Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner / Virus - alles unsichtbar / System32....

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.12.2011, 21:02   #1
CDD
 
Trojaner / Virus - alles unsichtbar / System32.... - Standard

Trojaner / Virus - alles unsichtbar / System32....



Hallo zusammen,
leider schein ich mir auch einen Trojaner / Virus eingefangen zuhaben. Ich hab mal ein bissl hier gesucht und mir ein paar Sachen schon zusammen gesucht.
Hier der Log aus Malwarebytes (alles entfernt) - OTL folgt gleich noch:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122704

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19170

27.12.2011 20:50:17
mbam-log-2011-12-27 (20-50-17).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 193248
Laufzeit: 5 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\bfprwugkavye.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\programdata\igymfmcgiwi4b3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\christina\AppData\Local\Temp\jx5rrmeu1mzrmr.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\christina\AppData\Local\Temp\ptuca33_tmp.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Users\christina\downloads\setupcasino_a8d506.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Users\christina\AppData\Local\Temp\kna0.502980295355559.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.

Alt 27.12.2011, 21:19   #2
CDD
 
Trojaner / Virus - alles unsichtbar / System32.... - Standard

Trojaner / Virus - alles unsichtbar / System32....



so hier die Files von OTL:

OTL:
Code:
ATTFilter
OTL logfile created on: 27.12.2011 21:09:55 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Christina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 82,84% Memory free
6,13 Gb Paging File | 5,82 Gb Available in Paging File | 94,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 3,17 Gb Free Space | 2,23% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 1,01 Gb Free Space | 0,70% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: Chrissi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_b427739.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (yksvc) -- C:\Windows\System32\ykx32mpcoinst.dll (Marvell)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (accvssvc) -- C:\Programme\Common Files\AccSys\accvssvc.exe (AccSys GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (StMp3Rec) -- C:\Windows\System32\drivers\StMp3Rec.sys (Generic)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.o2online.de/goto/isphome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mytalkpal.com/ffplugin: C:\Program Files\Talkpal\Speech Plugin For EF\npTalkpalPlugin.dll (Shanghai Qitai Tech. Co., Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.09.15 20:32:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.01 11:05:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.21 18:48:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.12.26 16:01:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrissi\AppData\Roaming\mozilla\Extensions
[2011.12.26 16:01:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrissi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.01.01 21:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrissi\AppData\Roaming\mozilla\Firefox\Profiles\bitgvtw5.default\extensions
[2010.01.01 21:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrissi\AppData\Roaming\mozilla\Firefox\Profiles\bitgvtw5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.01 21:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrissi\AppData\Roaming\mozilla\Firefox\Profiles\bitgvtw5.default\extensions\staged-xpis
[2011.10.01 11:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.01 11:05:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009.09.17 21:38:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.08.24 20:25:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 20:25:19 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009.08.24 20:25:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.08.24 20:25:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.08.24 20:25:19 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mspd] C:\Windows\System32\mspd.exe ()
O4 - HKLM..\Run: [PhilipsDM] C:\Program Files\Philips\Philips Device Manager\Bin\LaunchDM.exe (Koninklijke Philips Electronics N.V.)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DSLCoMan] C:\Program Files\DSL Connection Manager\DSLCoMan.exe (AccSys GmbH)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA461604-7E20-4A02-9B2F-2543D0962C35}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1a285ffc-56f4-11de-bfbf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1a285ffc-56f4-11de-bfbf-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{1a285ffc-56f4-11de-bfbf-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{1a285ffc-56f4-11de-bfbf-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.27 20:42:31 | 000,000,000 | ---D | C] -- C:\Users\Chrissi\AppData\Roaming\Malwarebytes
[2011.12.27 20:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.27 20:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.27 20:42:16 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.27 20:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.26 15:55:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch
[2011.12.21 22:36:57 | 000,000,000 | -H-D | C] -- C:\HP und die Heiligtümer der Todes 1+2
[2011.12.21 22:34:11 | 000,000,000 | -H-D | C] -- C:\Der letzte Tempelritter
[2011.12.14 23:39:27 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwhnt.sys
[2011.12.14 23:39:27 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwh.sys
[2011.12.14 23:39:26 | 000,136,808 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdm.sys
[2011.12.14 23:39:25 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadbus.sys
[2011.12.14 23:39:25 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdfl.sys
[2011.12.14 23:39:25 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcmnt.sys
[2011.12.14 23:39:25 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcm.sys
[2011.12.14 22:54:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32
[2011.12.14 22:49:13 | 000,000,000 | ---D | C] -- C:\Users\Chrissi\AppData\Local\Samsung
[2011.12.14 22:48:12 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2011.12.14 22:47:54 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2011.12.14 22:47:54 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DIFxAPI.dll
[2011.12.14 22:47:54 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2011.12.14 22:45:00 | 000,000,000 | ---D | C] -- C:\Users\Chrissi\AppData\Local\Downloaded Installations
[2011.12.14 22:39:22 | 000,000,000 | ---D | C] -- C:\Users\Chrissi\Documents\Samsung
[2011.12.14 22:32:30 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.14 22:32:29 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 22:32:28 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 22:32:27 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 22:32:23 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 22:32:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.14 22:32:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.14 22:32:12 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.14 22:32:09 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.14 22:32:09 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.12.14 22:32:09 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.14 22:32:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.14 22:32:08 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.12.14 22:32:08 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.12.14 22:32:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.12.14 22:32:08 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.12.14 22:32:08 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.14 22:32:08 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.12.14 22:32:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.12.14 22:32:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.12.14 22:32:08 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.12.14 22:32:08 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.12.14 22:32:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.12.14 22:32:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.12.14 21:22:58 | 000,217,088 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2011.12.14 21:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2011.12.14 21:18:50 | 000,000,000 | ---D | C] -- C:\Users\Chrissi\AppData\Roaming\Samsung
[2011.12.14 21:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2011.12.14 21:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Samsung
[2011.12.02 19:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2011.12.02 19:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2010.01.13 22:04:53 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chrissi\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.27 21:06:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.27 20:42:19 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.26 16:04:13 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 16:04:12 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 16:04:12 | 000,001,940 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.26 15:51:54 | 000,000,320 | -H-- | M] () -- C:\ProgramData\~igYMfmcGIwi4b3
[2011.12.26 15:51:54 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~igYMfmcGIwi4b3r
[2011.12.26 15:33:16 | 000,000,336 | -H-- | M] () -- C:\ProgramData\igYMfmcGIwi4b3
[2011.12.26 15:03:44 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{40DE1D83-A5EF-45FE-9755-2F63FE0CB9B1}.job
[2011.12.22 07:37:49 | 000,732,360 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.22 07:37:49 | 000,681,916 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.22 07:37:49 | 000,170,568 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.22 07:37:49 | 000,138,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.15 07:54:15 | 000,367,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.14 22:48:49 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.12.14 21:16:34 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2011.12.09 19:37:09 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.02 19:45:18 | 000,000,792 | ---- | M] () -- C:\Users\Chrissi\Desktop\DVD Shrink 3.2.lnk
 
========== Files Created - No Company Name ==========
 
[2011.12.27 20:42:19 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.26 15:33:41 | 000,000,320 | -H-- | C] () -- C:\ProgramData\~igYMfmcGIwi4b3
[2011.12.26 15:33:41 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~igYMfmcGIwi4b3r
[2011.12.26 15:33:16 | 000,000,336 | -H-- | C] () -- C:\ProgramData\igYMfmcGIwi4b3
[2011.12.14 22:48:49 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.12.14 21:22:58 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.12.14 21:22:58 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.12.14 21:16:34 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2011.12.02 19:45:18 | 000,000,792 | ---- | C] () -- C:\Users\Chrissi\Desktop\DVD Shrink 3.2.lnk
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.12 16:58:16 | 000,055,351 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.09.23 13:23:44 | 000,001,080 | ---- | C] () -- C:\Windows\System32\NORInfo.ini
[2010.09.23 13:23:44 | 000,000,084 | ---- | C] () -- C:\Windows\System32\USBInfo.ini
[2010.05.30 21:54:03 | 000,158,638 | ---- | C] () -- C:\Windows\hpoins15.dat
[2010.05.30 21:54:03 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat
[2010.04.27 20:25:01 | 000,005,632 | ---- | C] () -- C:\Users\Chrissi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.14 20:23:20 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.01.13 22:04:53 | 000,087,608 | ---- | C] () -- C:\Users\Chrissi\AppData\Roaming\inst.exe
[2010.01.13 22:04:53 | 000,007,887 | ---- | C] () -- C:\Users\Chrissi\AppData\Roaming\pcouffin.cat
[2010.01.13 22:04:53 | 000,001,144 | ---- | C] () -- C:\Users\Chrissi\AppData\Roaming\pcouffin.inf
[2010.01.01 21:46:53 | 000,000,095 | ---- | C] () -- C:\Users\Chrissi\AppData\Local\fusioncache.dat
[2009.10.09 19:54:00 | 000,389,632 | -H-- | C] () -- C:\Windows\System32\mspd.exe
[2009.09.30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nsldap32v60.dll
[2009.09.25 17:10:35 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2009.09.20 17:18:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.20 17:18:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.16 17:19:55 | 001,868,944 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2009.09.16 17:02:58 | 000,069,760 | ---- | C] () -- C:\Users\Chrissi\AppData\Roaming\mdbu.bin
[2009.09.15 20:32:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.09.15 20:14:55 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.06.12 18:42:24 | 000,001,940 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.06.12 04:08:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.06.12 04:05:00 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2009.06.12 03:28:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.06.12 02:58:24 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.06.12 02:58:24 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.06.12 02:53:10 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe
[2009.06.12 02:51:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2009.06.12 02:51:49 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2009.06.12 02:51:34 | 000,003,990 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009.06.11 12:15:20 | 000,732,360 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.06.11 12:15:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.06.11 12:15:20 | 000,170,568 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.06.11 12:15:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.06.11 12:07:03 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.06.11 12:06:50 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.04.23 14:04:54 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.02.18 12:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.03 15:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.10.30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\System32\nsldapssl32v60.dll
[2008.10.30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\System32\nsldappr32v60.dll
[2008.09.11 15:45:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\BtwNamespaceExt2.dll
[2008.02.09 17:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2007.04.16 02:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2007.02.26 08:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\imagine digital freedom.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,367,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,681,916 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,138,294 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2011.10.24 21:50:22 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\DVDVideoSoft
[2011.01.12 11:46:05 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\ICQ
[2010.09.22 19:11:33 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Philips Device Manager
[2009.10.09 21:40:16 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\ProtectDisc
[2011.12.14 22:46:00 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Samsung
[2011.12.26 16:01:52 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Thunderbird
[2011.09.08 18:08:42 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Vso
[2011.12.26 16:04:13 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.26 15:03:44 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{40DE1D83-A5EF-45FE-9755-2F63FE0CB9B1}.job
 
========== Purity Check ==========
 
 

< End of report >
[/B]
         
Und hier der OTL - Extras Log:
Code:
ATTFilter
OTL Extras logfile created on: 27.12.2011 21:09:55 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Christina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 82,84% Memory free
6,13 Gb Paging File | 5,82 Gb Available in Paging File | 94,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 3,17 Gb Free Space | 2,23% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 1,01 Gb Free Space | 0,70% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: Chrissi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2BE5DDE6-3222-4B3E-A4DA-190A2B2F5F37}" = rport=137 | protocol=17 | dir=out | app=system | 
"{38D7F6D3-2F0C-4506-AE75-BD6896EEC83E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{50204B2F-829B-4B87-85D4-F6B929E93A5A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{563F8A80-33DF-4780-80D3-4B3480EFC789}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5CE5C468-9641-44D5-804A-040A4B76BD9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{626EEAB6-CD02-4048-8DD1-E6ED902B0E73}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6E79A02B-EC88-417B-966D-EC0933A3CC93}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{81780412-7DC7-4E6A-9EE1-21BA93666696}" = lport=445 | protocol=6 | dir=in | app=system | 
"{97DEF3C7-7D38-475A-8120-AD15D9090E00}" = lport=138 | protocol=17 | dir=in | app=system | 
"{ACBDDD68-2BDD-4188-BADF-A346EEC7F01C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{E844359D-952C-4E27-8EB3-1896CE835E37}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08D4BFA5-352C-4DD6-AC1F-035A35101279}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{10CC88AB-E478-4025-A4E8-982212F18133}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{168006B7-EAB3-4E02-9244-50CC88912498}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{1F0A838E-B539-4D63-AB77-C0F01E508CDE}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{2D2F5C29-9B82-4540-834C-59FD9E2CAB28}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{46CFAE52-71F8-401A-AE15-024145FD01D0}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{5DBF7A14-C9A5-4660-95AA-4BCB8105EF65}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | 
"{65BDDA06-C361-4C73-8A2C-9E3CD8F821AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7154374E-4021-40E4-BD4C-FDD63BAE8888}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{762CD30F-C142-4DDA-B1F8-DC9DE5FE6125}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{8071697D-4D42-4465-BE64-9603B011952A}" = protocol=6 | dir=in | app=c:\users\christina\appdata\local\akamai\netsession_win.exe | 
"{9018F952-71B5-44FB-9380-847382A84550}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{AFA4B85E-D2D0-4BF9-931B-5471B3549824}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B87A60B6-B488-4C69-A543-6D46219C35D9}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{B8C49885-5C0C-4AE6-9F5B-FB88078BEA24}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BFFCD393-DAF0-4589-90D8-E1AD3A39D51B}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{C27C0178-6FDA-4981-88D4-1DAA3DA406BD}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{C8F6B0F7-0066-4515-9778-29563F34290F}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | 
"{CA96D21F-7E1B-4A8A-9EEB-C5D8D71DE6E1}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{DEE3AD84-FB4D-4F70-AF1C-736535ED42CE}" = protocol=17 | dir=in | app=c:\users\christina\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{C1718CF1-BB8A-45BD-AAE1-703518AF305D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{DEE8139B-1D5B-4B9C-99F7-3E14BFF85119}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.5200
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0819B21B-E958-438C-B06C-5A54C98833E9}" = DSL Connection Manager
"{0B3B35C8-5429-4A90-A447-D1B9ED499FE8}" = STEUEReasy 2011
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13D4E8DC-133D-01D1-5B39-1CA0A04A1BAC}" = CCC Help Swedish
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1B74B7FE-F48C-C53A-3DF0-DD645D7C7A98}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2B746817-AE32-1B48-FEBF-8C58EA7CC90D}" = Catalyst Control Center Graphics Light
"{2EABCBCF-BA96-B14E-E599-E5C3B09F199C}" = CCC Help Chinese Standard
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}" = Philips Device Manager
"{39C8DC90-E6D7-102D-45CC-168375A1E1B4}" = Skins
"{3AB5DD1D-CCE2-B414-DF30-EA8B06765DDA}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{47788A72-C22E-93C9-C39F-CD4611F6908B}" = CCC Help Portuguese
"{478AC85C-4005-A432-B226-A5F162CC44CA}" = CCC Help Dutch
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52F791A0-65BC-F6FE-51F4-F4D842046470}" = CCC Help Polish
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5B869C20-69B9-23A1-E26D-F7FE65DC8A5F}" = CCC Help Norwegian
"{5DB307AA-342B-6559-0ABC-66CFF8A0718D}" = ATI Catalyst Install Manager
"{5F6CFC97-FDC7-7508-3F69-9D0A124F90F9}" = CCC Help Korean
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{65f8d71c-5a33-42fd-b68e-592166f64a33}" = Nero 9 Trial
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting
"{6909B21A-53E1-8E2C-48A5-EF51150511A2}" = CCC Help German
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1F72DD-2465-43A2-A137-8A849399B7A8}" = REALTEK Wireless LAN Software
"{6BD427C0-7280-5FEA-DC20-49A1F6B79E99}" = CCC Help Hungarian
"{6BD56B1C-71E3-411E-8B45-8A73EE81C42F}" = DSL Connection Manager
"{6ED6001C-E210-F43C-6B3D-4868D9623958}" = CCC Help Russian
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}" = Media Converter for Philips
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE01AB5-FA68-A244-5C21-FD7E6108A3E9}" = Catalyst Control Center Core Implementation
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93D7CF9C-D5ED-94BE-A8DF-2F1B137E76F6}" = CCC Help Spanish
"{9582ED80-CB4D-4350-BBB9-34CDBA20EED0}" = Steuer-Taxi 2010
"{95906FF5-1334-EE12-3A20-1436232CDBD8}" = Catalyst Control Center Graphics Previews Vista
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9EBAA305-5440-458D-CC44-5C1F63BAD0D3}" = CCC Help Italian
"{9FD62A56-525D-AF10-E1A6-DED280796F87}" = Catalyst Control Center InstallProxy
"{A12D7348-8355-897B-27D2-5E7B77E2159F}" = CCC Help Thai
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AB1E3BDA-49AF-8BA1-5B07-F62DE4406186}" = Catalyst Control Center Graphics Full Existing
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B35E35FE-6765-E26C-CE2D-051980D7884F}" = CCC Help Japanese
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD66A5BE-2005-C284-27CB-5E14E55CE33D}" = CCC Help Czech
"{BDC9AC5A-7AD9-44E3-9B7D-2B14B1E5C418}" = StarMoney 8.0 
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C1180B72-5B5A-0369-9818-7DAE5B66F569}" = CCC Help Danish
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C9563A70-8FB7-56D2-7EF2-FE118FB0498D}" = CCC Help Finnish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEAAF141-289E-4E28-85CF-4C07C9FAA3D8}" = SteuerSoftware2009
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2777D85-7E63-402F-A5E7-2AF436C1C9D4}" = Intel(R) PROSet/Wireless WiFi-Software
"{D5678F71-569F-CC39-4021-C7BA85FDBB59}" = Catalyst Control Center Graphics Full New
"{d5d239df-520d-4aa6-8faf-2ccb8edb0087}" = Nero 9
"{D7F4DAAB-601C-3666-F6EC-146286677E51}" = CCC Help English
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E358634B-F124-46FD-8618-C00D0E92B0D3}" = BMWi-Softwarepaket 9.3
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EDABA012-4D89-1F0B-D1AF-64AEBAE7E555}" = ccc-utility
"{EEC5221E-3227-50CF-9F68-20099F922232}" = CCC Help Chinese Traditional
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F12E1200-A966-531D-1728-89B01265455F}" = CCC Help Greek
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F7A5C2BD-DCBC-E537-24A3-FC3175278AE4}" = Catalyst Control Center Localization All
"{FA91548A-169B-2589-951F-E6BCEEC01B50}" = ccc-core-static
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FEC19789-7756-17C3-765B-C532E09322D7}" = Catalyst Control Center InstallProxy
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"dm Digi Foto" = dm Digi Foto
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVD Shrink_is1" = DVD Shrink 3.2
"EF Englishtown Advanced Speech Recognition_is1" = EF Englishtown Advanced Speech Recognition Version 4.3.0.0
"FKC22153088_is1" = fotokasten comfort
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.22.804
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.3.908
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hospital" = Theme Hospital
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"Jumpin’ Jack" = Jumpin’ Jack
"Magic DVD Copier_is1" = Magic DVD Copier Version 5.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mediscript-CD GK1" = Mediscript-CD GK1
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"MPEG2 Video Encoder_is1" = DATA BECKER MPEG2 Video Encoder
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Video-Stream-Recorder_is1" = DATA BECKER Video-Stream-Recorder
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.06.2011 13:13:54 | Computer Name = Home | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.06.2011 01:08:14 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.06.2011 01:08:14 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.06.2011 01:09:26 | Computer Name = Home | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.06.2011 13:19:46 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.06.2011 13:19:46 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.06.2011 13:21:04 | Computer Name = Home | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.06.2011 02:20:56 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.06.2011 02:20:56 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.06.2011 02:22:10 | Computer Name = Home | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 20.12.2010 10:36:31 | Computer Name = Home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 522 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 27.12.2011 15:30:56 | Computer Name = Home | Source = DCOM | ID = 10005
Description = 
 
Error - 27.12.2011 15:31:03 | Computer Name = Home | Source = DCOM | ID = 10005
Description = 
 
Error - 27.12.2011 15:31:43 | Computer Name = Home | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 27.12.2011 15:31:43 | Computer Name = Home | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.12.2011 15:50:29 | Computer Name = Home | Source = DCOM | ID = 10005
Description = 
 
Error - 27.12.2011 16:06:55 | Computer Name = Home | Source = DCOM | ID = 10005
Description = 
 
Error - 27.12.2011 16:07:02 | Computer Name = Home | Source = DCOM | ID = 10005
Description = 
 
Error - 27.12.2011 16:07:10 | Computer Name = Home | Source = DCOM | ID = 10005
Description = 
 
Error - 27.12.2011 16:07:42 | Computer Name = Home | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 27.12.2011 16:07:42 | Computer Name = Home | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         

Wäre über Hilfe sehr dankbar.... DANKE!
__________________


Alt 10.01.2012, 10:39   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner / Virus - alles unsichtbar / System32.... - Standard

Trojaner / Virus - alles unsichtbar / System32....



Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
Bitte Malwarebytes auf Version 1.6.x hochziehen. Anschließend die Datenbank aktualisieren.
Wiederhole dann den Vollscan.
__________________
__________________

Alt 10.01.2012, 20:41   #4
CDD
 
Trojaner / Virus - alles unsichtbar / System32.... - Standard

Trojaner / Virus - alles unsichtbar / System32....



Hier nochmal mit der neuen Version die Logdatei. Nun auch nochmal OTL durchführen?

Zitat:
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Christina :: HOME [limited]

Protection: Disabled

10.01.2012 20:33:23
mbam-log-2012-01-10 (20-33-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 160384
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Alt 10.01.2012, 21:32   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner / Virus - alles unsichtbar / System32.... - Standard

Trojaner / Virus - alles unsichtbar / System32....



Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

Zitat:
Christina :: HOME [limited]
Und Malwarebytes ohne Adminrechte ist ziemlich sinnfrei! Wie brauchen für jedes Tool Adminrechte!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.01.2012, 22:26   #6
CDD
 
Trojaner / Virus - alles unsichtbar / System32.... - Standard

Trojaner / Virus - alles unsichtbar / System32....



So ich hoffe jetzt passt alles.... Seltsamerweise findet Malwarebytes keine infizierten Dateien, Aviara zeigt mir aber immer Malware an während Malwarebtes läuft, aber bei jedem Lauf andere....

Zitat:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.11.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Chrissi :: HOME [Administrator]

Schutz: Aktiviert

11.01.2012 19:07:10
mbam-log-2012-01-11 (19-07-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 373844
Laufzeit: 2 Stunde(n), 20 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 12.01.2012, 16:53   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner / Virus - alles unsichtbar / System32.... - Standard

Trojaner / Virus - alles unsichtbar / System32....



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Trojaner / Virus - alles unsichtbar / System32....
anti-malware, appdata, dateien, eingefangen, entfernt, explorer, gen, gesucht, hallo zusammen, log, malwarebytes, minute, sache, sachen, service, service pack 2, sichtbar, system, temp, trojan.fakealert, trojaner, unsichtbar, version, virus, zusammen




Ähnliche Themen: Trojaner / Virus - alles unsichtbar / System32....


  1. Recycle.Bin virus auf externer Festplatte, Daten unsichtbar
    Log-Analyse und Auswertung - 30.09.2013 (6)
  2. Virus löscht alles nach neustart alles normal?
    Log-Analyse und Auswertung - 25.03.2013 (1)
  3. Dateien versteckt/unsichtbar wegen Virus?
    Plagegeister aller Art und deren Bekämpfung - 11.12.2012 (27)
  4. Daten auf Externer Festplatte durch Virus unsichtbar
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (6)
  5. Virus TR/Crypt.XPACK.Gen-alle Dateien unsichtbar
    Log-Analyse und Auswertung - 27.03.2012 (11)
  6. Microsoft Recovery Virus - Virus entfernt, aber Daten bleiben "unsichtbar"
    Log-Analyse und Auswertung - 28.04.2011 (5)
  7. Virus WIN32.Rbot.fm + Trojaner in C:Windows/System32.....dll
    Plagegeister aller Art und deren Bekämpfung - 05.04.2011 (7)
  8. Virus WIN32.Rbot.fm + Trojaner in C:Windows/System32.....dll
    Mülltonne - 04.04.2011 (1)
  9. Dateien auf Festplatte D nach Virus oder Trojaner unsichtbar
    Plagegeister aller Art und deren Bekämpfung - 26.03.2011 (5)
  10. Durch ein Virus alle daten unsichtbar
    Plagegeister aller Art und deren Bekämpfung - 23.03.2011 (1)
  11. Antivirus 7 - Nicht alles gelöscht - Windows/system32/UpdateExplorer.dll
    Plagegeister aller Art und deren Bekämpfung - 05.04.2010 (1)
  12. Log file, Versteckte Ordner bleiben unsichtbar, IPsender vorhanden (unsichtbar)
    Log-Analyse und Auswertung - 27.11.2009 (1)
  13. Trojaner (Virus) löscht alles wenn Internetverbindung besteht
    Plagegeister aller Art und deren Bekämpfung - 31.08.2009 (19)
  14. Ordner Name Unsichtbar Und Glaube Hab Ein Worm/virus Bitte Hilfe
    Log-Analyse und Auswertung - 21.01.2007 (2)
  15. Trojaner oder Virus in C:\Windows\system32\TFTP2456
    Log-Analyse und Auswertung - 26.12.2005 (1)
  16. Virus/Trojaner lässt alles über Kopf stehen
    Plagegeister aller Art und deren Bekämpfung - 28.12.2004 (1)
  17. Trojaner unsichtbar für Antivirus ???
    Plagegeister aller Art und deren Bekämpfung - 31.08.2004 (8)

Zum Thema Trojaner / Virus - alles unsichtbar / System32.... - Hallo zusammen, leider schein ich mir auch einen Trojaner / Virus eingefangen zuhaben. Ich hab mal ein bissl hier gesucht und mir ein paar Sachen schon zusammen gesucht. Hier der - Trojaner / Virus - alles unsichtbar / System32.......
Archiv
Du betrachtest: Trojaner / Virus - alles unsichtbar / System32.... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.