Trojaner eingefangen?

Kangal · 03.05.2010, 23:30

Hallo liebe Gemeinde

Undzwar habe ich eben einen dummen Fehler gemacht.

Eine Freund von mir hat was geladen und hatte sich beklagt,das was er geladen hat selbständig verschwindet nachdem er es gestartet hat.
Ich habe mir dieses Programm senden lassen,hab es ausgeführt und dann stande bei meinem Programm a squared(Testversion) das es versteckt was aus dem internet ladet.Dummer weisse habe ich ausversehen dieses Verhalten erlaubt

Dann sahe ich wie sich das Programm sich selber gelöscht hat.
Nun ist meine Frage,bin ich Infiziert?

Hab meine Logs im Internet Auswerten lassen,aber anscheihend ist alles ok!

Ich gehe mal auf nummer sicher und poste hier meine Hijack Logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:16:05, on 04.05.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\RouterControl\RouterControl.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 8162 bytes

Mfg

Ps:Kaspersky hat kein ton von sich gegeben bzw. nix angezeigt.

cosinus · 04.05.2010, 11:22

Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Kangal · 04.05.2010, 14:29

Danke erstmal für die Hilfe .
Ich habe alles getahn,was sie mir aufgetragen haben

Erstmal das von Malwarebytes:

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4064

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.05.2010 14:53:16
mbam-log-2010-05-04 (14-53-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 292502
Laufzeit: 1 Stunde(n), 36 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\$Recycle.Bin\S-1-5-21-2773479561-840278347-2827710981-1001\$R0ODVOL.exe (Trojan.Agent) -> No action taken.
C:\Users\xxx\Desktop\Bizzy.Bone.-.Back.With.The.Thugz.52007.exe (Trojan.Downloader) -> No action taken.
C:\Users\xxx\Desktop\ydsrg\1PremGen1.30a\PremGen1.30a\ocr\test.exe (Trojan.Downloader) -> No action taken.
C:\Users\xxx\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.

Jetzt kommt das vom Oldtimer(Extras):

Zitat:

OTL Extras logfile created on: 04.05.2010 14:57:51 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\xxx\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 23,79 Gb Free Space | 10,22% Space Free | Partition Type: NTFS
Drive D: | 232,83 Gb Total Space | 40,08 Gb Free Space | 17,22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: xxx
Current User Name: xxx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant administratoren:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{452473D3-1D26-4E61-8060-3B216620D60C}_is1" = Fahren Lernen Offline 1.2
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{f24c815c-58ff-405e-8e2c-c2f4a855cf6c}" = Nero 9
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"abgx360" = abgx360 v1.0.2
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"a-squared Anti-Malware_is1" = a-squared Anti-Malware 4.5
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"JDownloader" = JDownloader
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSN BackUp" = MSN BackUp 1.3.2
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PremElem70" = Adobe Premiere Elements 7.0
"RouterControl" = RouterControl 2.0
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SystemRequirementsLab" = System Requirements Lab
"Trojan Remover_is1" = Trojan Remover 6.8.1
"TuneUp Utilities" = TuneUp Utilities
"Unlocker" = Unlocker 1.8.8
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"65fabcb66a90f1ab" = Mail Devil
"WinSetupFromUSB" = WinSetupFromUSB

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.04.2010 18:51:51 | Computer Name = xxx | Source = Protexis Licensing Service | ID = 49
Description =

Error - 28.04.2010 18:51:52 | Computer Name = xxx | Source = Protexis Licensing Service | ID = 49
Description =

Error - 28.04.2010 18:51:52 | Computer Name = xxx| Source = Protexis Licensing Service | ID = 49
Description =

Error - 28.04.2010 18:54:07 | Computer Name = xxx| Source = Protexis Licensing Service | ID = 49
Description =

Error - 28.04.2010 18:54:07 | Computer Name = xxx | Source = Protexis Licensing Service | ID = 49
Description =

Error - 28.04.2010 18:54:08 | Computer Name = xxx | Source = Protexis Licensing Service | ID = 49
Description =

Error - 28.04.2010 18:54:08 | Computer Name = xxx | Source = Protexis Licensing Service | ID = 49
Description =

Error - 29.04.2010 14:22:04 | Computer Name = xxx | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\mozbackup\dll\DelZip179.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\mozbackup\dll\DelZip179.dll"
in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
ungültig.

Error - 29.04.2010 19:30:17 | Computer Name = xxx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8089.726,
Zeitstempel: 0x4a6ce533 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdadb Ausnahmecode: 0xc0000005 Fehleroffset: 0x00046bd3 ID des fehlerhaften
Prozesses: 0xf24 Startzeit der fehlerhaften Anwendung: 0x01cae7a965038cb3 Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 2ad16a19-53e7-11df-974d-0014850dfa5c

Error - 30.04.2010 06:08:04 | Computer Name = xxx| Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8089.726,
Zeitstempel: 0x4a6ce533 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x13ebd472 ID des fehlerhaften
Prozesses: 0xc18 Startzeit der fehlerhaften Anwendung: 0x01cae84cfa590e20 Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 43f28d27-5440-11df-8aeb-0014850dfa5c

[ System Events ]
Error - 27.04.2010 04:07:05 | Computer Name = xxx | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 28.04.2010 06:57:58 | Computer Name = xxx | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 28.04.2010 12:45:12 | Computer Name = xxx | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 28.04.2010 12:46:25 | Computer Name = xxx | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 28.04.2010 12:46:34 | Computer Name = xxx | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?04.?2010 um 15:47:58 unerwartet heruntergefahren.

Error - 29.04.2010 05:41:13 | Computer Name = xxx | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 29.04.2010 10:36:07 | Computer Name = xxx | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 29.04.2010 10:37:14 | Computer Name = xxx | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 30.04.2010 06:01:54 | Computer Name = xxx | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 01.05.2010 09:13:32 | Computer Name = xxx | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

< End of report >

Und jetzt das Otl vom Oldtimer:

Zitat:

OTL logfile created on: 04.05.2010 14:57:51 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\xxx\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 23,79 Gb Free Space | 10,22% Space Free | Partition Type: NTFS
Drive D: | 232,83 Gb Total Space | 40,08 Gb Free Space | 17,22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: xxxx
Current User Name:xxx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\a-squared Anti-Malware\a2guard.exe (Emsi Software GmbH)
PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\lxdiserv.exe (Lexmark International, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\a-squared Anti-Malware\a2handler.dll (Emsi Software GmbH)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (a2AntiMalware) -- C:\Program Files\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (lxdi_device) -- C:\Windows\System32\lxdicoms.exe ( )
SRV - (lxdiCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe ()

========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\system32\DRIVERS\tdrpm258.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A 92 20 5E B9 66 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3
FF - prefs.js..network.proxy.backup.ftp: "217.17.241.245"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "217.17.241.245"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "217.17.241.245"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "217.17.241.245"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "221.12.147.80"
FF - prefs.js..network.proxy.ftp_port: 808
FF - prefs.js..network.proxy.gopher: "221.12.147.80"
FF - prefs.js..network.proxy.gopher_port: 808
FF - prefs.js..network.proxy.http: "221.12.147.80"
FF - prefs.js..network.proxy.http_port: 808
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 221.12.147.80"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "221.12.147.80"
FF - prefs.js..network.proxy.socks_port: 808
FF - prefs.js..network.proxy.ssl: "221.12.147.80"
FF - prefs.js..network.proxy.ssl_port: 808

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 12:15:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.03 12:15:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009.11.16 16:41:43 | 000,000,000 | ---D | M]

[2009.11.16 14:46:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2010.05.04 13:14:32 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\7ka5q5kg.default\extensions
[2010.03.10 19:31:36 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\7ka5q5kg.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009.11.16 16:33:26 | 000,000,000 | ---D | M] (WOT) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\7ka5q5kg.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.05.01 01:30:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\7ka5q5kg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.11.16 16:33:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\7ka5q5kg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.11.16 16:33:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\7ka5q5kg.default\extensions\firefox@tvunetworks.com
[2009.11.16 16:33:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\7ka5q5kg.default\extensions\toolbar@alexa.com
[2010.03.10 19:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\7ka5q5kg.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2010.03.10 19:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\7ka5q5kg.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010.03.10 19:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\7ka5q5kg.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2010.03.10 19:31:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\7ka5q5kg.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010.01.09 16:18:20 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.11.16 16:42:09 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.03.15 17:51:18 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.15 17:51:18 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.15 17:51:18 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.15 17:51:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.15 17:51:19 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.03.31 17:34:25 | 000,000,921 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [a-squared] C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.248 195.50.140.114
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e8d4ab17-d36b-11de-9c20-0014850dfa5c}\Shell - "" = AutoRun
O33 - MountPoints2\{e8d4ab17-d36b-11de-9c20-0014850dfa5c}\Shell\AutoRun\command - "" = H:\Setup.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.04 13:00:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2010.05.04 13:00:32 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2010.05.04 12:59:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.04 12:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.04 12:59:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.04 12:59:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.04 00:14:29 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.05.01 01:14:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Apps
[2010.05.01 01:14:22 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Deployment
[2010.04.30 20:41:10 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\GrabIt
[2010.04.29 00:52:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Meine Paletten
[2010.04.29 00:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2010.04.29 00:51:10 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Corel
[2010.04.28 23:08:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Corel
[2010.04.28 23:07:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Visual Studio 2008
[2010.04.28 23:03:36 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SDKs
[2010.04.28 23:03:34 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 9.0
[2010.04.28 23:01:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Corel
[2010.04.28 23:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2010.04.28 18:52:15 | 000,000,000 | --SD | C] -- C:\Users\xxx\Searches
[2010.04.28 18:52:15 | 000,000,000 | --SD | C] -- C:\Users\xxx\Saved Games
[2010.04.28 18:52:15 | 000,000,000 | --SD | C] -- C:\Users\xxx\Links
[2010.04.28 13:03:44 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.04.28 13:03:44 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.04.26 23:29:10 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\a-squared
[2010.04.26 22:03:30 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2010.04.26 22:03:30 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2010.04.26 22:03:29 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010.04.26 22:03:28 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2010.04.26 22:03:28 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5
[2010.04.26 22:02:49 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2010.04.26 22:02:49 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2010.04.26 22:02:49 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
[2010.04.26 22:02:49 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
[2010.04.26 22:02:49 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2010.04.26 22:02:48 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
[2010.04.26 22:02:48 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2010.04.26 22:02:48 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
[2010.04.26 22:02:48 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2010.04.26 22:02:48 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2010.04.26 22:02:48 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2010.04.26 22:02:48 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2010.04.26 22:02:41 | 000,000,000 | ---D | C] -- C:\Programme\eRightSoft
[2010.04.25 14:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2010.04.25 14:37:46 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe Systems Shared
[2010.04.14 17:10:52 | 000,000,000 | ---D | C] -- C:\WinSetupFromUSB
[2010.04.14 17:05:35 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 17:05:35 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 17:05:27 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 16:59:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\usb
[2010.04.07 22:54:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\Kaspersky Lab
[2009.11.25 02:12:32 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2009.11.25 02:12:32 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2009.11.25 02:12:32 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2009.11.25 02:12:32 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2009.11.25 02:12:32 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2009.11.25 02:12:32 | 000,311,296 | ---- | C] ( ) -- C:\Windows\System32\lxdihcp.dll
[2009.11.25 02:12:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[2009.11.25 02:12:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2009.11.25 02:12:31 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2009.11.25 02:12:31 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2009.11.25 02:12:31 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2009.11.25 02:12:31 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll

========== Files - Modified Within 30 Days ==========

[2010.05.04 15:01:02 | 002,621,440 | ---- | M] () -- C:\Users\xxx\NTUSER.DAT
[2010.05.04 13:01:00 | 000,024,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.04 13:01:00 | 000,024,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.04 13:00:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2010.05.04 12:59:33 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.04 12:51:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.04 12:51:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.04 12:51:14 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.04 02:22:31 | 006,149,336 | -H-- | M] () -- C:\Users\xxx\AppData\Local\IconCache.db
[2010.05.04 00:14:29 | 000,002,039 | ---- | M] () -- C:\Users\xxx\Desktop\HijackThis.lnk
[2010.05.03 23:47:36 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.05.03 23:47:36 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.05.03 23:36:13 | 000,101,888 | ---- | M] () -- C:\Users\xxx\Desktop\Bizzy.Bone.-.Back.With.The.Thugz.52007.exe
[2010.05.03 23:33:11 | 000,000,000 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.05.03 22:27:31 | 000,008,704 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.02 23:16:52 | 000,050,393 | ---- | M] () -- C:\Users\xxx\Desktop\Audikss.jpg
[2010.05.02 22:43:39 | 000,816,640 | ---- | M] () -- C:\Users\xxx\Desktop\Animated_Red-black.thm
[2010.05.02 22:42:38 | 000,174,592 | ---- | M] () -- C:\Users\xxx\Desktop\Audi.thm
[2010.05.02 22:12:48 | 000,212,992 | ---- | M] () -- C:\Users\xxx\Desktop\Shakeit-flash_Orange.thm
[2010.05.02 14:42:07 | 000,579,578 | ---- | M] () -- C:\Users\xxxo\Desktop\Audi.psd
[2010.05.02 14:35:05 | 000,094,733 | ---- | M] () -- C:\Users\xxx\Desktop\Audiks.jpg
[2010.05.01 15:34:54 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010.04.30 14:37:28 | 000,455,856 | ---- | M] () -- C:\Users\xxx\Desktop\Unbenannt - 1.jpg
[2010.04.30 12:47:59 | 000,035,762 | ---- | M] () -- C:\Users\xxx\Desktop\209244.rar
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.29 11:41:40 | 002,382,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.28 23:13:05 | 000,131,224 | ---- | M] () -- C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.28 13:26:25 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.28 13:26:25 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.28 13:26:25 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.28 13:26:25 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.28 13:26:25 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.28 00:58:09 | 000,524,288 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{73a725b2-51d3-11df-b899-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010.04.28 00:58:09 | 000,524,288 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{73a725b2-51d3-11df-b899-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010.04.28 00:58:09 | 000,065,536 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{73a725b2-51d3-11df-b899-806e6f6e6963}.TM.blf
[2010.04.27 21:30:41 | 000,343,371 | ---- | M] () -- C:\Users\xxx\Desktop\hjsplit-2-4.zip
[2010.04.27 10:06:23 | 002,621,440 | ---- | M] () -- C:\Users\xxx\NTUSER.DAT_tureg_old
[2010.04.27 00:36:16 | 092,461,226 | ---- | M] () -- C:\Users\xxx\Desktop\Unbenannte Muster.pat
[2010.04.26 23:29:37 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\a-squared Anti-Malware.lnk
[2010.04.26 23:09:27 | 000,071,727 | ---- | M] () -- C:\Users\xxx\Desktop\Audi.jpg
[2010.04.26 22:02:49 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2010.04.25 14:37:42 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Audition 3.0.lnk
[2010.04.15 00:54:00 | 000,028,160 | ---- | M] () -- C:\Users\xxx\Deckblattxxx.doc
[2010.04.15 00:50:51 | 000,028,160 | ---- | M] () -- C:\Users\xxx\xxx+ausbildung.doc
[2010.04.06 21:06:02 | 000,028,672 | ---- | M] () -- C:\Users\xxx\xxx+mediendesign.doc
[2010.04.06 20:49:49 | 000,032,256 | ---- | M] () -- C:\Users\xxx\Praktikum Bewerbung.doc

========== Files Created - No Company Name ==========

[2010.05.04 12:59:33 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.04 00:14:29 | 000,002,039 | ---- | C] () -- C:\Users\xxxDesktop\HijackThis.lnk
[2010.05.03 23:35:59 | 000,101,888 | ---- | C] () -- C:\Users\xxx\Desktop\Bizzy.Bone.-.Back.With.The.Thugz.52007.exe
[2010.05.03 23:33:11 | 000,000,000 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.05.02 23:16:51 | 000,050,393 | ---- | C] () -- C:\Users\xxx\Desktop\Audikss.jpg
[2010.05.02 22:43:38 | 000,816,640 | ---- | C] () -- C:\Users\xxx\Desktop\Animated_Red-black.thm
[2010.05.02 22:42:37 | 000,174,592 | ---- | C] () -- C:\Users\xxx\Desktop\Audi.thm
[2010.05.02 22:12:45 | 000,212,992 | ---- | C] () -- C:\Users\xxx\Desktop\Shakeit-flash_Orange.thm
[2010.05.02 14:42:05 | 000,579,578 | ---- | C] () -- C:\Users\xxx\Desktop\Audi.psd
[2010.05.02 14:35:00 | 000,094,733 | ---- | C] () -- C:\Users\xxx\Desktop\Audiks.jpg
[2010.04.30 14:37:27 | 000,455,856 | ---- | C] () -- C:\Users\xxx\Desktop\Unbenannt - 1.jpg
[2010.04.30 12:47:57 | 000,035,762 | ---- | C] () -- C:\Users\xxx\Desktop\209244.rar
[2010.04.30 00:06:15 | 007,443,981 | ---- | C] () -- C:\Users\xxx\Desktop\02 - Revenge Of Huey P Newton.mp3
[2010.04.29 23:56:42 | 007,922,544 | ---- | C] () -- C:\Users\xxx\Desktop\15) 2PAC-Who Do U Believe In DJVELI.mp3
[2010.04.29 23:54:22 | 006,247,573 | ---- | C] () -- C:\Users\xxx\Desktop\07 - Ratha B Buried feat Crooked I 50 Cent DJ Hen.mp3
[2010.04.29 23:25:46 | 005,221,922 | ---- | C] () -- C:\Users\xxx\Desktop\02-2pac- if i die tonight dj demon remix.mp3
[2010.04.29 00:50:37 | 006,342,575 | ---- | C] () -- C:\Users\xxx\Desktop\hjsplit-2-4.zip
[2010.04.27 10:07:45 | 000,524,288 | -HS- | C] () -- C:\Users\xxx\NTUSER.DAT{73a725b2-51d3-11df-b899-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010.04.27 10:07:45 | 000,524,288 | -HS- | C] () -- C:\Users\xxx\NTUSER.DAT{73a725b2-51d3-11df-b899-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010.04.27 10:07:45 | 000,065,536 | -HS- | C] () -- C:\Users\xxx\NTUSER.DAT{73a725b2-51d3-11df-b899-806e6f6e6963}.TM.blf
[2010.04.27 00:36:14 | 092,461,226 | ---- | C] () -- C:\Users\xxx\Desktop\Unbenannte Muster.pat
[2010.04.26 23:29:37 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\a-squared Anti-Malware.lnk
[2010.04.26 23:09:26 | 000,071,727 | ---- | C] () -- C:\Users\xxx\Desktop\Audi.jpg
[2010.04.26 22:48:34 | 000,018,762 | ---- | C] () -- C:\Users\xxxo\Documents\cc_20100426_224827.reg
[2010.04.26 22:03:29 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.04.26 22:02:49 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
[2010.04.26 22:02:49 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2010.04.26 22:02:49 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2010.04.26 22:02:48 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2010.04.26 22:02:48 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
[2010.04.26 22:02:48 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
[2010.04.26 22:02:48 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
[2010.04.26 22:02:47 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2010.04.26 22:02:47 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2010.04.25 14:37:42 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Audition 3.0.lnk
[2010.04.15 00:52:20 | 000,028,160 | ---- | C] () -- C:\Users\xxx\xxx.doc
[2010.04.15 00:50:48 | 000,028,160 | ---- | C] () -- C:\Users\xxx\xxxr+ausbildung.doc
[2010.04.06 20:50:28 | 000,028,672 | ---- | C] () -- C:\Users\xxx\xxx+mediendesign.doc
[2010.04.06 20:49:46 | 000,032,256 | ---- | C] () -- C:\Users\xxx\Praktikum Bewerbung.doc
[2010.01.10 05:05:03 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.01.10 05:05:03 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010.01.10 05:05:03 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010.01.10 05:05:03 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2009.11.25 02:12:32 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxdiinst.dll
[2009.11.25 02:12:31 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2009.11.17 03:26:45 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.10.31 03:56:44 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.08.16 12:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.05.29 17:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 17:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.04.14 08:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2007.03.30 11:13:24 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2007.03.23 16:44:46 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdidrs.dll
[2007.02.09 15:07:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdicnv4.dll
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007.01.23 20:40:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdicaps.dll
[2006.08.01 02:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll

========== Files - Unicode (All) ==========
[2007.09.25 22:04:55 | 000,400,056 | ---- | M] ()(C:\Users\KinG-๑·$#80B3EC«×-.¸¸.·´¯)_25_09_2007@22_01_45.wav

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:9F3A1A3052BC5BE1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >

cosinus · 04.05.2010, 15:12

Log sieht ok aus. Deinstalliere nun entweder A Squared oder Kaspersky, aber beide gleichzeitig sollte man nicht verwenden!

Kangal · 04.05.2010, 15:36

Danke nochmal für die Mühe.

Auf der Internet seite von s aquared steht,aber das sie mit kaspersky zusammen arbeiten tut

Soll ich es dennoch deinstallieren?

cosinus · 04.05.2010, 15:43

Ja, ich würde niemals KIS und noch gleichzeitig was anderes verwenden. Ehrlich gesagt würde ich mir nichtmal KIS antun

Kangal · 04.05.2010, 15:45

Ok,

Ich werde dann eins von den Programmen deinstallieren

Und muss jetzt nochwas gemacht werden?

Oder ist alles ok?

Mfg

cosinus · 04.05.2010, 15:47

Du könntest Dein System mal mit dem CCleaner aufräumen (falls noch nicht gemacht) und danach mal die Updates prüfen:

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Kangal · 04.05.2010, 19:24

Ähmm Cosinus

Mein Antivirus (Kaspersky),hat mir gerade ne meldung gegeben das er ein trojanisches pferdschen gefunden hätte.Er hat es neutralisiert und wollte ein Neustart habe das auch getahn was nun?

Hier ein Abbild von Kaspersky:

cosinus · 04.05.2010, 21:24

Hast Du zu dem Zeitpnkt A Squared schon deinstalliert gehabt? Kamen noch andere Funde?

Kangal · 05.05.2010, 12:08

Nein A - squared war zu diesem Zeitpunkt noch nicht gelöscht bzw.deinstalliert.

Und andere funde kamen bisjetzt noch nicht hinzu.

Mfg

cosinus · 05.05.2010, 15:20

Ok. Dann erstell bitte noch mal zur Überprüfung Logfiles mit GMER und OSAM

Kangal · 05.05.2010, 19:17

Ich musste leider feststellen, das GMER gerne abstürzt wärend er sucht

Deswegen kann ich nur das logfile von Osam präsentieren.

Zitat:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:13:26 on 05.05.2010

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries

[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ALSNDMGR.CPL" - ? - C:\Windows\system32\ALSNDMGR.CPL (File signed by Microsoft | File found, but it contains no detailed information)
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys
"Acronis Try&Decide and Restore Points filter (build 258)" (tdrpman258) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpm258.sys
"adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys
"afcdp" (afcdp) - "Acronis" - C:\Windows\System32\DRIVERS\afcdp.sys
"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\Windows\System32\Drivers\ElbyCDFL.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"Kaspersky Lab Driver" (KLIF) - "Kaspersky Lab" - C:\Windows\System32\DRIVERS\klif.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
"uwlyipoc" (uwlyipoc) - ? - C:\Users\KING-S~1\AppData\Local\Temp\uwlyipoc.sys (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "{0561EC90-CE54-4f0c-9C55-E226110A740C}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Secure Zone" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Exctractor" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{1CA6BBC9-E9FA-4021-822B-075DF1837B63} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{4FBFFA8D-F390-471a-AE46-FEB93623AD63} "NeroDigitalInfoHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{846083A4-BFC6-4447-985C-6578B466A7D7} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} "NeroDigitalThumbnailHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\OLKFSTUB.DLL
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - "Simply Super Software" - C:\PROGRA~1\TROJAN~1\Trshlex.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information)
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell1.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} "CKAVWebScan Object" - "Kaspersky Lab" - C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll / hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AVP" - "Kaspersky Lab" - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
" Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"TrojanScanner" - "Simply Super Software" - C:\Program Files\Trojan Remover\Trjscan.exe /boot

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
"Acronis Nonstop Backup service" (afcdpsrv) - "Acronis" - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Kaspersky Internet Security" (AVP) - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab" - C:\Windows\system32\klogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Mfg

Kangal · 05.05.2010, 20:19

Kaspersky hat nun den gleichen trojaner gefunden,auch im gleichen ordner bloß war der trojaner nicht die glb.exe sondern die glc.exe und als ich eben Firefox gestartet hab,startete auch gleich eine Dateseite mit .

Kangal · 06.05.2010, 17:35

Hilfs du mir nicht mehr?

04.05.2010, 15:12	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner eingefangen? Log sieht ok aus. Deinstalliere nun entweder A Squared oder Kaspersky, aber beide gleichzeitig sollte man nicht verwenden! __________________ Logfiles bitte immer in CODE-Tags posten

04.05.2010, 15:43	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner eingefangen? Ja, ich würde niemals KIS und noch gleichzeitig was anderes verwenden. Ehrlich gesagt würde ich mir nichtmal KIS antun __________________ --> Trojaner eingefangen?

04.05.2010, 21:24	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner eingefangen? Hast Du zu dem Zeitpnkt A Squared schon deinstalliert gehabt? Kamen noch andere Funde? __________________ Logfiles bitte immer in CODE-Tags posten

05.05.2010, 15:20	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner eingefangen? Ok. Dann erstell bitte noch mal zur Überprüfung Logfiles mit GMER und OSAM __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner eingefangen?

Plagegeister aller Art und deren Bekämpfung: Trojaner eingefangen?