,017,408 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
[1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ]
[1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.28 08:58:08 | 000,009,310 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip
[2012.03.28 08:54:40 | 000,007,017 | ---- | C] () -- C:\Users\***\Desktop\Gmer.7z
[2012.03.26 15:49:47 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\l2bg6sd1.exe
[2012.03.26 15:05:58 | 000,000,156 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.03.26 15:04:35 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.03.25 22:52:38 | 000,039,230 | ---- | C] () -- C:\Users\***\Desktop\Text Collage-1.pdf
[2012.03.24 13:05:19 | 000,000,914 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2012.03.24 12:25:54 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012.03.23 16:40:24 | 000,115,000 | ---- | C] () -- C:\Users\***\Desktop\1155l6f_20.jpeg
[2012.03.19 19:00:20 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.03.11 21:39:06 | 000,103,457 | ---- | C] () -- C:\Users\***\Desktop\Bafög bescheid.pdf
[2012.03.11 21:16:51 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012.03.11 21:16:46 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012.03.11 21:16:44 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2012.03.07 10:01:47 | 000,922,184 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2012.03.07 10:01:46 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2012.03.07 10:01:45 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.10.27 13:08:32 | 000,000,086 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011.10.26 00:20:16 | 000,000,853 | ---- | C] () -- C:\Windows\wiso.ini
[2011.10.19 13:52:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.10.17 12:10:34 | 000,000,551 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini
[2011.10.17 11:27:45 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.08.18 10:17:00 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{30167394-935D-4681-806D-508904A9CC50}
[2011.07.06 13:04:18 | 000,000,040 | ---- | C] () -- C:\Users\***\AppData\Local\tmp.no23
[2011.06.24 14:02:27 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.06.21 09:04:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.21 14:41:21 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.02.15 23:09:32 | 005,640,880 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.12.20 11:11:20 | 000,000,028 | ---- | C] () -- C:\Users\***\AppData\Roaming\iRotate.INI
[2010.10.05 10:24:54 | 000,010,752 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.01 13:36:55 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2010.10.01 11:19:35 | 000,000,926 | ---- | C] () -- C:\Windows\AirLite.INI
[2010.08.03 18:13:01 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.08.02 13:53:53 | 000,007,597 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.07.17 19:23:49 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.07.17 19:23:49 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7010.DAT
[2010.06.29 15:17:28 | 000,001,536 | ---- | C] () -- C:\Windows\System32\bcevent.dll
[2010.06.06 20:00:57 | 000,001,476 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml
[2010.05.23 12:20:01 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010.05.23 12:20:01 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.05.21 17:10:06 | 000,034,153 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.05.19 21:33:25 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2010.05.19 16:41:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.19 01:58:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.05.18 23:30:14 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2010.05.18 23:29:05 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2010.04.09 22:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0B174FAE

< End of report >
--- --- ---


Extras.Txt:
OTL Logfile:
Code:
OTL Extras logfile created on: 28.03.2012 09:29:30 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 53,47% Memory free
5,99 Gb Paging File | 4,43 Gb Available in Paging File | 73,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106,41 Gb Total Space | 1,12 Gb Free Space | 1,05% Space Free | Partition Type: NTFS
Drive E: | 5,38 Gb Total Space | 5,04 Gb Free Space | 93,74% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- C:\Program Files\SRWare Iron\iron.exe (SRWare)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.6 Build #5618 Banner Remover 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{18FF899B-CEB9-4C40-80ED-04A3A274B55B}_is1" = Alnera FeedBuster
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1EEE7BCD-FC6D-47AF-9D1A-7A37826A5811}" = Nat Geo Quiz! Wild Life
"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{304D416E-CCA6-A949-A728-19702A085FC1}" = simfy
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1" = MiniTool Partition Wizard Home Edition 7.1
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7055
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{45F4941E-5E77-11DF-A71D-005056C00008}" = Paragon Partition Manager™ 11 Free Edition
"{469D0E8F-2B20-47FD-8FB3-8769F348A67F}" = mufin player 2.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5E27A19D-0A3C-4708-98EA-A120F6318930}" = SubViewer
"{5E2B1ED0-7B71-4015-929E-E3651CF3F5EF}" = Original CD Emulator Personal Edition
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{611E3800-CE31-4953-8AD4-5657B6EE7ACF}" = Oracle VM VirtualBox 4.1.8
"{614F6133-1897-3CB9-859A-F2A19FBE8D4A}" = Google Talk Plugin
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75E9A522-65D2-4200-A95F-C3EF89703263}" = Lyrics Plugin for Winamp
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E4413BB-CE31-4E01-A1C0-E37BDD0187CE}" = Nero 11
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81AAF01A-C7F0-412D-979C-06ABD052B43A}" = capella 7
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.8
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite DCP-7010
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 14.0.850.0
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C640CAE0-8024-11D4-0090-B700902724B3}" = FIFA 2001
"{C9E91711-8600-4919-AEF0-D4821F886797}_is1" = Gigaflat
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED370B93-44B9-478F-89F3-5CF10F50C235}" = Kuffs Password Safe
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmoK Playlist Copy" = AmoK Playlist Copy 2.06
"ANNO 1602 Königs-Edition" = ANNO 1602 Königs-Edition
"Anti-Twin 2011-09-06 13.28.39" = Anti-Twin (Installation 06.09.2011)
"AnyDVD" = AnyDVD
"Audacity_is1" = Audacity 1.2.6
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"bghst.nfo" = BGHSt CD-ROM - Grundwerk Band 1-46
"bghz.nfo" = BGHZ CD-ROM - Grundwerk Band 1-146
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"DAEMON Tools Lite" = DAEMON Tools Lite
"DesktopIconAmazon" = Desktop Icon für Amazon
"D-Fend Reloaded" = D-Fend Reloaded 1.0.3 (deinstallieren)
"Digital Video Repair_is1" = Digital Video Repair 2.2.0.1
"DivX Setup" = DivX-Setup
"ee4p_is1" = Efficient Elements for presentations 1.3.0.78
"eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.2.1214
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"FormatFactory" = FormatFactory 2.70
"Free Download Manager_is1" = Free Download Manager 3.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free Studio_is1" = Free Studio version 4.6
"GoldWave v5.58" = GoldWave v5.58
"GOM Player" = GOM Player
"HotspotShield" = Hotspot Shield 2.24
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"iRotate" = iRotate
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.27091
"LogMeIn Hamachi" = LogMeIn Hamachi
"LucasArts' Star Wars: Episode I Racer" = LucasArts Star Wars: Episode I Racer
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MAGIX_MSI_mufin_player_2_5" = mufin player 2.5
"MediaCoder PMP Edition" = MediaCoder PMP Edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Thunderbird 11.0 (x86 de)" = Mozilla Thunderbird 11.0 (x86 de)
"MPE" = MyPhoneExplorer
"MusicBrainz Tagger 0.10.5" = MusicBrainz Tagger 0.10.5
"Nat Geo Quiz! Wild Life" = Nat Geo Quiz! Wild Life
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"NetBalancer_is1" = NetBalancer
"NoteBurner_is1" = NoteBurner 2.31
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.50.1074" = Opera 11.50
"Origin" = Origin
"PDF Combine_is1" = PDF Combine
"Privoxy" = Privoxy (remove only)
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"Schlag den Raab_is1" = Schlag den Raab
"SearchAnonymizer" = SearchAnonymizer
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"Shutdown Buddy" = Shutdown Buddy 1.0.0
"Simfy" = simfy
"SopCast" = SopCast 3.2.9
"Streamripper" = Streamripper (Remove only)
"StreamTorrent 1.0" = StreamTorrent 1.0
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TightVNC" = TightVNC 2.0.2
"TmUnitedForever_is1" = TmUnitedForever
"TVUPlayer" = TVUPlayer 2.5.3.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.5
"vShare.tv plugin" = vShare.tv plugin 1.3
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"wLite" = webcamXP 5
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"YDKJG" = YOU DON'T KNOW JACK®
"Zattoo4" = Zattoo4 4.0.5
"ZMBV" = Zip Motion Block Video codec (Remove Only)
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.03.2012 14:00:24 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.03.2012 15:11:58 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.03.2012 16:10:16 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.03.2012 17:12:40 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.03.2012 18:01:07 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 28.03.2012 02:39:51 | Computer Name = ***-PC | Source = NetBalancer Windows Service | ID = 0
Description = SeriousBit.NetBalancer.Core.Adapters.DriverLoadException: Driver failed
 to load or was not installed. Try to reinstall application.    bei SeriousBit.NetBalancer.Core.Adapters.NetworkAdapter.a()

  bei SeriousBit.NetBalancer.Core.Adapters.NetworkAdapter.b()    bei fq.f()    bei
 f3.a(String[] A_0)
 
Error - 28.03.2012 02:39:52 | Computer Name = ***-PC | Source = NetBalancer Windows Service | ID = 0
Description = Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
 
Error - 28.03.2012 02:42:09 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 28.03.2012 02:47:35 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 28.03.2012 03:11:46 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 28.03.2012 03:27:16 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 28.03.2012 03:27:16 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:  %%-2140993535
 
Error - 28.03.2012 03:27:16 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%-2140993535
 
Error - 28.03.2012 03:27:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 28.03.2012 03:27:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:  %%-2140993535
 
Error - 28.03.2012 03:27:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%-2140993535
 
Error - 28.03.2012 03:29:38 | Computer Name = ***-PC | Source = PNRPSvc | ID = 102
Description =
 
Error - 28.03.2012 03:29:38 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 28.03.2012 03:29:38 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%-2140993535
 
Error - 28.03.2012 03:29:38 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:  %%-2140993535
 
 
< End of report >
--- --- ---

Chris4You 28.03.2012 09:05
Hi,

unbedingt nach dem OTL-Fix ComboFix ausführen:

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
PRC - C:\Windows\Temp\qyecsj\setup.exe ()

:FILES
C:\Windows\$NtUninstallKB21903$
C:\Windows\$NtUninstallKB21903$\2985288800

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = dword:0x01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = dword:0x01
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:0x01
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = dword:0x01

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris

c0re1 28.03.2012 09:34
Hier die OTL-Fix-Log: (führe dann jetzt ComboFix aus)


All processes killed
========== OTL ==========
No active process named setup.exe was found!
========== FILES ==========
Folder move failed. C:\Windows\$NtUninstallKB21903$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB21903$\systemprofile\Searches folder moved successfully.
C:\Windows\$NtUninstallKB21903$\systemprofile\Saved Games folder moved successfully.
C:\Windows\$NtUninstallKB21903$\systemprofile\Lokale Einstellungen folder moved successfully.
C:\Windows\$NtUninstallKB21903$\systemprofile\Links folder moved successfully.
C:\Windows\$NtUninstallKB21903$\systemprofile\Cookies folder moved successfully.
C:\Windows\$NtUninstallKB21903$\systemprofile\Contacts folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\LocalLow scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Verlauf folder moved successfully.
C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Temporary Internet Files folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\LogMeIn Hamachi folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\Cra shReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB21903$\systemprofile\Anwendungsdaten folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\RegBack scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB21903$\Journal folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB21903$ scheduled to be moved on reboot.
File\Folder C:\Windows\$NtUninstallKB21903$\2985288800 not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"cval" | dword:0x01 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"EnableFirewall" |dword:0x01 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall" |dword:0x01 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\\"EnableFirewall" | dword:0x01 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ***
->Temp folder emptied: 2016 bytes
->Temporary Internet Files folder emptied: 28171224 bytes
->Java cache emptied: 13092105 bytes
->FireFox cache emptied: 110800835 bytes
->Google Chrome cache emptied: 5837168 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 114876 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Test
->Temp folder emptied: 2075404 bytes
->Temporary Internet Files folder emptied: 48937717 bytes
->FireFox cache emptied: 30707308 bytes
->Flash cache emptied: 960 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 445730692 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 654,00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 03282012_101723

Files\Folders moved on Reboot...
Folder move failed. C:\Windows\$NtUninstallKB21903$\TxR scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\LocalLow scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google scheduled to be moved on reboot.
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Google not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\Cra shReports not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Temp not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Google\CrashReports not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Google not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten not found!
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\LogMeIn Hamachi folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\LocalLow scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\LocalLow scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\TxR scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\LocalLow scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB21903$ scheduled to be moved on reboot.
File\Folder C:\Windows\temp\ZLT01edb.TMP not found!

Registry entries deleted on Reboot...

Chris4You 28.03.2012 10:10
Hi,

ok...

chris

c0re1 28.03.2012 11:54
Also habe ComboFix vollständig durchlaufen lassen allerdings ist der PC nach einem Neustart und während ComboFix die Log-Datei erstellt hat einfach abgestürzt. Trotzdem hier die ComboFix.txt aus C:\ComboFix:


ComboFix 12-03-27.03 - *** 28.03.2012 11:31:39.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3070.2321 [GMT 2:00]
ausgeführt von:: C:\Users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))


C:\install.exe
C:\Program Files\Perfect Optimizer
C:\Program Files\Perfect Optimizer\License.ini
C:\Program Files\Perfect Optimizer\PerfectOptimizer.ini
C:\Users\***\AppData\Local\lame_enc.dll
C:\Users\***\AppData\Local\no23xwrapper.dll
C:\Users\***\AppData\Local\ogg.dll
C:\Users\***\AppData\Local\vorbis.dll
C:\Users\***\AppData\Local\vorbisenc.dll
C:\Users\***\AppData\Local\vorbisfile.dll
C:\Users\***\ntuser.dat.tmp
C:\Windows\$NtUninstallKB21903$\2985288800\@
C:\Windows\$NtUninstallKB21903$\2985288800\cfg.ini
C:\Windows\$NtUninstallKB21903$\2985288800\Desktop.ini
C:\Windows\$NtUninstallKB21903$\2985288800\L\xadqgnnk
C:\Windows\$NtUninstallKB21903$\2985288800\U\00000001.@
C:\Windows\$NtUninstallKB21903$\2985288800\U\00000002.@
C:\Windows\$NtUninstallKB21903$\2985288800\U\00000004.@
C:\Windows\$NtUninstallKB21903$\2985288800\U\80000000.@
C:\Windows\$NtUninstallKB21903$\2985288800\U\80000004.@
C:\Windows\$NtUninstallKB21903$\2985288800\U\80000032.@
C:\Windows\$NtUninstallKB21903$\2985288800\version
C:\Windows\$NtUninstallKB21903$\3218322970
C:\Windows\Fonts\ERASLGHT.TTF
C:\Windows\Fonts\LFAXD.TTF
C:\Windows\IsUn0407.exe
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.tmp
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.tmp
C:\Windows\system32\dds_trash_log.cmd
C:\Windows\system32\drivers\etc\hosts.ics
C:\Windows\system32\muzapp.exe
C:\Windows\system32\Packet.dll
C:\Windows\system32\WanPacket.dll
C:\Windows\unin0407.exe

Infizierte Kopie von C:\Windows\system32\drivers\afd.sys wurde gefunden und desinfiziert
Kopie von - The cat found it :) wurde wiederhergestellt

((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_AMService
-------\Service_NPF


((((((((((((((((((((((( Dateien erstellt von 2012-02-28 bis 2012-03-28 ))))))))))))))))))))))))))))))


2012-03-28 09:58:00 . 2012-03-28 09:58:00 -------- d-----w- C:\Users\Test\AppData\Local\temp
2012-03-28 06:54:28 . 2012-03-28 06:54:29 -------- d-----w- C:\Program Files\7-Zip
2012-03-19 17:03:08 . 2012-03-19 17:03:08 -------- d-----w- C:\Program Files\Origin Games
2012-03-19 17:02:47 . 2012-03-19 17:02:47 -------- d-----w- C:\Users\***\AppData\Local\Origin
2012-03-19 17:02:46 . 2012-03-19 17:05:32 -------- d-----w- C:\ProgramData\Origin
2012-03-19 17:00:21 . 2012-03-19 17:03:08 -------- d-----w- C:\Users\***\AppData\Roaming\Origin
2012-03-19 17:00:20 . 2012-03-19 17:00:20 -------- d-----w- C:\ProgramData\Electronic Arts
2012-03-19 17:00:08 . 2012-03-19 17:02:42 -------- d-----w- C:\Program Files\Origin
2012-03-14 20:55:44 . 2011-11-19 14:50:02 3968368 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2012-03-14 20:55:43 . 2011-11-19 14:50:02 3913584 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-03-14 17:00:13 . 2012-02-03 03:54:27 2343424 ----a-w- C:\Windows\system32\win32k.sys
2012-03-14 17:00:12 . 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\system32\DWrite.dll
2012-03-14 13:54:41 . 2012-01-25 05:32:35 58880 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-03-14 13:54:41 . 2012-01-25 05:32:34 129536 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-03-14 13:54:41 . 2012-01-25 05:27:51 8192 ----a-w- C:\Windows\system32\rdrmemptylst.exe
2012-03-14 13:54:38 . 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\system32\rdpcore.dll
2012-03-14 13:54:38 . 2012-02-17 04:13:22 24576 ----a-w- C:\Windows\system32\drivers\tdtcp.sys
2012-03-14 13:54:37 . 2012-02-17 04:14:08 183808 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-03-11 19:38:24 . 2012-03-11 19:38:24 -------- d-----w- C:\Users\***\AppData\Roaming\Zeon
2012-03-11 19:33:57 . 2012-03-11 19:33:57 -------- d-----w- C:\Users\***\AppData\Roaming\FLEXnet
2012-03-11 19:33:47 . 2012-03-11 19:34:41 -------- d-----w- C:\Users\***\AppData\Roaming\ControlCenter4
2012-03-11 19:25:33 . 2012-03-11 19:25:33 -------- d-----w- C:\Brother
2012-03-11 19:25:28 . 2012-03-11 19:25:30 -------- d-----w- C:\Program Files\Browny02
2012-03-11 19:25:28 . 2012-03-11 19:25:28 -------- d-----w- C:\ProgramData\ControlCenter4
2012-03-11 19:25:21 . 2012-03-11 19:25:28 -------- d-----w- C:\Program Files\ControlCenter4
2012-03-11 19:16:55 . 2010-06-10 06:09:28 1475072 ----a-w- C:\Windows\system32\BrWi209d.dll
2012-03-11 19:16:55 . 2010-04-01 10:28:35 217088 ----a-w- C:\Windows\system32\BrJDec.dll
2012-03-11 19:16:52 . 2010-06-07 11:18:02 55808 ----a-w- C:\Windows\system32\BrUsi09d.dll
2012-03-11 19:16:51 . 2005-01-17 07:10:16 45056 ----a-w- C:\Windows\system32\BRTCPCON.DLL
2012-03-11 19:16:48 . 2010-05-10 08:45:58 103736 ----a-w- C:\Windows\system32\BRRBTOOL.EXE
2012-03-11 19:16:46 . 2010-04-02 05:33:34 25299 ----a-w- C:\Windows\system32\BRLM03A.DLL
2012-03-11 19:16:46 . 2004-08-09 06:42:08 77824 ----a-w- C:\Windows\system32\BRLMW03A.DLL
2012-03-11 19:14:02 . 2012-03-11 19:14:02 -------- d-----w- C:\ProgramData\zeon
2012-03-11 19:13:00 . 2012-03-11 19:38:14 -------- d-----w- C:\Users\***\AppData\Roaming\Nuance
2012-03-11 19:12:52 . 2012-03-11 19:12:59 -------- d-----w- C:\ProgramData\ScanSoft
2012-03-11 19:12:04 . 2012-03-11 19:12:15 -------- d-----w- C:\Program Files\Common Files\ScanSoft Shared
2012-03-11 19:12:00 . 2012-03-11 19:35:32 -------- d-----w- C:\ProgramData\Nuance
2012-03-11 19:12:00 . 2012-03-11 19:14:59 -------- d-----w- C:\Program Files\Nuance
2012-03-07 17:21:36 . 2012-03-07 17:21:36 -------- d-----w- C:\Users\***\AppData\Local\DDMSettings
2012-03-07 08:16:18 . 2012-03-07 08:16:18 -------- d-----w- C:\ProgramData\createonepart
2012-03-07 08:16:12 . 2012-03-07 08:16:12 -------- d-----w- C:\ProgramData\explauncher
2012-03-07 08:16:11 . 2012-03-07 08:16:11 -------- d-----w- C:\ProgramData\launcher
2012-03-07 08:15:44 . 2010-05-18 10:25:52 40560 ----a-w- C:\Windows\system32\drivers\hotcore3.sys
2012-03-07 08:15:32 . 2012-03-07 08:15:32 -------- d-----w- C:\Program Files\Paragon Software
2012-03-07 08:01:47 . 2012-01-18 14:55:58 922184 ----a-w- C:\Windows\system32\pwNative.exe
2012-03-07 08:01:46 . 2012-01-18 14:55:56 16472 ------w- C:\Windows\system32\pwdrvio.sys
2012-03-07 08:01:45 . 2012-01-18 14:55:54 11104 ------w- C:\Windows\system32\pwdspio.sys
2012-03-07 08:01:40 . 2012-03-07 08:01:43 -------- d-----w- C:\Program Files\MiniTool Partition Wizard Home Edition 7.1
2012-03-04 23:02:27 . 2012-03-04 23:02:27 -------- d-----w- C:\Program Files\Common Files\Skype
2012-03-01 12:06:36 . 2012-03-01 12:06:43 -------- d-----w- C:\Program Files\Hamachi
.


(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-03-28 10:08:51 . 2010-05-18 21:29:05 17408 ----a-w- C:\Windows\system32\rpcnetp.exe
2012-03-28 10:03:28 . 2010-05-18 21:49:41 58288 ----a-w- C:\Windows\system32\rpcnet.dll
2012-03-24 10:26:01 . 2011-05-15 10:28:53 414368 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 13:51:08 . 2010-06-20 14:01:59 164880 ---ha-w- C:\Users\***\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2012-02-16 21:37:18 . 2012-02-16 21:37:18 242240 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-02-16 21:29:17 . 2010-05-19 18:48:00 473656 ----a-w- C:\Windows\system32\drivers\sptd.sys
2012-02-15 18:54:55 . 2011-10-17 08:33:44 137416 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2012-01-22 13:31:01 . 2012-01-22 13:31:01 27248 ----a-w- C:\Windows\system32\drivers\cnnctfy2.sys
2012-01-04 08:58:41 . 2012-02-14 21:21:09 442880 ----a-w- C:\Windows\system32\ntshrui.dll
2012-01-04 00:48:42 . 2012-01-04 00:48:42 354176 ----a-w- C:\Windows\system32\DivXControlPanelApplet.cpl
2011-12-30 05:27:56 . 2012-02-14 21:21:17 478720 ----a-w- C:\Windows\system32\timedate.cpl
2011-11-21 04:21:43 . 2011-12-09 17:29:26 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 15:06:06 222496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 12:59:37 258512]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 17:17:52 207424]
"Ocs_SM"="C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-10-05 13:57:49 106496]
"ISW"="C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 14:44:24 738944]
"ZoneAlarm"="C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 19:01:38 73360]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 08:32:24 1557800]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-30 15:24:58 9210400]
"NBAgent"="C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 11:37:52 1492264]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-01-30 07:12:00 13605408]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2009-01-30 07:12:00 92704]
"LogMeIn Hamachi Ui"="C:\Program Files\Hamachi\hamachi-2-ui.exe" [2012-02-28 16:38:56 1987976]
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 23:08:12 1259376]
"IndexSearch"="C:\Program Files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 23:37:26 46368]
"PaperPort PTD"="C:\Program Files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 23:42:02 29984]
"PPort12reminder"="C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 12:42:26 328992]
"PDFHook"="C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 19:11:30 636192]
"PDF5 Registry Controller"="C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 18:11:04 62752]
"ControlCenter4"="C:\Program Files\ControlCenter4\BrCcBoot.exe" [2011-04-20 16:53:38 139264]
"BrStsMon00"="C:\Program Files\Browny02\Brother\BrStMonW.exe" [2010-06-10 12:42:44 2621440]
"ITSecMng"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 12:40:00 83336]

C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-3-16 26565208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-12-14 2749856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRealMode"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Magic-i Visual Effects.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Magic-i Visual Effects.lnk
backup=C:\Windows\pss\Magic-i Visual Effects.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Privoxy.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk
backup=C:\Windows\pss\Privoxy.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\Windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
backup=C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iRotate.lnk]
path=C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iRotate.lnk
backup=C:\Windows\pss\iRotate.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55:28 937920 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2011-10-11 15:17:41 5389944 ----a-w- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
2002-08-22 10:51:52 45056 ----a-w- C:\Windows\VM_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-05-26 14:46:10 1159168 ------w- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 08:26:54 114688 ------w- C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06:56 3481408 ----a-w- C:\Program Files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08:12 1259376 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2010-04-28 21:28:18 3727411 ----a-w- C:\Program Files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-09 18:42:19 136176 ----atw- C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-03-29 11:20:40 119608 ----a-w- C:\Program Files\ICQ7.4\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16:18 421160 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-03-17 21:07:14 896912 ----a-w- C:\Program Files\Samsung\Kies\KiesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-04-09 09:22:03 13824 ----a-w- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-03-17 21:07:16 3373456 ----a-w- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-28 16:38:56 1987976 ----a-w- C:\Program Files\Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoteBurner]
2010-08-05 10:01:30 5674312 ----a-w- C:\Program Files\NoteBurner\VTBurnerGUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-30 07:12:00 13605408 ----a-w- C:\Windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-01-30 07:12:00 92704 ----a-w- C:\Windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ocs_SM]
2011-10-05 13:57:49 106496 ----a-w- C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38:18 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2006-02-14 16:32:14 507904 ----a-w- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59:52 254696 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-11-27 23:21:25 274608 ----a-w- C:\Program Files\Real\RealPlayer\Update\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
2010-07-08 13:28:56 815704 ----a-w- C:\Program Files\TightVNC\tvnserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2004-03-18 07:33:26 892928 ----a-w- C:\Program Files\Logitech\iTouch\iTouch.exe


Vielen Dank für deine Mühe soweit. Wie soll ich weiter vorgehen? Jetzt MAM oder nochmal ComboFix weil das Log ggf. nicht vollständig ist?

Chris4You 28.03.2012 12:27
Hi,

bitte MAM updaten, Offline gehen und einen FULLSCAN, dann online, log posten...

OTL hat es nicht geschafft, aber ComboFix sollte das Rootkit komplett "flachgelegt" haben... (oh, 5€ für die Chauvi-Kasse ;o)

chris

c0re1 29.03.2012 12:44
Schön wärs gewesen...
Aber hier erstmal die MAM-Log:


Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.28.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Aktiviert

28.03.2012 18:36:02
mbam-log-2012-03-29 (07-14-20).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 825853
Laufzeit: 4 Stunde(n), 51 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Windows\System32\sparrow.dll (RootKit.0Access.H) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Windows\System32\sparrow.dll (RootKit.0Access.H) -> Keine Aktion durchgeführt.
C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_a04fb2d2ba296321\csc.sys (Spyware.Password) -> Keine Aktion durchgeführt.
C:\Users\***\Desktop\wine-1.3.37\dlls\dmcompos.dll (Trojan.Downloader) -> Keine Aktion durchgeführt.
C:\Users\***\Desktop\wine-1.3.37\programs\progman.exe (Backdoor.Agent.Gen) -> Keine Aktion durchgeführt.

(Ende)


Habe die gefundenen Dateien dann noch löschen lassen.

Problem ist allerdings nicht verschwunden. Mein Antivir meldet immernoch regelmäßig infizierte Dateien im System32 Ordner.

Gibts noch Hoffnung oder wars das dann mit meinem System?

Chris4You 29.03.2012 15:28
Hi,

MAM alle Funde löschen lassen.

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:
http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg
Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

Wenn TDSS erkannt wird dann nochmal laufen lassen, auf CURE bei den TDSS-Einträgen gehen (keine Auswahl von Treibern die als generic / unsigned gekennzeichnet sind, das zerschießt u. U. Dein Windows)

Poste ein neues TDDs-Log und lass auch CF nochmal laufen (ComboFix)! Logs posten.

Cureit (Achtung: Läuft sehr lagen (5-7h))
Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131