Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Data Restore Virus kann nicht entfernt werden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.10.2011, 12:58   #1
Rozel
 
Data Restore Virus kann nicht entfernt werden - Standard

Data Restore Virus kann nicht entfernt werden



Hallo Zusammen!

mich hat leider auch Data Restore Virus erwischt! Ich habe nach dieser Anleitung http://www.trojaner-board.de/103776-...entfernen.html gehandelt. Also habe ich folgende Sachen durch:
1) Rkill: es scheint, dass Data Restore entfernt wurde
Anhang 22870
2) Malwarebytes: kein Fund
mbam-log-2011-10-06 (12-31-39)_TB.txt
3) TDSSKiller: kein Fund
4) unhide.exe

Ach ja und mit diesem Key habe ich das Data Restore registriert, um die Meldungen zu stoppen: Key: 1203978628012489708290478989147. (Uebernommen aus: www.pcrisk.com/removal-guides/6559-remove-data-restore)

Nach dem Neustart war Date Restore leider immer noch da.

Danach habe ich OTH ausgefuehrt, leider auch ohne Ergebnis. Dann habe ich mit Avira gescannt, Virus gefunden und in Quarantine verschoben.

Avira_log_TB.txt

Das Programm ist immer noch auf dem Desktop, wird aber von Malwarebytes nicht gefunden.

Jetzt bin ich total unsicher, ob ich das jetzt geloescht habe oder nicht. Ich bin leider auch kein Experte aud dem Gebiet.
Ich hoffe sehr auf eure Hilfe und hoffe ihr koennt damit etwas anfangen. Falls ihr noch Informationen braucht sagt Bescheid. Vielen Dank schon mal!

Liebe Gruesse, Rozel

Alt 06.10.2011, 13:33   #2
markusg
/// Malware-holic
 
Data Restore Virus kann nicht entfernt werden - Standard

Data Restore Virus kann nicht entfernt werden



hi, du hast otl ausgeführt? und wo sind die berichte :-)
poste die bitte.
__________________

__________________

Alt 06.10.2011, 15:09   #3
Rozel
 
Data Restore Virus kann nicht entfernt werden - Standard

Data Restore Virus kann nicht entfernt werden



Danke sehr fuer deine Hilfe! :-)

Hier ist OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10/6/2011 3:18:36 PM - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\***\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy
 
2.75 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 56.85% Memory free
5.72 Gb Paging File | 4.30 Gb Available in Paging File | 75.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 107.18 Gb Free Space | 46.03% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: Comp Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Users\***\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.)
PRC - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Program Files\Launch Manager\OSDCtrl.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3076.38379__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3076.38436__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3076.38415__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3076.38401__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3076.38423__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3076.38617__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3076.38535__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3076.38651__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3076.38588__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3076.38649__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3076.38657__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3076.38594__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3076.38394__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3076.38580__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3076.38587__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3076.38649__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3076.38544__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3076.38448__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3076.38402__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3076.38608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3076.38573__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3076.38454__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3076.38443__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3076.38560__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3076.38543__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3076.38454__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3076.38560__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3076.38572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3076.38528__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3076.38536__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3076.38535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3076.38542__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3036.27930__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3036.27933__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3036.27945__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3036.27937__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3036.27960__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3036.27963__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3036.27961__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3036.27964__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3036.27964__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3036.27964__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3036.27933__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3036.27946__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3036.28032__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3036.27948__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3036.27945__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3036.27940__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3036.27944__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3036.27965__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3076.38669__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3036.27959__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3036.27977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3036.27962__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3036.27961__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3036.27944__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3076.38680__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3076.38632__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3076.38408__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3076.38641__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3076.38639__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3076.38372__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3076.38370__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3036.27937__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3036.27961__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3036.27959__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3076.38370__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3076.38387__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3076.38371__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3076.38369__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3076.38370__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3036.27949__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3076.38640__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3036.27979__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Launch Manager\OSDCtrl.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Program Files\OpenVPN\bin\openvpnserv.exe ()
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (PCTSD) -- C:\Windows\System32\drivers\PCTSD.sys (PC Tools)
DRV - (pctEFA) -- C:\Windows\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (ViPImgSVC) -- C:\Windows\System32\drivers\vpmini.sys (Aviclink Corporation)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {399d96ca-6f9a-4fff-95fe-284e45ebb935} - C:\Program Files\RadarSync\tbRada.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 8C E7 78 96 83 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/12 12:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/20 13:24:46 | 000,000,000 | ---D | M]
 
[2010/09/06 13:15:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Comp Admin.***\AppData\Roaming\mozilla\Extensions
[2011/10/06 13:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Comp Admin.***\AppData\Roaming\mozilla\Firefox\Profiles\ypwcvow9.default\extensions
[2011/10/06 13:05:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Comp Admin.***\AppData\Roaming\mozilla\Firefox\Profiles\ypwcvow9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/01 15:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/01 15:04:30 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
 
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RadarSync Toolbar) - {399d96ca-6f9a-4fff-95fe-284e45ebb935} - C:\Program Files\RadarSync\tbRada.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (RadarSync Toolbar) - {399d96ca-6f9a-4fff-95fe-284e45ebb935} - C:\Program Files\RadarSync\tbRada.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (RadarSync Toolbar) - {399D96CA-6F9A-4FFF-95FE-284E45EBB935} - C:\Program Files\RadarSync\tbRada.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WisKeyState] C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} https://imtvpn2.uni-paderborn.de/http/0/platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7792C564-6984-4732-A1A2-EF6446ACE5AA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1cd18624-0026-11de-bcae-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1cd18624-0026-11de-bcae-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/10/06 13:08:24 | 000,000,000 | ---D | C] -- C:\Users\Comp Admin.***\AppData\Roaming\Avira
[2011/10/05 21:44:03 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Comp Admin.***\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/05 21:11:23 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2011/10/05 21:11:23 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2011/10/05 21:11:21 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/10/05 21:11:21 | 000,105,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/10/05 21:11:16 | 000,263,888 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/10/05 21:11:15 | 000,160,576 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/10/05 21:11:09 | 000,233,976 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2011/10/05 21:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/10/05 21:11:04 | 000,070,664 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/10/05 21:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/10/05 21:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/10/05 21:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/10/05 21:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/10/05 20:38:09 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\56885918.sys
[2011/10/05 16:23:02 | 000,000,000 | ---D | C] -- C:\Users\Comp Admin.***\AppData\Roaming\Malwarebytes
[2011/10/05 16:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/05 16:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/05 16:22:45 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/05 16:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/28 11:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/09/28 11:10:14 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/09/28 11:10:09 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/09/28 11:10:09 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/09/28 11:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/09/26 13:19:53 | 000,000,000 | ---D | C] -- C:\Users\Comp Admin.***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sigel
[2011/09/26 13:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigel
[2011/09/26 13:19:51 | 000,374,272 | ---- | C] (Herd Software Entwicklung/ Ketteler Str. 35/ D-68642 Bürstadt/ hxxp://www.herdsoft.com/ Telefon:+49-6206-707775/ Telefax:+49-6206-707776) -- C:\Windows\System32\Dav3_32.dll
[2011/09/26 13:19:51 | 000,143,360 | ---- | C] (Herd Software Entwicklung/ Ketteler Str.35/ D-68642 Bürstadt/ hxxp://www.herdsoft.com/ eMail:info@herdsoft.com/ Telefon:+49-6206-707775/ Telefax:+49-6206-707776) -- C:\Windows\System32\leon3_32.dll
[2011/09/26 13:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\Sigel
[2011/09/25 21:41:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/09/25 21:41:32 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/09/25 21:41:32 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/09/25 21:41:27 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/09/25 21:41:26 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/09/25 21:41:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/09/25 21:41:06 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/09/25 21:41:04 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/09/25 21:41:04 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/09/25 21:41:04 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/09/25 21:41:03 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/09/25 21:41:03 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/09/25 21:41:03 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/09/25 21:41:03 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/09/25 21:41:03 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/09/25 21:41:03 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/09/25 21:41:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/09/25 21:41:02 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/09/25 21:41:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/09/25 21:41:02 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/09/25 21:41:02 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/09/25 21:41:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/09/25 21:41:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/09/25 21:40:40 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/09/20 12:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools&More
[2011/09/20 12:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Tools&More
[2011/09/08 13:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/09/08 13:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/08 10:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/10/06 15:25:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5A1D0584-02FE-4FA6-8FFA-A6D20E0883B7}.job
[2011/10/06 15:03:08 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/06 15:03:04 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Comp Admin-Startup.job
[2011/10/06 14:54:01 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/06 14:36:41 | 000,003,760 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/06 14:36:41 | 000,003,760 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/06 12:36:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/06 12:36:33 | 2948,657,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/05 21:44:05 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Comp Admin.ZELJKA\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/05 21:15:00 | 002,388,690 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/10/05 21:00:26 | 000,000,062 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk.lic
[2011/10/05 20:38:09 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\56885918.sys
[2011/10/05 20:11:28 | 000,000,456 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/05 20:10:22 | 000,000,320 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/05 20:10:22 | 000,000,240 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/04 00:36:59 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/28 11:04:35 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/09/28 11:04:34 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/09/28 11:04:34 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/09/27 20:40:53 | 000,647,626 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/27 20:40:53 | 000,125,124 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/26 13:19:53 | 000,001,047 | ---- | M] () -- C:\Users\Comp Admin.***\Desktop\Professional Label Software SE.lnk
[2011/09/26 10:13:24 | 000,391,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/13 00:53:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/09/08 10:31:58 | 000,000,680 | ---- | M] () -- C:\Users\Comp Admin.***\AppData\Local\d3d9caps.dat
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/10/05 21:11:26 | 002,388,690 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/10/05 21:00:20 | 000,000,062 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk.lic
[2011/10/05 15:08:21 | 000,000,320 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/05 15:08:21 | 000,000,240 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/05 15:08:17 | 000,000,456 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/26 13:19:53 | 000,001,047 | ---- | C] () -- C:\Users\Comp Admin.***\Desktop\Professional Label Software SE.lnk
[2010/09/23 10:06:14 | 000,000,680 | ---- | C] () -- C:\Users\Comp Admin.***\AppData\Local\d3d9caps.dat
[2010/09/22 14:23:27 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2010/09/22 14:20:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\vpvfw.dll
[2010/09/22 14:20:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\remove.dll
[2010/05/03 22:35:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/10 14:37:06 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2009/09/18 10:36:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 10:36:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/18 10:33:30 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/04/19 22:32:47 | 000,148,899 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009/04/19 22:32:15 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009/04/09 23:09:34 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2009/03/02 23:35:06 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/26 20:49:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2009/02/26 20:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/02/26 20:48:44 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/02/23 22:03:31 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/02/23 16:31:02 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2009/02/22 20:12:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/21 17:10:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/02/21 17:01:38 | 000,001,744 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009/02/21 17:00:10 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/02/21 17:00:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/02/21 17:00:08 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/02/21 17:00:07 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009/01/13 12:29:00 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008/01/21 04:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 14:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:46:27 | 000,391,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,647,626 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,125,124 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2011/06/17 10:58:18 | 000,000,000 | ---D | M] -- C:\Users\Comp Admin.***\AppData\Roaming\AliceHilfe
[2009/07/30 12:21:17 | 000,000,000 | ---D | M] -- C:\Users\Comp Admin.***\AppData\Roaming\DriverCure
[2011/02/28 11:57:54 | 000,000,000 | ---D | M] -- C:\Users\Comp Admin.***\AppData\Roaming\IrfanView
[2011/10/06 15:02:39 | 000,000,000 | ---D | M] -- C:\Users\Comp Admin.***\AppData\Roaming\SoftGrid Client
[2011/02/22 18:05:28 | 000,000,000 | ---D | M] -- C:\Users\Comp Admin.***\AppData\Roaming\TP
[2009/10/18 14:43:48 | 000,000,000 | ---D | M] -- C:\Users\Comp Admin.***\AppData\Roaming\UDC Profiles
[2011/10/06 12:35:09 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/06 15:25:00 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5A1D0584-02FE-4FA6-8FFA-A6D20E0883B7}.job
[2011/10/06 15:03:04 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-Comp Admin-Startup.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         
--- --- ---


Und hier die Extras:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10/6/2011 3:18:36 PM - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\***\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy
 
2.75 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 56.85% Memory free
5.72 Gb Paging File | 4.30 Gb Available in Paging File | 75.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 107.18 Gb Free Space | 46.03% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: Comp Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bertelsmann Fotowelt] -- "C:\Program Files\Bertelsmann Fotowelt\Bertelsmann Fotowelt\Bertelsmann Fotowelt.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Bertelsmann Fotowelt\Bertelsmann Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3033247186-2803842189-3501196454-1005]
"EnableNotificationsRef" = 2
"EnableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3033247186-2803842189-3501196454-1006]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005B89D2-CB95-4D34-86D0-176CD3FA3DF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0BD68248-8FCC-4702-B3F7-BDB8E4685F43}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1BE0B760-0B2D-4C61-BDBC-DF0A1F0537CD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1C4181E7-E140-417B-9830-F6D8A3EFC59C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{30454D2F-9DFA-4AD5-B436-B79CDB5786B7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9DBF9D59-9F38-4047-A360-406B901FEF68}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C14CF0AA-69BD-4AEB-86A8-EFB9FFC8D7BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DE629F51-8E2C-48B9-8608-FDD781EF6FE6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{EA47B439-5EE6-4767-9EEB-2EC498653F58}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{F4AC477F-5482-4EB4-86E7-CA7C76C63959}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{F4C7FCF4-03E1-4D2A-B74B-00221E15EB6C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FA98992B-4FDA-484E-BC65-A4DDA70BAF64}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05AC65D5-CFB9-4519-93C4-1F2AF05190F5}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\lxdi\wireless\english\lxdiwpss.exe | 
"{07EB668F-F2ED-461A-B32F-19A7842B4400}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe | 
"{1990B067-F5DC-4EE2-9AFC-40623236A347}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{205FA747-9FD5-4889-9E06-C14072C47378}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{285BEADD-17C8-4E45-8CF0-3FC4102DD281}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe | 
"{38A8AC96-3634-4A85-B87F-2CE07BA0E2BE}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3CFB1123-A755-4563-94E3-EB564A1D39F7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3EB809F8-701B-4EF9-B6DE-1F2C2D5C0BF3}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{423FEBD7-6DEA-4162-8CB1-69814DAFB4CD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdijswx.exe | 
"{4E845E34-1EB4-40A4-9C99-D988E06D6689}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{529F6897-4DF3-45AA-A326-745601BE4635}" = protocol=6 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe | 
"{57B6D52B-F59A-421C-89D8-4F5CBA557A9D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe | 
"{594D1666-D8B1-4B6F-BD8A-0985F45E094D}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe | 
"{62EF4F98-48CD-4A5E-A5A8-14428BAD2268}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe | 
"{66C91EB8-3D41-4526-ADE6-192BDCE587D8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{6E813070-7526-480F-8DB1-0BBD390CEC29}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdijswx.exe | 
"{6F7FE51C-7BE2-4BBC-9DD5-B3AA0AA3F9DC}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe | 
"{77DAB85C-44A7-4EA4-9F24-29C6F40E61DB}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe | 
"{8068D401-61C5-4EEF-AF97-2CEF4E57D9CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{88E1EA1A-CCF6-4F9C-8D72-B665C62E5183}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe | 
"{8E583EAF-C5EF-4833-9507-C9A03BC862CB}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicfg.exe | 
"{A0D967E9-8BD8-4300-9BA5-963222F313B7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{A58C8FB4-E6A1-4C2C-96F0-563516940DB9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AC78AEB1-1E3C-4729-8B23-C84BAF42A127}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe | 
"{ADC5595C-C5E8-4C9E-87AD-5589CF4AA3CC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{BBD9F179-730B-4157-BA9F-44EBAA959F6A}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\lxdi\wireless\english\lxdiwpss.exe | 
"{BF586DF4-F159-4ED8-B9E0-E0341C5F9BB4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C09D7596-EF82-4194-B0AC-FE7CD216D302}" = protocol=17 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe | 
"{C5F871AD-1458-4635-9433-E6C769E9C5DF}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{D40A58A8-FA7A-41A9-B1E3-9B574A7B5610}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{E25A2671-680E-4162-A71D-650ADAD3DB72}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{E589FEBB-0338-4950-9177-D5D42257ED13}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe | 
"{EF1ADFA4-F915-48D3-8904-1AAE4E8749B7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F276DC4C-E780-48D6-8C75-75DE71466945}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicfg.exe | 
"{F7CDC2B3-7D1A-4FA9-A95A-33C724DD47A1}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe | 
"{FB3AABEE-DA48-4FAC-985B-0228AA9143A0}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe | 
"TCP Query User{39976206-B07D-431F-9CEB-CCA62BE5DC27}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{7A5E21D8-899A-4625-A112-95200C562C52}C:\users\***\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\zeljka.zeljka\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{9BF39DBE-2349-407B-8384-C8696DD64F1B}C:\users\******\desktop\zeljka\sopra\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\zeljka.zeljka\desktop\zeljka\sopra\eclipse\eclipse.exe | 
"TCP Query User{A493B724-6739-44F3-9AD3-12A0F2C69CE6}C:\program files\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe | 
"TCP Query User{A7E47951-8796-42FB-85E4-BAF25E338F35}C:\users\***\appdata\roaming\icq\application\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\users\zeljka.zeljka\appdata\roaming\icq\application\icq7.1\icq.exe | 
"TCP Query User{C9DEEFA6-90D3-4F13-A450-0372EDEE0CFC}C:\users\***\desktop\zeljka\sopra\eclipse-win32-win32-x86-ccf4ecdeb8c50d\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\zeljka.zeljka\desktop\zeljka\sopra\eclipse-win32-win32-x86-ccf4ecdeb8c50d\eclipse\eclipse.exe | 
"TCP Query User{F9663ECF-3648-4CA1-ADA6-8CBA9DADE068}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{07652726-B192-41A9-A077-DBAD893DF838}C:\program files\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe | 
"UDP Query User{8ECDEB8C-CD46-47C7-B2A2-9D5115725BEF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{B28531B8-332E-4117-A8EC-D4B4FC3C672A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{B3B29A9E-6E35-437E-B6D1-934C1E70FE5B}C:\users\***\desktop\zeljka\sopra\eclipse-win32-win32-x86-ccf4ecdeb8c50d\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\zeljka.zeljka\desktop\zeljka\sopra\eclipse-win32-win32-x86-ccf4ecdeb8c50d\eclipse\eclipse.exe | 
"UDP Query User{D5C646D8-0C1B-4CF8-9DDF-3495EB274532}C:\users\***\appdata\roaming\icq\application\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\icq\application\icq7.1\icq.exe | 
"UDP Query User{DECA4951-6E21-4FA4-991F-B6C189DD7F34}C:\users\***\desktop\zeljka\sopra\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\zeljka\sopra\eclipse\eclipse.exe | 
"UDP Query User{FB1C4C8D-8293-4AEA-9FF3-A31B56340746}C:\users\***\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\zeljka.zeljka\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C8270-F2A6-C941-3A19-EBE139C966E7}" = Catalyst Control Center Graphics Full Existing
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.5 SE
"{0739951F-27F4-F7FF-C26D-3C44A681933F}" = ccc-utility
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1D5EB783-25F8-495B-8B01-DE6D1BFBB8B4}" = VideoCam Suite 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 18
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{41ADAFC4-DCCD-4A7A-9FAB-10AF790AD6BB}" = MPL for Windows 4.2 Student Version
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{60DCEC40-8854-B0B5-7828-A6E14DBE71EC}" = Catalyst Control Center Graphics Previews Vista
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6DC0B476-B032-83DE-9637-3F6809A344C1}" = Skins
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81758E18-D5EA-4049-844A-E2DDDDDA9798}" = CCC Help English
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Deutsch
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{95104E32-1B84-0E33-14BE-BA115643629C}" = Catalyst Control Center Graphics Light
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9687697B-1055-E1E5-2D31-061CC502AB31}" = ATI Catalyst Install Manager
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D26F264-EFA2-31BB-D49F-380FD60207FA}" = Catalyst Control Center Core Implementation
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE0DC31A-9BF9-4DB2-A338-E7F500243BF3}" = MOPS Studio
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3905755-64EC-422E-A4D9-644D6D8FDE5E}" = ccc-core-static
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CA45B622-88F9-4836-A529-DBF14698498D}" = Catalyst Control Center - Branding
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2E272DA-CB23-936D-268E-030DE425AD11}" = Catalyst Control Center Graphics Full New
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AliceHilfe 1.0.0.1" = AliceHilfe
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Bertelsmann Fotowelt" = Bertelsmann Fotowelt
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"E01421337C9E830E94F08C6ADCF7E2659CD6B066" = Windows Driver Package - Intel (NETw5v32) net  (11/17/2008 12.2.0.11)
"EH Rječnik WS_is1" = EH Rječnik WS
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Free Screen Recorder_is1" = Free Screen Recorder v2.9
"Gadwin PrintScreen" = Gadwin PrintScreen
"GOMSED 2.0" = GOMSED 2.0
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OpenVPN" = OpenVPN 2.1_rc21
"RadarSync Toolbar" = RadarSync Toolbar
"Sigel Professional Label Software SE" = Sigel Professional Label Software SE
"Spyware Doctor" = Spyware Doctor 8.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR arhiver
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 8/22/2010 5:09:07 AM | Computer Name = *** | Source = Google Update | ID = 20
Description = 
 
Error - 8/22/2010 3:01:04 PM | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 8/22/2010 3:01:04 PM | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 8/22/2010 3:02:15 PM | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 8/23/2010 3:20:34 AM | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 8/23/2010 3:20:37 AM | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 8/23/2010 3:20:37 AM | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 8/23/2010 3:28:20 PM | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 8/23/2010 3:28:20 PM | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 8/23/2010 3:29:35 PM | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 3/30/2010 6:19:11 AM | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 331
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 2/25/2011 6:21:21 AM | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1275
 seconds with 900 seconds of active time.  This session ended with a crash.
 
Error - 2/25/2011 10:14:24 AM | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13956
 seconds with 9060 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10/6/2011 6:24:28 AM | Computer Name = *** | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 10/6/2011 6:26:22 AM | Computer Name = *** | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 10/6/2011 6:27:13 AM | Computer Name = *** | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 10/6/2011 6:27:16 AM | Computer Name = *** | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 10/6/2011 6:27:19 AM | Computer Name = *** | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 10/6/2011 6:27:22 AM | Computer Name = *** | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 10/6/2011 6:27:25 AM | Computer Name = *** | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 10/6/2011 6:27:28 AM | Computer Name = *** | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 10/6/2011 6:36:43 AM | Computer Name = *** | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 10/6/2011 6:38:18 AM | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 06.10.2011, 15:28   #4
markusg
/// Malware-holic
 
Data Restore Virus kann nicht entfernt werden - Standard

Data Restore Virus kann nicht entfernt werden



hiho



achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
[2011/10/05 20:11:28 | 000,000,456 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/05 20:10:22 | 000,000,320 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/05 20:10:22 | 000,000,240 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
:Files
:Commands
[purity]
[EMPTYFLASH]
[resethosts]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.10.2011, 16:30   #5
Rozel
 
Data Restore Virus kann nicht entfernt werden - Standard

Data Restore Virus kann nicht entfernt werden



Hallo Markus,

ist das die Datei unter dem Pfad C:\_OTL\MovedFiles? Wenn ja, hier ist der Inhalt:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Comp Admin.***
->Flash cache emptied: 562 bytes

User: Default

User: Default User

User: Guest
->Flash cache emptied: 1025 bytes

User: Public

User: ***

User: ***
->Flash cache emptied: 3138386 bytes

Total Flash Files Cleaned = 3.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Comp Admin.***
->Temp folder emptied: 2059468229 bytes
->Temporary Internet Files folder emptied: 48263661 bytes
->Java cache emptied: 25493434 bytes
->FireFox cache emptied: 50836066 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 315454 bytes
->Temporary Internet Files folder emptied: 12134594 bytes
->FireFox cache emptied: 27777137 bytes
->Flash cache emptied: 0 bytes

User: Public

User: ***

User: ***
->Temp folder emptied: 20722879 bytes
->Temporary Internet Files folder emptied: 191720887 bytes
->Java cache emptied: 62403252 bytes
->FireFox cache emptied: 73279836 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 2040260 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1249280 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 280950432 bytes
RecycleBin emptied: 55341076 bytes

Total Files Cleaned = 2,777.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10062011_170801

Danke nochmal für deine Antworten! :-)


Geändert von Rozel (06.10.2011 um 16:37 Uhr)

Alt 06.10.2011, 16:34   #6
markusg
/// Malware-holic
 
Data Restore Virus kann nicht entfernt werden - Standard

Data Restore Virus kann nicht entfernt werden



hiermit weiter machen:
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
--> Data Restore Virus kann nicht entfernt werden

Alt 06.10.2011, 17:53   #7
Rozel
 
Data Restore Virus kann nicht entfernt werden - Standard

Data Restore Virus kann nicht entfernt werden



Hallo Markus,

ich habe ComboFix ausgefuehrt. Leider funktioniert in mmeine User Account nichts mehr, ich konnte keinen Browser oeffnen, keine txt-Datei... Ich bekomme die Meldung: illegal operation attempted on a registry key that has been marked for deletion. :-(((

Ich musste also erstmal in den Admin Account rein, damit ich dir schreiben kann.

Hier ist ComboFix Log. Ich hoffe, du kannst mir weiter helfen, ich bin wirklich verzweifelt.


Combofix Logfile:
Code:
ATTFilter
ComboFix 11-10-06.03 - Comp Admin 06.10.2011  18:13:39.1.2 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1250.385.1033.18.2813.1574 [GMT 2:00]
Running from: c:\users\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Spyware Doctor *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore\Data Restore.lnk
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore\Uninstall Data Restore.lnk
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-06 to 2011-10-06  )))))))))))))))))))))))))))))))
.
.
2011-10-06 15:08 . 2011-10-06 15:08	--------	d-----w-	C:\_OTL
2011-10-06 11:08 . 2011-10-06 11:08	--------	d-----w-	c:\users\Comp Admin.***\AppData\Roaming\Avira
2011-10-05 19:11 . 2010-07-16 12:59	656320	----a-w-	c:\windows\system32\drivers\pctEFA.sys
2011-10-05 19:11 . 2010-07-16 12:59	338880	----a-w-	c:\windows\system32\drivers\pctDS.sys
2011-10-05 19:11 . 2011-05-12 06:59	105280	----a-w-	c:\windows\system32\drivers\pctwfpfilter.sys
2011-10-05 19:11 . 2011-05-06 11:26	251560	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2011-10-05 19:11 . 2011-05-11 07:55	263888	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2011-10-05 19:11 . 2011-05-11 11:35	160576	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2011-10-05 19:11 . 2011-03-10 07:08	233976	----a-w-	c:\windows\system32\drivers\PCTSD.sys
2011-10-05 19:11 . 2011-05-06 11:28	70664	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2011-10-05 19:10 . 2011-10-06 16:08	--------	d-----w-	c:\program files\PC Tools Security
2011-10-05 19:10 . 2011-10-05 19:14	--------	d-----w-	c:\program files\Common Files\PC Tools
2011-10-05 19:10 . 2011-10-05 19:11	--------	d-----w-	c:\programdata\PC Tools
2011-10-05 18:38 . 2011-10-05 18:38	94896	----a-w-	c:\windows\system32\drivers\56885918.sys
2011-10-05 18:25 . 2011-10-05 18:25	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2011-10-05 14:23 . 2011-10-05 14:23	--------	d-----w-	c:\users\Comp Admin.***\AppData\Roaming\Malwarebytes
2011-10-05 14:22 . 2011-10-05 14:22	--------	d-----w-	c:\programdata\Malwarebytes
2011-10-05 14:22 . 2011-10-05 19:46	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-10-05 14:22 . 2011-08-31 15:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-09-28 09:26 . 2011-09-28 09:26	--------	d-----w-	c:\users\***\AppData\Roaming\Avira
2011-09-28 09:10 . 2011-09-28 09:04	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-09-28 09:10 . 2011-09-28 09:04	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-09-28 09:10 . 2011-09-28 09:10	--------	d-----w-	c:\program files\Avira
2011-09-26 11:20 . 2011-09-26 11:20	--------	d-----w-	c:\users\***\AppData\Roaming\Sigel
2011-09-26 11:19 . 2003-06-25 09:17	374272	----a-w-	c:\windows\system32\Dav3_32.dll
2011-09-26 11:19 . 2003-06-24 11:35	143360	----a-w-	c:\windows\system32\leon3_32.dll
2011-09-26 11:19 . 2011-09-26 11:19	--------	d-----w-	c:\program files\Sigel
2011-09-25 19:46 . 2011-09-21 07:00	7269712	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{75EF4D94-8FB9-47E0-A3C3-3580FAF1A70B}\mpengine.dll
2011-09-25 19:40 . 2011-04-20 15:50	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-09-25 19:40 . 2011-06-17 20:13	905104	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-09-20 10:54 . 2011-09-20 10:54	--------	d-----w-	c:\program files\Tools&More
2011-09-08 11:34 . 2011-09-08 11:34	--------	d-----w-	c:\users\***\AppData\Local\Windows Live
2011-09-08 11:12 . 2011-09-28 08:55	--------	d-----w-	c:\programdata\AVAST Software
2011-09-08 11:12 . 2011-09-08 11:12	--------	d-----w-	c:\program files\AVAST Software
2011-09-08 08:33 . 2011-09-08 08:33	--------	d-----w-	c:\program files\ESET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 22:36 . 2011-06-17 13:51	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{399d96ca-6f9a-4fff-95fe-284e45ebb935}]
2008-08-03 21:01	1606680	----a-w-	c:\program files\RadarSync\tbRada.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{399d96ca-6f9a-4fff-95fe-284e45ebb935}"= "c:\program files\RadarSync\tbRada.dll" [2008-08-03 1606680]
.
[HKEY_CLASSES_ROOT\clsid\{399d96ca-6f9a-4fff-95fe-284e45ebb935}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{399D96CA-6F9A-4FFF-95FE-284E45EBB935}"= "c:\program files\RadarSync\tbRada.dll" [2008-08-03 1606680]
.
[HKEY_CLASSES_ROOT\clsid\{399d96ca-6f9a-4fff-95fe-284e45ebb935}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-01 6025216]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2008-05-23 192512]
"WisKeyState"="c:\program files\Launch Manager\WisKeyState.exe" [2008-03-07 208896]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2008-03-03 258048]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2007-12-25 241664]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-28 281768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\users\***\Desktop\OTL.exe" [2011-10-06 582656]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Comp Admin.***\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VideoCam Suite.lnk - c:\program files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2011-2-12 349600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53	141608	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43	248040	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3033247186-2803842189-3501196454-1005]
"EnableNotificationsRef"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3033247186-2803842189-3501196454-1006]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 133104]
R3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 133104]
R3 libusb0;LibUsb-Win32 - Kernel Driver 24/09/2008, 0.1.12.2;c:\windows\system32\DRIVERS\libusb0.sys [2009-11-23 28672]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
R3 ViPImgSVC;VideoMate Action Service;c:\windows\system32\Drivers\vpMini.sys [2004-12-07 109824]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-05-11 263888]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2011-03-10 233976]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-09-28 340136]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-28 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-09-28 428200]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2008-01-15 118784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 17:42]
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 17:42]
.
2011-10-06 c:\windows\Tasks\User_Feed_Synchronization-{5A1D0584-02FE-4FA6-8FFA-A6D20E0883B7}.job
- c:\windows\system32\msfeedssync.exe [2011-09-25 09:26]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\Comp Admin.***\AppData\Roaming\Mozilla\Firefox\Profiles\ypwcvow9.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-GOMSED 2.0 - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-10-06 18:27
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3856)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2011-10-06  18:31:34
ComboFix-quarantined-files.txt  2011-10-06 16:31
.
Pre-Run: 117.516.382.208 bytes free
Post-Run: 121.141.755.904 bytes free
.
- - End Of File - - FFE1FBCFB1CFCDD53BA3C4509DDF431F
         
--- --- ---

Alt 06.10.2011, 17:56   #8
markusg
/// Malware-holic
 
Data Restore Virus kann nicht entfernt werden - Standard

Data Restore Virus kann nicht entfernt werden



das passiert selten mal.
wenn du sagst, auf deinem destkop ist data restore, meinst du damit ne verknüpfung, also nen icon?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.10.2011, 17:59   #9
Rozel
 
Data Restore Virus kann nicht entfernt werden - Standard

Data Restore Virus kann nicht entfernt werden



Ja ich meine Icon

Alt 06.10.2011, 18:27   #10
markusg
/// Malware-holic
 
Data Restore Virus kann nicht entfernt werden - Standard

Data Restore Virus kann nicht entfernt werden



lösch es mal über rechtsklick, in papierkorb verschieben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.10.2011, 18:32   #11
Rozel
 
Data Restore Virus kann nicht entfernt werden - Standard

Data Restore Virus kann nicht entfernt werden



Habe ich gemacht :-) Was soll ich als naechstes tun (damit alles wieder normal funktioniert)? Und meinst du, dass das Virus jetzt entfernt wurde?

Alt 06.10.2011, 18:33   #12
markusg
/// Malware-holic
 
Data Restore Virus kann nicht entfernt werden - Standard

Data Restore Virus kann nicht entfernt werden



gibts noch probleme? wenn ja welche?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.10.2011, 18:41   #13
Rozel
 
Data Restore Virus kann nicht entfernt werden - Standard

Data Restore Virus kann nicht entfernt werden



Ich kann keine txt-Dateien, keine Word-Datein, keine exe-Dateien oeffnen. Auch keinen von den beiden Browsern. :-(

Alt 06.10.2011, 18:48   #14
markusg
/// Malware-holic
 
Data Restore Virus kann nicht entfernt werden - Standard

Data Restore Virus kann nicht entfernt werden



was passiert dann?
du hast doch combofix genutzt, evtl. musst du neustarten dann gehts wieder.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.10.2011, 19:02   #15
Rozel
 
Data Restore Virus kann nicht entfernt werden - Standard

Data Restore Virus kann nicht entfernt werden



Hi Markus,

jetzt nach dem Neustart funktioniert alles wieder! :-) Danke sehr für deine Geduld! Was meinst du, ist jetzt wieder alles in Ordnung? Und kann ich jetzt alle benutzten Programme wieder deinstallieren? Hättest du vielleich noch Tip für mich was ich tun soll, damit ich mir Viren nicht so leicht einfange? Tausend Dank!!!!

Antwort

Themen zu Data Restore Virus kann nicht entfernt werden
anleitung, avira, brauch, data, data restore, desktop, entfernt, folgende, hallo zusammen, malwarebytes, meldungen, neustart, programm, restore, sachen, schei, stoppen, total, virus, virus gefunden, zusammen



Ähnliche Themen: Data Restore Virus kann nicht entfernt werden


  1. "not-a-virus:AdWare.Win64.Agent.y" - kann aber nicht entfernt werden
    Log-Analyse und Auswertung - 21.10.2015 (24)
  2. Win8.1, G-Data findet Trojaner GenericKD.2194715 - kann nicht gelöscht werden
    Plagegeister aller Art und deren Bekämpfung - 18.03.2015 (10)
  3. db22.exe kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (9)
  4. W 8.1,Trojaner kann von mir nicht entfernt werden.Virus: Trojan.GenericKD.1673711 (Engine A),Virus: Win32.Trojan.Pirpi.A (Engine B)
    Plagegeister aller Art und deren Bekämpfung - 21.08.2014 (3)
  5. Win 7: TrojanDownloader:Win32/Adload.DA-Virus kann mit MS-Tool nicht entfernt werden
    Log-Analyse und Auswertung - 06.01.2014 (13)
  6. stolen.data virus system 32 xmldm kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (23)
  7. BKA Trojaner kann NICHT entfernt werden?
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (8)
  8. "Data Restore" entfernt - Rechner komplett sauber?
    Log-Analyse und Auswertung - 09.04.2012 (20)
  9. G Data Virenfund "printuie.dll" nach Redirect Virus -kann nicht gelöscht werden
    Plagegeister aller Art und deren Bekämpfung - 29.01.2012 (4)
  10. Gefakte Data Restore Warnung eineholt /Trojaner nicht vollständig entfernt
    Plagegeister aller Art und deren Bekämpfung - 18.10.2011 (3)
  11. Data Restore - PC fährt nicht hoch
    Plagegeister aller Art und deren Bekämpfung - 17.10.2011 (12)
  12. Bifrost Virus - Wie kann er vollständig entfernt werden?
    Plagegeister aller Art und deren Bekämpfung - 18.10.2009 (5)
  13. Trojaner kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 26.02.2009 (2)
  14. TR/Vundo.Gen kann nicht entfernt werden!
    Plagegeister aller Art und deren Bekämpfung - 06.02.2009 (0)
  15. Hacktool, kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 01.08.2008 (13)
  16. PC reagiert nicht mehr! Virus kann nicht entfernt werden! -WICHTIG-
    Plagegeister aller Art und deren Bekämpfung - 12.02.2007 (9)
  17. istsvc.exe kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 19.05.2005 (10)

Zum Thema Data Restore Virus kann nicht entfernt werden - Hallo Zusammen! mich hat leider auch Data Restore Virus erwischt! Ich habe nach dieser Anleitung http://www.trojaner-board.de/103776-...entfernen.html gehandelt. Also habe ich folgende Sachen durch: 1) Rkill: es scheint, dass Data Restore - Data Restore Virus kann nicht entfernt werden...
Archiv
Du betrachtest: Data Restore Virus kann nicht entfernt werden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.