Home » Viren, Trojaner & Malware Forum » vermeitliche Schadsoftware ändert Passwörter und hat Zugriff auf Forum » Themenansicht

vermeitliche Schadsoftware ändert Passwörter und hat Zugriff auf Forum
#0
13.05.2010, 16:26
stephan902
...neu hier

Beiträge: 9
#1 Hallo,

ich bin auf Pafnet.de einer Community angemeldet und heute ist es passiert, dass ich nachdem ich eine Datei ausgeführt habe, keinen Zugriff mehr darauf hatte und erst nach Ändern des Passworts wieder auf die Seite zugreifen konnte!
Im Tankmanager hab ich schon öfter F***.exe gefunden und beendet, die allerdings mit Systemneustart wieder startet! Norton Internet Security 2010 findet nichts!

Die Scans folgen gleich, aber ich bitte schonmal um Hilfe, das ist echt kritisch!

Zitat

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4096

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13.05.2010 16:28:15
mbam-log-2010-05-13 (16-28-15).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 120530
Laufzeit: 2 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:30:16, on 13.05.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Stephan\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8205 bytes

Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3.2 - Deutsch
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT-E1/E2/E3 Utility
Connect
GamersFirst LIVE!
kuler
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (German) 2007
Microsoft Office Access MUI (German) 2010 (Beta)
Microsoft Office Excel MUI (German) 2007
Microsoft Office Excel MUI (German) 2010 (Beta)
Microsoft Office Groove MUI (German) 2007
Microsoft Office Groove MUI (German) 2010 (Beta)
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2010 (Beta)
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (German) 2007
Microsoft Office OneNote MUI (German) 2010 (Beta)
Microsoft Office Outlook MUI (German) 2007
Microsoft Office Outlook MUI (German) 2010 (Beta)
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2010 (Beta)
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2010 (Beta)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (German) 2007
Microsoft Office Proof (German) 2010 (Beta)
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Italian) 2010 (Beta)
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing (German) 2010 (Beta)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Publisher MUI (German) 2010 (Beta)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared MUI (German) 2010 (Beta)
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (German) 2007
Microsoft Office Word MUI (German) 2010 (Beta)
Microsoft Silverlight
MODupRemover - Outlook E-Mail Duplikate entfernen
MSVCRT
Norton Internet Security
Opera 10.53
Panda ActiveScan 2.0
Pando Media Booster
PDF Settings CS4
Photoshop Camera Raw
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Spelling Dictionaries Support For Adobe Reader 9
Suite Shared Configuration CS4
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
War Rock
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live-Uploadtool


Zu Gmer:
GMER hasn´t found any system modification
Dieser Beitrag wurde am 13.05.2010 um 16:37 Uhr von stephan902 editiert.
Seitenanfang Seitenende
13.05.2010, 17:20
stephan902
...neu hier

Themenstarter

Beiträge: 9
#2 Ich konnte jetzt sogar DIE VIRUSDATEI mit dem Namen Systemfucker.exe lokalisieren! Bevor ich sie jetzt lösche wüsste ich gerne ob ihr die schon kennt und ob die noch mehr verbreitet ist!
Seitenanfang Seitenende
13.05.2010, 21:09
darknight
Member

Beiträge: 327
#3 sei vorsichtig mit dieser Datei, lösche sie am besten.

Systemfucker.exe gibt es einige, hier mal ein Beispiel was sie bewirken kann, nämlich einen zerstörten PC.

http://www.youtube.com/watch?v=7Fjo_9KIT2M
__________
darknight, die wo anders Heike ist. ;)
Seitenanfang Seitenende
13.05.2010, 21:16
stephan902
...neu hier

Themenstarter

Beiträge: 9
#4 Zerstörter PC heißt kaputtes Windows oder kaputter PC, also zerstörte Hardware?

Ich hab die Datei gelöscht, reicht das? Mehrere Antimalware Programme finden nichts!
Seitenanfang Seitenende
13.05.2010, 21:28
darknight
Member

Beiträge: 327
#5 bedeutet: ein kaputtes Windows.

Ich kenne mich mit Windows 7 gar nicht aus, sicherlich wird Dir ein anderes Mitglied weiterhelfen. ;)
__________
darknight, die wo anders Heike ist. ;)
Seitenanfang Seitenende
14.05.2010, 00:53
Swisstreasure
Moderator

Beiträge: 5694
#6 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Darf ich einmal zum Anfang wissen woher du Photoshop hast? Legal oder illegal? Ich verlange eine ehrliche Antwort.

Schritt 2

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

>Doppelklick auf die OTL.exe
-->Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
>Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
>Unter Extra Registry, wähle bitte Use SafeList
>Klicke nun auf Run Scan links oben
>Wenn der Scan beendet wurde werden 2 Logfiles erstellt
>Poste die Logfiles in Code-Tags hier in den Thread.
Seitenanfang Seitenende
14.05.2010, 13:57
stephan902
...neu hier

Themenstarter

Beiträge: 9
#7 Schritt 1:
Photoshop: Legal bei Amazon.de als Schülerversion für ca. 180€ erworben und für meine schulischen Arbeiten notwendig.

Schritt 2:


Zitat

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 159,83 Gb Free Space | 81,88% Space Free | Partition Type: NTFS
Drive D: | 736,20 Gb Total Space | 612,34 Gb Free Space | 83,18% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPHANS-PC
Current User Name: Stephan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Stephan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\Stephan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symefa64.sys (Symantec Corporation)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symds64.sys (Symantec Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation)
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation)
DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation)
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation)
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100513.041\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100513.041\ENG64.SYS (Symantec Corporation)
DRV - (adfs) -- C:\Windows\SysWOW64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (CSC) -- C:\Windows\CSC [2010.05.06 17:02:30 | 000,000,000 | ---D | M]
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100505.001\IDSviA64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 1C CE 75 2F ED CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.05.06 17:36:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.05.06 17:24:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [F***] C:\Users\Stephan\AppData\Local\Temp\F***.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.05.14 13:49:15 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Stephan\Desktop\OTL.exe
[2010.05.13 22:23:32 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Tific
[2010.05.13 17:01:47 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Stephan\Desktop\HiJackThis.exe
[2010.05.13 16:24:50 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Malwarebytes
[2010.05.13 16:24:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.05.13 16:24:36 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.05.13 16:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.05.13 16:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.13 15:59:03 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2010.05.13 15:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2010.05.11 16:45:29 | 000,000,000 | ---D | C] -- C:\Users\Stephan\Desktop\crosshair1.6
[2010.05.11 16:45:07 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\GamersFirst LIVE!
[2010.05.11 16:44:02 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\PMB Files
[2010.05.11 16:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010.05.11 16:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2010.05.11 16:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamersFirst
[2010.05.09 22:46:20 | 000,000,000 | R--D | C] -- C:\Users\Stephan\My Dropbox
[2010.05.09 22:45:24 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Dropbox
[2010.05.09 15:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010.05.09 15:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010.05.09 15:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010.05.09 15:33:37 | 665,898,840 | ---- | C] (Microsoft Corporation) -- C:\Users\Stephan\Desktop\ProfessionalPlus.exe
[2010.05.09 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\Stephan\Desktop\Fotos für Christa
[2010.05.09 13:03:40 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\CANON_INC
[2010.05.09 13:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2010.05.09 13:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon
[2010.05.07 18:39:47 | 000,000,000 | ---D | C] -- C:\Users\Stephan\Documents\Meine empfangenen Dateien
[2010.05.07 17:04:42 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2010.05.07 17:04:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010.05.07 17:04:01 | 001,321,984 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC550C.dll
[2010.05.07 17:04:01 | 000,328,192 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC550L.dll
[2010.05.07 17:04:01 | 000,303,104 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC550L.dll
[2010.05.07 17:04:01 | 000,092,672 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC550I.dll
[2010.05.07 17:04:01 | 000,017,920 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNHMCA6.dll
[2010.05.07 17:04:00 | 000,336,896 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLM9Z.DLL
[2010.05.07 17:04:00 | 000,106,496 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC550U.dll
[2010.05.07 17:04:00 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll
[2010.05.07 16:56:30 | 000,000,000 | ---D | C] -- C:\Users\Stephan\Tracing
[2010.05.07 16:56:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.05.07 16:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010.05.07 16:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010.05.07 16:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010.05.07 16:18:06 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\EurekaLog
[2010.05.07 16:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MODupRemover
[2010.05.07 14:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2010.05.07 14:13:24 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.05.07 14:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010.05.07 14:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010.05.07 13:55:44 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.05.07 13:55:44 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.05.07 13:55:43 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.05.07 13:55:42 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.05.07 13:55:42 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010.05.07 13:55:42 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010.05.07 13:55:41 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.05.07 13:55:41 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.05.07 13:55:36 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.05.07 13:55:36 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.05.07 13:55:36 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.05.07 13:55:36 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.05.07 13:55:36 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.05.07 13:55:36 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.05.07 13:55:36 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.05.07 13:55:36 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.05.07 13:55:36 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.05.07 13:55:36 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.05.07 13:55:36 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.05.07 13:55:36 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.05.07 13:55:36 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.05.07 13:55:36 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.05.07 13:55:35 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.05.07 13:55:35 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.05.07 13:55:33 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010.05.07 13:55:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010.05.07 13:55:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010.05.07 13:55:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010.05.07 13:55:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010.05.07 13:55:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010.05.07 13:55:31 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.05.07 13:55:31 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.05.07 13:55:31 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.05.07 13:55:29 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.05.07 13:55:29 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.05.07 13:55:29 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.05.07 13:55:29 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.05.07 13:55:29 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.05.07 13:55:29 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.05.07 13:55:26 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.05.07 13:55:26 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.05.07 13:55:26 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.05.07 13:55:26 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.05.07 13:55:26 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.05.07 13:55:26 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.05.07 13:55:26 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.05.07 13:55:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.05.07 13:55:22 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010.05.07 13:55:17 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.05.07 13:55:17 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.05.07 13:55:17 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.05.07 13:55:17 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.05.07 13:55:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010.05.07 13:55:17 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010.05.07 13:55:17 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010.05.07 13:55:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010.05.07 13:55:17 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010.05.07 13:55:14 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.05.07 13:55:14 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.05.07 13:55:13 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.05.07 13:55:11 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.05.07 13:55:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.05.07 13:55:09 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010.05.07 13:55:09 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010.05.07 13:55:07 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.05.07 13:55:07 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.05.07 13:55:06 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010.05.07 13:55:06 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.05.07 13:55:06 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010.05.07 13:55:06 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.05.07 13:55:06 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.05.07 13:55:05 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010.05.06 18:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010.05.06 18:18:42 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.05.06 18:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.05.06 18:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010.05.06 18:02:39 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.05.06 18:01:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.05.06 17:55:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010.05.06 17:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010.05.06 17:55:09 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Macromedia
[2010.05.06 17:53:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010.05.06 17:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010.05.06 17:51:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010.05.06 17:50:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Macrovision Shared
[2010.05.06 17:50:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.05.06 17:49:52 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Adobe
[2010.05.06 17:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.05.06 17:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010.05.06 17:48:44 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\Adobe
[2010.05.06 17:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.05.06 17:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010.05.06 17:38:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010.05.06 17:38:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010.05.06 17:38:37 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.05.06 17:38:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010.05.06 17:37:10 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.05.06 17:37:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010.05.06 17:36:34 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\Microsoft Help
[2010.05.06 17:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010.05.06 17:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.05.06 17:32:22 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.05.06 17:24:17 | 000,000,000 | ---D | C] -- C:\Users\Stephan\Documents\Symantec
[2010.05.06 17:23:57 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010.05.06 17:23:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2010.05.06 17:23:57 | 000,000,000 | ---D | C] -- C:\Programme\Symantec
[2010.05.06 17:23:44 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.sys
[2010.05.06 17:23:44 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.sys
[2010.05.06 17:23:44 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symtdiv.sys
[2010.05.06 17:23:44 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symds64.sys
[2010.05.06 17:23:44 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symefa64.sys
[2010.05.06 17:23:44 | 000,149,552 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\ironx64.sys
[2010.05.06 17:23:44 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.sys
[2010.05.06 17:23:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1106000.020
[2010.05.06 17:23:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2010.05.06 17:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2010.05.06 17:21:37 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Opera
[2010.05.06 17:21:37 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\Opera
[2010.05.06 17:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010.05.06 17:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.05.06 17:21:12 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.05.06 17:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.05.06 17:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010.05.06 17:11:13 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.05.06 17:11:12 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.05.06 17:11:12 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.05.06 17:11:12 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.05.06 17:10:17 | 000,000,000 | R--D | C] -- C:\Users\Stephan\Searches
[2010.05.06 17:10:08 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Identities
[2010.05.06 17:10:07 | 000,000,000 | R--D | C] -- C:\Users\Stephan\Contacts
[2010.05.06 17:10:06 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\VirtualStore
[2010.05.06 17:09:58 | 000,000,000 | --SD | C] -- C:\Users\Stephan\AppData\Roaming\Microsoft
[2010.05.06 17:09:58 | 000,000,000 | R--D | C] -- C:\Users\Stephan\Videos
[2010.05.06 17:09:58 | 000,000,000 | R--D | C] -- C:\Users\Stephan\Saved Games
[2010.05.06 17:09:58 | 000,000,000 | R--D | C] -- C:\Users\Stephan\Pictures
[2010.05.06 17:09:58 | 000,000,000 | R--D | C] -- C:\Users\Stephan\Music
[2010.05.06 17:09:58 | 000,000,000 | R--D | C] -- C:\Users\Stephan\Links
[2010.05.06 17:09:58 | 000,000,000 | R--D | C] -- C:\Users\Stephan\Favorites
[2010.05.06 17:09:58 | 000,000,000 | R--D | C] -- C:\Users\Stephan\Downloads
[2010.05.06 17:09:58 | 000,000,000 | R--D | C] -- C:\Users\Stephan\Documents
[2010.05.06 17:09:58 | 000,000,000 | R--D | C] -- C:\Users\Stephan\Desktop
[2010.05.06 17:09:58 | 000,000,000 | -HSD | C] -- C:\Users\Stephan\Vorlagen
[2010.05.06 17:09:58 | 000,000,000 | -HSD | C] -- C:\Users\Stephan\AppData\Local\Verlauf
[2010.05.06 17:09:58 | 000,000,000 | -HSD | C] -- C:\Users\Stephan\AppData\Local\Temporary Internet Files
[2010.05.06 17:09:58 | 000,000,000 | -HSD | C] -- C:\Users\Stephan\Startmenü
[2010.05.06 17:09:58 | 000,000,000 | -HSD | C] -- C:\Users\Stephan\SendTo
[2010.05.06 17:09:58 | 000,000,000 | -HSD | C] -- C:\Users\Stephan\Recent
[2010.05.06 17:09:58 | 000,000,000 | -HSD | C] -- C:\Users\Stephan\Netzwerkumgebung
[2010.05.06 17:09:58 | 000,000,000 | -HSD | C] -- C:\Users\Stephan\Lokale Einstellungen
[2010.05.06 17:09:58 | 000,000,000 | -HSD | C] -- C:\Users\Stephan\Documents\Eigene Videos
[2010.05.06 17:09:58 | 000,000,000 | -HSD | C] -- C:\Users\Stephan\Documents\Eigene Musik
[2010.05.06 17:09:58 | 000,000,000 | -HSD | C] -- C:\Users\Stephan\Eigene Dateien
[2010.05.06 17:09:58 | 000,000,000 | -HSD | C] -- C:\Users\Stephan\Documents\Eigene Bilder
[2010.05.06 17:09:58 | 000,000,000 | -HSD | C] -- C:\Users\Stephan\Druckumgebung
[2010.05.06 17:09:58 | 000,000,000 | -HSD | C] -- C:\Users\Stephan\Cookies
[2010.05.06 17:09:58 | 000,000,000 | -HSD | C] -- C:\Users\Stephan\AppData\Local\Anwendungsdaten
[2010.05.06 17:09:58 | 000,000,000 | -HSD | C] -- C:\Users\Stephan\Anwendungsdaten
[2010.05.06 17:09:58 | 000,000,000 | -H-D | C] -- C:\Users\Stephan\AppData
[2010.05.06 17:09:58 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\Temp
[2010.05.06 17:09:58 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\Microsoft
[2010.05.06 17:09:58 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Media Center Programs
[2010.05.06 17:09:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.05.06 17:09:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.05.06 17:09:47 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.05.06 17:09:47 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.05.06 17:09:47 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.05.06 17:09:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.05.06 17:09:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.05.06 17:09:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.05.06 17:09:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.05.06 17:09:46 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.05.06 17:09:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.05.06 17:09:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.05.06 17:09:43 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.05.06 17:02:17 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.05.06 17:02:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.05.14 13:50:51 | 001,310,720 | -HS- | M] () -- C:\Users\Stephan\NTUSER.DAT
[2010.05.14 13:49:16 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Stephan\Desktop\OTL.exe
[2010.05.14 13:40:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.13 21:57:13 | 001,284,771 | ---- | M] () -- C:\Users\Stephan\Desktop\dn3kxcll.jpg
[2010.05.13 19:44:06 | 001,395,884 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Cat.DB
[2010.05.13 18:54:44 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.13 18:54:44 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.13 18:51:59 | 001,480,602 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.13 18:51:59 | 000,647,138 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.13 18:51:59 | 000,609,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.13 18:51:59 | 000,127,198 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.13 18:51:59 | 000,104,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.13 18:47:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.13 18:47:30 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.13 17:40:07 | 002,788,250 | -H-- | M] () -- C:\Users\Stephan\AppData\Local\IconCache.db
[2010.05.13 17:01:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Stephan\Desktop\HiJackThis.exe
[2010.05.13 16:24:41 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.13 14:13:57 | 000,002,995 | ---- | M] () -- C:\Users\Stephan\Desktop\Microsoft Publisher 2010 (Beta).lnk
[2010.05.13 12:24:48 | 009,599,185 | ---- | M] () -- C:\Users\Stephan\Desktop\IMG_4428_1.jpg
[2010.05.11 17:25:32 | 000,237,568 | ---- | M] () -- C:\Users\Stephan\Desktop\CrossHair-v.2.7.exe
[2010.05.11 17:02:42 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk
[2010.05.11 16:45:04 | 000,070,481 | ---- | M] () -- C:\Users\Stephan\Desktop\crosshair1.6.zip
[2010.05.11 16:43:51 | 000,001,164 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2010.05.11 16:43:51 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2010.05.10 15:45:18 | 000,374,784 | ---- | M] () -- C:\Users\Stephan\Desktop\Der arme Spielmann - Handout.pub
[2010.05.09 22:44:44 | 000,564,742 | ---- | M] () -- C:\Users\Stephan\Desktop\Der arme Spielmann.pptx
[2010.05.09 22:23:27 | 000,008,341 | ---- | M] () -- C:\Users\Stephan\Desktop\der arme spielman faz.htm
[2010.05.09 22:17:40 | 000,097,493 | ---- | M] () -- C:\Users\Stephan\Desktop\scan0001.jpg
[2010.05.09 15:58:15 | 003,017,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.05.09 15:57:44 | 000,108,840 | ---- | M] () -- C:\Users\Stephan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.09 15:44:43 | 665,898,840 | ---- | M] (Microsoft Corporation) -- C:\Users\Stephan\Desktop\ProfessionalPlus.exe
[2010.05.09 13:20:49 | 000,001,091 | ---- | M] () -- C:\Users\Stephan\Desktop\Thumbnails - Verknüpfung.lnk
[2010.05.09 13:17:19 | 001,108,656 | ---- | M] () -- C:\Users\Stephan\Desktop\IMG_4392_1.jpg
[2010.05.09 13:06:51 | 000,001,252 | ---- | M] () -- C:\Users\Stephan\Desktop\EOS Bilder - Verknüpfung.lnk
[2010.05.09 13:04:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.05.09 13:03:13 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk
[2010.05.09 13:02:53 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2010.05.08 15:41:45 | 000,497,530 | ---- | M] () -- C:\Users\Stephan\Desktop\IMG_1246_1_web.jpg
[2010.05.08 14:09:05 | 000,126,385 | ---- | M] () -- C:\Users\Stephan\Desktop\Grillparzer.jpg
[2010.05.08 13:38:29 | 000,289,434 | ---- | M] () -- C:\Users\Stephan\Desktop\grillpor.jpg
[2010.05.07 17:03:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.05.07 16:23:02 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.05.07 16:16:52 | 001,499,556 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.05.07 16:16:30 | 000,000,948 | ---- | M] () -- C:\Users\Stephan\Desktop\MODupRemover.lnk
[2010.05.07 16:02:10 | 001,616,930 | ---- | M] () -- C:\Users\Stephan\Desktop\img5251bearbeitet.jpg
[2010.05.07 14:05:32 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010.05.06 18:38:33 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWow64\drivers\adfs.sys
[2010.05.06 18:38:33 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysNative\drivers\adfs.sys
[2010.05.06 18:19:23 | 000,001,158 | ---- | M] () -- C:\Users\Stephan\Desktop\Adobe Photoshop CS4 (64 Bit).lnk
[2010.05.06 17:42:30 | 000,002,723 | ---- | M] () -- C:\Users\Stephan\Desktop\Microsoft Office PowerPoint 2007.lnk
[2010.05.06 17:42:24 | 000,002,697 | ---- | M] () -- C:\Users\Stephan\Desktop\Microsoft Office Word 2007.lnk
[2010.05.06 17:23:57 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010.05.06 17:23:57 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010.05.06 17:23:57 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010.05.06 17:23:45 | 000,002,565 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010.05.06 17:21:34 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.05.06 17:16:09 | 000,524,288 | -HS- | M] () -- C:\Users\Stephan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.05.06 17:16:09 | 000,524,288 | -HS- | M] () -- C:\Users\Stephan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.05.06 17:16:09 | 000,065,536 | -HS- | M] () -- C:\Users\Stephan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.05.06 17:09:58 | 000,000,020 | -HS- | M] () -- C:\Users\Stephan\ntuser.ini
[2010.05.06 17:06:02 | 000,054,699 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010.05.06 17:06:02 | 000,054,699 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.05.13 21:52:17 | 001,284,771 | ---- | C] () -- C:\Users\Stephan\Desktop\dn3kxcll.jpg
[2010.05.13 16:24:41 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.13 14:13:57 | 000,002,995 | ---- | C] () -- C:\Users\Stephan\Desktop\Microsoft Publisher 2010 (Beta).lnk
[2010.05.13 12:24:44 | 009,599,185 | ---- | C] () -- C:\Users\Stephan\Desktop\IMG_4428_1.jpg
[2010.05.11 22:35:19 | 000,237,568 | ---- | C] () -- C:\Users\Stephan\Desktop\CrossHair-v.2.7.exe
[2010.05.11 17:02:41 | 000,001,173 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk
[2010.05.11 16:45:04 | 000,070,481 | ---- | C] () -- C:\Users\Stephan\Desktop\crosshair1.6.zip
[2010.05.11 16:43:51 | 000,001,164 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2010.05.11 16:43:50 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2010.05.09 22:23:27 | 000,008,341 | ---- | C] () -- C:\Users\Stephan\Desktop\der arme spielman faz.htm
[2010.05.09 22:16:59 | 000,097,493 | ---- | C] () -- C:\Users\Stephan\Desktop\scan0001.jpg
[2010.05.09 15:35:13 | 000,374,784 | ---- | C] () -- C:\Users\Stephan\Desktop\Der arme Spielmann - Handout.pub
[2010.05.09 13:20:49 | 000,001,091 | ---- | C] () -- C:\Users\Stephan\Desktop\Thumbnails - Verknüpfung.lnk
[2010.05.09 13:17:08 | 001,108,656 | ---- | C] () -- C:\Users\Stephan\Desktop\IMG_4392_1.jpg
[2010.05.09 13:06:50 | 000,001,252 | ---- | C] () -- C:\Users\Stephan\Desktop\EOS Bilder - Verknüpfung.lnk
[2010.05.09 13:04:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.05.09 13:03:13 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk
[2010.05.09 13:02:53 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2010.05.08 16:28:06 | 000,564,742 | ---- | C] () -- C:\Users\Stephan\Desktop\Der arme Spielmann.pptx
[2010.05.08 15:41:36 | 000,497,530 | ---- | C] () -- C:\Users\Stephan\Desktop\IMG_1246_1_web.jpg
[2010.05.08 15:38:32 | 006,975,742 | ---- | C] () -- C:\Users\Stephan\Desktop\IMG_1246_1.jpg
[2010.05.08 14:09:05 | 000,126,385 | ---- | C] () -- C:\Users\Stephan\Desktop\Grillparzer.jpg
[2010.05.08 13:38:29 | 000,289,434 | ---- | C] () -- C:\Users\Stephan\Desktop\grillpor.jpg
[2010.05.07 17:04:00 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC173DD.TBL
[2010.05.07 17:04:00 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\CNC173DD.TBL
[2010.05.07 17:03:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.05.07 16:16:52 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.05.07 16:16:49 | 000,368,465 | ---- | C] () -- C:\Users\Stephan\AppData\Local\MODup-Log.txt
[2010.05.07 16:16:30 | 000,000,948 | ---- | C] () -- C:\Users\Stephan\Desktop\MODupRemover.lnk
[2010.05.07 16:02:10 | 001,616,930 | ---- | C] () -- C:\Users\Stephan\Desktop\img5251bearbeitet.jpg
[2010.05.06 18:19:23 | 000,001,158 | ---- | C] () -- C:\Users\Stephan\Desktop\Adobe Photoshop CS4 (64 Bit).lnk
[2010.05.06 17:49:27 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.05.06 17:42:30 | 000,002,723 | ---- | C] () -- C:\Users\Stephan\Desktop\Microsoft Office PowerPoint 2007.lnk
[2010.05.06 17:42:24 | 000,002,697 | ---- | C] () -- C:\Users\Stephan\Desktop\Microsoft Office Word 2007.lnk
[2010.05.06 17:24:00 | 001,395,884 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Cat.DB
[2010.05.06 17:23:57 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010.05.06 17:23:57 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010.05.06 17:23:45 | 000,002,565 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010.05.06 17:23:44 | 000,007,787 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symnetv64.cat
[2010.05.06 17:23:44 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.cat
[2010.05.06 17:23:44 | 000,007,412 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symefa64.cat
[2010.05.06 17:23:44 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.cat
[2010.05.06 17:23:44 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symds64.cat
[2010.05.06 17:23:44 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\iron.cat
[2010.05.06 17:23:44 | 000,007,368 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symnet64.cat
[2010.05.06 17:23:44 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.cat
[2010.05.06 17:23:44 | 000,003,374 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symefa.inf
[2010.05.06 17:23:44 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symds.inf
[2010.05.06 17:23:44 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.inf
[2010.05.06 17:23:44 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symnetv.inf
[2010.05.06 17:23:44 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symnet.inf
[2010.05.06 17:23:44 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.inf
[2010.05.06 17:23:44 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.inf
[2010.05.06 17:23:44 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\iron.inf
[2010.05.06 17:23:44 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\isolate.ini
[2010.05.06 17:21:34 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.05.06 17:09:58 | 001,310,720 | -HS- | C] () -- C:\Users\Stephan\NTUSER.DAT
[2010.05.06 17:09:58 | 000,524,288 | -HS- | C] () -- C:\Users\Stephan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.05.06 17:09:58 | 000,524,288 | -HS- | C] () -- C:\Users\Stephan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.05.06 17:09:58 | 000,262,144 | -HS- | C] () -- C:\Users\Stephan\ntuser.dat.LOG1
[2010.05.06 17:09:58 | 000,065,536 | -HS- | C] () -- C:\Users\Stephan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.05.06 17:09:58 | 000,000,020 | -HS- | C] () -- C:\Users\Stephan\ntuser.ini
[2010.05.06 17:09:58 | 000,000,000 | -HS- | C] () -- C:\Users\Stephan\ntuser.dat.LOG2
[2010.05.06 17:02:00 | 3220,578,304 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >

Zitat

OTL Extras logfile created on: 14.05.2010 13:50:25 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Stephan\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 159,83 Gb Free Space | 81,88% Space Free | Partition Type: NTFS
Drive D: | 736,20 Gb Total Space | 612,34 Gb Free Space | 83,18% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPHANS-PC
Current User Name: Stephan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{20140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 (Beta)
"{20140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 (Beta)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{20140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 (Beta)
"{20140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 (Beta)
"{20140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 (Beta)
"{20140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 (Beta)
"{20140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 (Beta)
"{20140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 (Beta)
"{20140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 (Beta)
"{20140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 (Beta)
"{20140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 (Beta)
"{20140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 (Beta)
"{20140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 (Beta)
"{20140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 (Beta)
"{20140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 (Beta)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EOS Utility" = Canon Utilities EOS Utility
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MODupRemover-E-MailDuplikateentfernen" = MODupRemover - Outlook E-Mail Duplikate entfernen
"NIS" = Norton Internet Security
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ULTIMATER" = Microsoft Office Ultimate 2007
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinLiveSuite_Wave3" = Windows Live Essentials

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 07.05.2010 10:22:14 | Computer Name = Stephans-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 12.0.6423.1000,
Zeitstempel: 0x49b08185 Name des fehlerhaften Moduls: OUTLOOK.EXE, Version: 12.0.6423.1000,
Zeitstempel: 0x49b08185 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00648d1a ID des fehlerhaften
Prozesses: 0x8bc Startzeit der fehlerhaften Anwendung: 0x01caedf0ae4a3a6e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
Berichtskennung:
ee82fe59-59e3-11df-887b-000a3a63f7c8

Error - 07.05.2010 10:33:13 | Computer Name = Stephans-PC | Source = Application Hang | ID = 1002
Description = Programm modup.exe, Version 1.41.10.91 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e58 Startzeit:
01caedf201f0b4f7 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\MODupRemover\modup.exe

Berichts-ID:
75dd26ed-59e5-11df-887b-000a3a63f7c8

Error - 09.05.2010 09:51:21 | Computer Name = Stephans-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows Live Messenger" konnte nicht
heruntergefahren werden.

Error - 09.05.2010 09:51:21 | Computer Name = Stephans-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Adobe Bridge" konnte nicht heruntergefahren
werden.

Error - 12.05.2010 21:01:59 | Computer Name = Stephans-PC | Source = Windows Search Service | ID = 3007
Description =

Error - 13.05.2010 10:53:38 | Computer Name = Stephans-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 10.53.3374.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10ac Startzeit:
01caf2a6cbfe3124 Endzeit: 4 Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
49c3c464-5e9f-11df-8770-000a3a63f7c8

Error - 13.05.2010 10:54:17 | Computer Name = Stephans-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 10.53.3374.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a8c Startzeit:
01caf2ac12bd2686 Endzeit: 4 Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
631bc609-5e9f-11df-8770-000a3a63f7c8

Error - 13.05.2010 10:54:41 | Computer Name = Stephans-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 10.53.3374.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d10 Startzeit:
01caf2ac2b124019 Endzeit: 5 Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
7404d1bd-5e9f-11df-8770-000a3a63f7c8

Error - 13.05.2010 11:00:27 | Computer Name = Stephans-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 10.53.3374.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 618 Startzeit:
01caf2ac3866e00c Endzeit: 4 Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
3f65e833-5ea0-11df-8770-000a3a63f7c8

Error - 13.05.2010 11:01:00 | Computer Name = Stephans-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 10.53.3374.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13f0 Startzeit:
01caf2ad09bbbf49 Endzeit: 4 Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
5620ee73-5ea0-11df-8770-000a3a63f7c8

[ OSession Events ]
Error - 07.05.2010 10:16:54 | Computer Name = Stephans-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07.05.2010 10:17:12 | Computer Name = Stephans-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07.05.2010 10:18:03 | Computer Name = Stephans-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07.05.2010 10:22:14 | Computer Name = Stephans-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 13.05.2010 10:01:15 | Computer Name = Stephans-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\RkPavproc1.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 13.05.2010 10:01:15 | Computer Name = Stephans-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RkPavproc1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error - 13.05.2010 11:07:41 | Computer Name = Stephans-PC | Source = BTHUSB | ID = 327685
Description = Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe
erwartet, das aber nicht empfangen wurde.

Error - 13.05.2010 11:41:00 | Computer Name = Stephans-PC | Source = BTHUSB | ID = 327685
Description = Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe
erwartet, das aber nicht empfangen wurde.

Error - 13.05.2010 12:47:34 | Computer Name = Stephans-PC | Source = BTHUSB | ID = 327685
Description = Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe
erwartet, das aber nicht empfangen wurde.

Error - 13.05.2010 13:51:40 | Computer Name = Stephans-PC | Source = BTHUSB | ID = 327685
Description = Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe
erwartet, das aber nicht empfangen wurde.

Error - 13.05.2010 14:18:37 | Computer Name = Stephans-PC | Source = BTHUSB | ID = 327685
Description = Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe
erwartet, das aber nicht empfangen wurde.

Error - 13.05.2010 14:54:40 | Computer Name = Stephans-PC | Source = BTHUSB | ID = 327685
Description = Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe
erwartet, das aber nicht empfangen wurde.

Error - 13.05.2010 15:09:10 | Computer Name = Stephans-PC | Source = BTHUSB | ID = 327685
Description = Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe
erwartet, das aber nicht empfangen wurde.

Error - 14.05.2010 07:40:03 | Computer Name = Stephans-PC | Source = BTHUSB | ID = 327685
Description = Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe
erwartet, das aber nicht empfangen wurde.


< End of report >
Seitenanfang Seitenende
14.05.2010, 14:12
Swisstreasure
Moderator

Beiträge: 5694
#8 Schritt 1

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKCU..\Run: [F***] C:\Users\Stephan\AppData\Local\Temp\F***.exe File not found
:Commands
[purity]
[emptytemp]
• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread

Schritt 2

Eset Online Scanner (NOD32)
• Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
• Voraussetzung: Internet Explorer (IE) 5.0 oder höher
• Haken bei "YES, I accept the Terms of Use" machen
• Start
• ActiveX-Steuerelement installieren
• Start
• Signaturen werden heruntergeladen
• Haken machen bei "Remove found threads"
• Haken machen bei "Remove found threads" und "Scan unwanted applications"
• Scan
• Scanende
• Browser schließen
• Explorer öffnen
• C:\Programme\EsetOnlineScanner\log.txt
• Log hier posten
• Deinstallation: Systemsteuerung => Software => Eset Online Scanner entfernen.
• mit HJT folgenden Eintrag fixen:
• O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}

Schritt 3

Malware mit Dr. Web CureIt! beseitigen

Downloade Dr. Web CureIt! und speichere es auf Deinem Desktop.
Dr. Web CureIt! ist für alle Computer mit MS Windows 95OSR2/ 98/Me/NT 4.0/2000/XP/2003/Vista Betriebssysteme geeignet.

• Schalte Dein Antiviren-Programm ab.
• Starte die launch.exe durch Doppelklick.
Dr. Web CureIt! legt nun automatisch einen eigenen Order in Deinem Userprofil an:
C:\Dokumente und Einstellungen\<DeinBenutzername>\DoctorWeb
• Klicke auf "Starten".
• Breche die Schnellüberprüfung ab.
(durch Klick auf den viereckigen grünen Button (rechts in der Mitte).
• Stelle bei dem Reiter "Scannen" auf "Komplett scannen" um.
• Starte nun den Komplett-Scan durch Klick auf den dreieckigen Button.
• Wenn Funde gemacht werden, bitte desinfizieren lassen,
sollte das nicht möglich sein, die Funde verschieben lassen.
• Wenn der Scan beendet ist und Funde zu verzeichnen waren:
im Menü auf Datei und Berichtliste speichern
und als DrWeb.cvs auf Deinem Desktop speichern.
• Poste den Inhalt von DrWeb.cvs hier in den Thread.
Seitenanfang Seitenende
14.05.2010, 14:25
stephan902
...neu hier

Themenstarter

Beiträge: 9
#9 Bevors jetzt weitergeht:
Soll ich eigentlich meine Passwörter alle ändern? Weil wenn er die von pafnet.de hatte, hat er womöglich auch alle anderen gespeicherten!

Gibt es eine Möglichkeit herauszufinden was er für Daten erhalten hat?

Zitat

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\F*** not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Stephan
->Temp folder emptied: 1101 bytes
->Temporary Internet Files folder emptied: 437465 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05142010_142043

Files\Folders moved on Reboot...
C:\Users\Stephan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Zitat

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=22627b0381b7a14682ff3d8ad3e20a4f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-14 04:04:27
# local_time=2010-05-14 06:04:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 66 85 26253911 26253911 0 0
# compatibility_mode=8192 67108863 100 0 8265 8265 0 0
# scanned=209271
# found=0
# cleaned=0
# scan_time=4839
Der letzte Scan kommt auch gleich, aber hier scheinen vorraussichtlich auch keine Viren o.ä. gefunden zu werden?
Dieser Beitrag wurde am 14.05.2010 um 18:19 Uhr von stephan902 editiert.
Seitenanfang Seitenende
14.05.2010, 14:53
Swisstreasure
Moderator

Beiträge: 5694
#10 Nein das kann man nicht sagen. Die Passwörter solltest Du am Ende der Reinigung erst wechslen.
Seitenanfang Seitenende
14.05.2010, 16:41
stephan902
...neu hier

Themenstarter

Beiträge: 9
#11 Ist es denn sicher, dass jetzt noch Malware vorhanden ist?

Und was bewirkt eigentlich das Fixen mit OTL oder HJT? Was wird da bitteschön gefixt, auch hier am Beispiel?

Ist überhaupt schon sicher, dass noch Schadsoftware auf dem Rechner ist?

Wie geht´s jetzt dann weiter?
Dieser Beitrag wurde am 14.05.2010 um 18:14 Uhr von stephan902 editiert.
Seitenanfang Seitenende
15.05.2010, 02:08
Swisstreasure
Moderator

Beiträge: 5694
#12 Das fixen ist quasi das entfernen von Dateien und Reg Einträgen. Hat CureIT auch nichts gefunden?

Hast Du denn noch Probleme?
Seitenanfang Seitenende
15.05.2010, 11:55
stephan902
...neu hier

Themenstarter

Beiträge: 9
#13 Nein Cure IT findet auch nichts.

Nein soweit hatte ich keine Probleme.

Außer ein neues: WarRock startete nicht mehr und ich musste es neu installieren.

Und welche Dateien und Einträge sollen da entfernt werden?
Seitenanfang Seitenende
15.05.2010, 15:39
Swisstreasure
Moderator

Beiträge: 5694
#14 Bei Dir waren das noch Überbleibsel deiner Infektion.
Seitenanfang Seitenende
15.05.2010, 19:27
stephan902
...neu hier

Themenstarter

Beiträge: 9
#15 Ich bin jetzt zwischenzeitlich auf Linux umgestiegen für alle datenkritischen Anwendungen außer E-Mail und Office (nicht ausreichend funktionsfähig).

Was kann ich weiterhin unternehmen, dass gespeicherte Passwörter verschlüsselt gespeichert werden?

Wieso hat Norton Internet Security den Virus nicht erkannt?
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12