Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Icq-Bild-Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.06.2010, 20:06   #1
Wombat44
 
Icq-Bild-Virus - Standard

Icq-Bild-Virus



Guten Abend,

als ich mich vorhing in ICQ einloggte, versendete der Rechner automatisch lauter Nachrichten alá "wie findest du dieses Bild?". Habe dann durch meinen Bruder erfahren, dass er solch einen Link angeklickt hat.
Ich habe nun mit CCleaner System gereinigt, Avira Scan gemacht (1 Fund: 'JAVA/Dldr.Agent.D' [virus]. in Quarantäne gesetzt und dann gelöscht), Quick Scan mit MAB, morgen folgt Full-Scan. Keine Infektionen. Und ICQ deinstalliert
-> Versendet immer noch Nachrichten, will mich nicht mehr einloggen, nicht, dass alle Freunde das auch noch anklicken.
->Habe nun mit RSIT gemacht (Anhang wäre zu groß-> Code)
Hoffe es findet sich ein Netter, der sich das mal anschaut und der Virus entfernt wird.

[CODE]info.txtRSIT Logfile:
Code:
ATTFilter
logfile of random's system information tool 1.06 2010-06-08 20:33:19

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\IsUninst.exe -f"C:\Program Files\Total War\Medieval  - Total War (Demo Version)\Uninst.isu"
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2638924D-DC58-4C40-BB1C-48C2B24B7B1B}\Setup.exe" -L0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52739387-B81C-4C55-9593-EB7A1044A657}\Setup.exe" -L0x7
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
3D TippTrainer-->"C:\Program Files\Franzis\3D TippTrainer\unins000.exe"
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArchiCrypt Rescue-Master 2008 Version 1.0.6.1293-->"F:\Rescue Master 2008\unins000.exe"
ArcSoft PhotoStudio Suite v2.0-->C:\Windows\IsUn0407.exe -f"C:\Program Files\ArcSoft\PhotoStudio Suite\Uninst.isu"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Brain Workshop 4.12-->"C:\Program Files\Brain Workshop\unins000.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
DVDVideoSoft Toolbar-->C:\PROGRA~1\DVDVID~1\UNWISE.EXE   /U C:\PROGRA~1\DVDVID~1\INSTALL.LOG  
Eisenbahn.exe Professional 2.43 Premium-->C:\PROGRA~1\Trend\EEP243\Unwise.exe /U C:\PROGRA~1\Trend\EEP243\install.log
Favorit-->c:\users\mühlhauser\appdata\local\ykuykyw.bat
FileZilla Client 3.3.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Finale Allegro 2007 Demo-->C:\Program Files\Finale Allegro 2007 Demo\uninstallAllegro.exe
Forte Free 2.0-->C:\Program Files\Lugert Verlag\Forte Free\Unwise32.EXE C:\PROGRA~1\LUGERT~1\FORTEF~1\Install.LOG
Free Studio version 4.3-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
Free Video to Flash Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free Video to Flash Converter\unins000.exe"
Free Video to Mp3 Converter version 2.9-->"C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
Free YouTube Download 2.2-->"C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
Free YouTube to Mp3 Converter version 2.5-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
FujiFilm iX-1 Camera Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64F38F19-7E12-4364-B00D-508EE72BE34D}\setup.exe" 
FujiFilm iX-1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59A97880-A591-447B-879A-F27D75DD79A5}\Setup.exe" 
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GNU Solfege 3.16.0-->"C:\Program Files\GNU Solfege\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GraphCalc v4.0.1-->"C:\Program Files\GraphCalc\unins000.exe"
Haufe iDesk-Browser-->MsiExec.exe /X{F48AAE0F-52F4-11DD-B1F7-0050560400B1}
Haufe iDesk-Service-->MsiExec.exe /X{D5C8E140-6E6F-11DD-9AA9-0050560400B1}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{74DC0593-6BC6-4001-AD5F-D810AFB68D86}
Indeo® software-->C:\Windows\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
Internet Explorer Developer Toolbar-->MsiExec.exe /I{E7081891-BC7F-43F9-9CE6-B5DD2F497156}
IObitCom Toolbar-->C:\PROGRA~1\IObitCom\UNWISE.EXE   /U C:\PROGRA~1\IObitCom\INSTALL.LOG  
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lexware buchhalter 2008-->C:\Program Files\InstallShield Installation Information\{E98371BD-6C0D-463E-B004-E6303F9A34A7}\setup.exe -runfromtemp -l0x0007 -removeonly
Lexware buchhalter Servicepack 2008, Version 13.50-->C:\Program Files\InstallShield Installation Information\{FF1B3317-EADD-4AC3-BE54-37265FC9A133}\setup.exe -runfromtemp -l0x0007 -removeonly
Lexware Info Service-->MsiExec.exe /X{59624372-3B85-47f4-9B04-4911E551DF1E}
Lexware reisekosten 2008-->C:\Program Files\InstallShield Installation Information\{8CE37484-B5C2-497E-8501-D339F1D828CC}\Setup.exe -runfromtemp -l0x0007 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MEDIONbox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27FDF949-69CE-435A-8372-339F72336AC5}\setup.exe" -l0x7  -removeonly
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Encarta 99 Enzyklopädie-->RunDll32 C:\PROGRA~1\MICROS~4\ENCART~1\UNENC99.DLL,Uninstall  C:\PROGRA~1\MICROS~4\ENCART~1\SETUP99D\INST99D.LOG
Microsoft Mathe 3.0-->MsiExec.exe /I{07103848-8EBE-4287-85D8-8EC76D88B906}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Essentials-->MsiExec.exe /I{37BA50EE-C851-4394-93DD-A0A611891031}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Optical Mousemate V1.0-->C:\PROGRA~1\OPTICA~1\UNINSTAL.EXE
Picasa 3-->"C:\Program Files\Picasa2\Uninstall.exe"
QuickSteuer Deluxe 2008-->C:\Program Files\InstallShield Installation Information\{A9358EEE-34F1-4553-9382-7914D6A4B42C}\Setup.exe -runfromtemp -l0x0007 -removeonly
QuickSteuer Deluxe 2009-->C:\Program Files\InstallShield Installation Information\{89863727-B08E-401F-995B-14398B28DE3D}\Setup.exe -runfromtemp -l0x0007 -removeonly
QuickSteuer Deluxe 2010-->MsiExec.exe /X{DEE03A90-C723-4E3D-A661-86651D6F0668}
QuickSteuer DELUXE Wissens-Center 2008-->MsiExec.exe /X{07B64A55-B552-4F34-A904-DBFD810B752B}
QuickSteuer DELUXE Wissens-Center 2009-->MsiExec.exe /X{353EA50E-26A0-4ADD-A12A-3FE2E59E5BB3}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rome - Total War - Gold Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}\setup.exe" -l0x7  -removeonly
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0007 -removeonly
Schnell Schreiben 3.4.4-->"C:\Program Files\AB-Tools.com\Schnell Schreiben\unins000.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SopCast 3.2.4-->C:\Program Files\SopCast\uninst.exe
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
StarOffice 8 Product Update 11-->MsiExec.exe /X{3D15064D-4371-4FCC-B9E6-F79D6CBFDDD4}
StarOffice 8-->MsiExec.exe /I{87E01B1B-92A0-416F-9F8E-9BE921A05F9F}
Stronghold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}\Setup.exe" 
System Explorer 1.5-->"C:\Program Files\System Explorer\unins000.exe"
T-Online 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}\Setup.exe" CPAS
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.5.0.1-->C:\Program Files\TVUPlayer\uninst.exe
UEFA 2008 (en) Screen Saver-->C:\Windows\system32\UEFA 2008 (en).scr /u
Uniblue ProcessScanner-->"C:\Program Files\Uniblue\ProcessScanner\unins000.exe"
Uninstall 1.0.0.0-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Video Creator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BF20AC5-767D-4FCA-B7DF-6EEDA2937BED}\setup.exe" 
Windows Live ID-Anmelde-Assistent-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Worms 3D-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7C25968-B418-4529-A389-E5DFCE792917}\setup.exe" -l0x7 

======Security center information======

AS: Windows-Defender (disabled)

======System event log======

Computer Name: XXX-PC
Event Code: 4374
Message: Windows-Wartung hat erkannt, dass das Paket KB979306(Update) nicht für dieses System geeignet ist.
Record Number: 482680
Source Name: Microsoft-Windows-Servicing
Time Written: 20100224123140.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

Computer Name: XXX-PC
Event Code: 4374
Message: Windows-Wartung hat erkannt, dass das Paket KB979306(Update) nicht für dieses System geeignet ist.
Record Number: 482679
Source Name: Microsoft-Windows-Servicing
Time Written: 20100224123140.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

Computer Name: XXX-PC
Event Code: 4374
Message: Windows-Wartung hat erkannt, dass das Paket KB979306(Update) nicht für dieses System geeignet ist.
Record Number: 482678
Source Name: Microsoft-Windows-Servicing
Time Written: 20100224123140.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

Computer Name: XXX-PC
Event Code: 4374
Message: Windows-Wartung hat erkannt, dass das Paket KB979306(Update) nicht für dieses System geeignet ist.
Record Number: 482677
Source Name: Microsoft-Windows-Servicing
Time Written: 20100224123140.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

Computer Name: XXX-PC
Event Code: 4371
Message: Windows-Wartung hat begonnen, den Status des Pakets KB979306(Update) von Nicht vorhanden(Absent) in Bereitgestellt(Staged) zu ändern.
Record Number: 482676
Source Name: Microsoft-Windows-Servicing
Time Written: 20100224123139.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: XXX-PC
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".
Record Number: 87739
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090719171604.000000-000
Event Type: Informationen
User: 

Computer Name: XXX-PC
Event Code: 0
Message: 
Record Number: 87738
Source Name: gusvc
Time Written: 20090719171536.000000-000
Event Type: Informationen
User: 

Computer Name: XXX-PC
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 87737
Source Name: SecurityCenter
Time Written: 20090719171436.000000-000
Event Type: Informationen
User: 

Computer Name: XXX-PC
Event Code: 0
Message: 
Record Number: 87736
Source Name: gusvc
Time Written: 20090719171435.000000-000
Event Type: Informationen
User: 

Computer Name: XXX-PC
Event Code: 0
Message: 
Record Number: 87735
Source Name: hpqddsvc
Time Written: 20090719171236.000000-000
Event Type: Informationen
User:
         
Code:
ATTFilter
Logfile of random's system information tool 1.07 (written by random/random)
Run by XXX at 2010-06-08 20:39:41
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 279 GB (85%) free of 328 GB
Total RAM: 1919 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:39:49, on 08.06.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Gnab\Service\GnabTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\System Explorer\SystemExplorer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Users\Public\winscdvn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Users\Mühlhauser\Downloads\RSIT.exe
C:\Program Files\trend micro\XXX.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = xttp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = xttp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = xttp://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = xttp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = xttp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = xttp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - (no file)
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - (no file)
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - (no file)
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GnabTray] C:\Program Files\Common Files\Gnab\Service\GnabTray.exe -checkstart
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SystemExplorer] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Windows Firewall Updates] C:\Users\Public\winscdvn.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - xttp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - xttp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - xttp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - xttp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F025EAFD-A26D-4098-A476-9699D0CA24BB}: NameServer = 192.168.2.1
O18 - Protocol: haufereader - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 11336 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172357726-1718783292-1392186010-1002Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172357726-1718783292-1392186010-1002UA.job
C:\Windows\tasks\NSSstub.job
C:\Windows\tasks\User_Feed_Synchronization-{1F89915D-5E81-4867-9ABF-51447C132B47}.job
C:\Windows\tasks\User_Feed_Synchronization-{88D7508A-E19D-4251-9830-70FC4DCAA041}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-02-09 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
IObitCom Toolbar - C:\Program Files\IObitCom\tbIObi.dll [2009-10-01 2166296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID-Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-30 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-03-30 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9508125-4747-4733-b048-e4b82dc9716d}]
PHPNukeDE Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}]
IE Developer Toolbar BHO - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll [2007-03-01 623992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{c9508125-4747-4733-b048-e4b82dc9716d} -  []
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-12-31 2349080]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-30 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-17 4702208]
"GnabTray"=C:\Program Files\Common Files\Gnab\Service\GnabTray.exe [2007-04-13 327680]
"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-02-09 198160]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-03-05 1135912]
"LexwareInfoService"=C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2008-11-03 339240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Google Update"=C:\Users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
"SystemExplorer"=C:\Program Files\System Explorer\SystemExplorer.exe [2008-08-25 1833472]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-07 68856]
"Windows Firewall Updates"=C:\Users\Public\winscdvn.exe [2010-06-08 85504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5060ceea-8ad6-11dc-944e-806e6f6e6963}]
shell\AutoRun\command - E:\setup.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-06-08 20:33:09 ----D---- C:\rsit
2010-06-08 20:15:41 ----A---- C:\Windows\isRS-000.tmp
2010-06-08 20:10:23 ----D---- C:\Program Files\CCleaner
2010-05-27 12:19:02 ----A---- C:\Windows\system32\_TraceLog.txt
2010-05-26 16:13:38 ----A---- C:\Windows\system32\tzres.dll
2010-05-21 10:37:36 ----A---- C:\Windows\system32\zvkonline80VC8.dll
2010-05-21 10:37:36 ----A---- C:\Windows\system32\PXTTool80VC8.dll
2010-05-21 10:37:36 ----A---- C:\Windows\system32\LxXtreme70VC8.dll
2010-05-21 10:37:36 ----A---- C:\Windows\system32\LxUISettings20Native.dll
2010-05-21 10:37:36 ----A---- C:\Windows\system32\LXTPSW20VC8.dll
2010-05-21 10:37:36 ----A---- C:\Windows\system32\LXTool80VC8.dll
2010-05-21 10:37:36 ----A---- C:\Windows\system32\lxter20VC8.dll
2010-05-21 10:37:34 ----A---- C:\Windows\system32\LxMail30VC8.dll
2010-05-21 10:37:34 ----A---- C:\Windows\system32\LxImport80VC8.dll
2010-05-21 10:37:34 ----A---- C:\Windows\system32\LXDasi80VC8.dll
2010-05-21 10:37:34 ----A---- C:\Windows\system32\LXBtr80VC8.dll
2010-05-21 10:37:34 ----A---- C:\Windows\system32\LxBasics80VC8.dll
2010-05-12 14:06:55 ----A---- C:\Windows\system32\inetcomm.dll
2010-05-09 13:30:37 ----D---- C:\Program Files\ICQ7.0
2010-05-09 13:26:05 ----D---- C:\Program Files\ICQ6Toolbar

======List of files/folders modified in the last 1 months======

2010-06-08 20:39:48 ----D---- C:\Windows\Temp
2010-06-08 20:39:48 ----D---- C:\Program Files\Trend Micro
2010-06-08 20:39:23 ----D---- C:\Windows\Prefetch
2010-06-08 20:25:04 ----D---- C:\Windows
2010-06-08 20:23:53 ----RD---- C:\Program Files
2010-06-08 20:22:25 ----D---- C:\Windows\System32
2010-06-08 20:22:25 ----D---- C:\Windows\inf
2010-06-08 20:22:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-06-08 20:21:06 ----D---- C:\Windows\Tasks
2010-06-08 20:17:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-08 20:15:38 ----D---- C:\Windows\system32\drivers
2010-06-08 20:11:28 ----D---- C:\Windows\Debug
2010-06-08 20:05:09 ----D---- C:\Users\Mühlhauser\AppData\Roaming\mIRC
2010-06-08 19:55:36 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-08 18:28:07 ----D---- C:\Users\Mühlhauser\AppData\Roaming\StarOffice8
2010-06-08 16:04:30 ----D---- C:\ProgramData\Google Updater
2010-06-04 16:42:02 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-04 15:32:48 ----D---- C:\Users\Mühlhauser\AppData\Roaming\FileZilla
2010-06-04 12:38:15 ----SHD---- C:\Windows\Installer
2010-06-04 12:38:15 ----SD---- C:\ProgramData\Microsoft
2010-06-04 12:38:15 ----HD---- C:\Config.Msi
2010-06-03 17:37:08 ----D---- C:\Users\XXX\AppData\Roaming\Skype
2010-06-02 15:12:26 ----D---- C:\Windows\system32\catroot2
2010-06-02 14:28:47 ----D---- C:\Users\Mühlhauser\AppData\Roaming\gtk-2.0
2010-05-29 13:01:50 ----D---- C:\Program Files\Common Files\microsoft shared
2010-05-29 13:01:43 ----D---- C:\Program Files\Microsoft
2010-05-26 20:12:05 ----D---- C:\Windows\rescache
2010-05-26 17:30:50 ----D---- C:\Windows\winsxs
2010-05-26 17:30:50 ----D---- C:\Windows\system32\de-DE
2010-05-26 17:30:37 ----D---- C:\Program Files\Internet Explorer
2010-05-26 16:13:15 ----D---- C:\Windows\system32\catroot
2010-05-22 11:47:01 ----D---- C:\Program Files\Google
2010-05-12 14:54:44 ----D---- C:\Program Files\Windows Mail
2010-05-12 14:54:35 ----D---- C:\ProgramData\Microsoft Help
2010-05-12 11:21:16 ----N---- C:\Windows\system32\MpSigStub.exe
2010-05-11 15:05:45 ----D---- C:\Users\XXX\AppData\Roaming\Image Zone Express
2010-05-09 13:26:03 ----D---- C:\ProgramData\ICQ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-22 1950552]
R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-10 2377728]
R3 RTL8169;Realtek 8169-NT-Treiber; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver; \??\C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
S3 nsysaudm;nsysaudm; \??\C:\Users\MHLHAU~1\AppData\Local\Temp\nsysaudm.sys []
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2007-05-14 135400]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-02-10 565248]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 GnabService;GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-21 29744]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------
         
--- --- ---

Alt 08.06.2010, 20:10   #2
markusg
/// Malware-holic
 
Icq-Bild-Virus - Standard

Icq-Bild-Virus



Du und dein bruder, ihr habt malware auf dem pc und versendet diese, sagt eueren kontakten bescheid, jeder der das geöffnet hat, sollte nen thread hier eröffnen.
kannst du mir mal als persönliche nachicht (pm) die links zukommen lassen, die ihr versendet, damit die dateien an die antivirus hersteller eingesendet werden können.
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "run Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide, falls zu groß, teile sie auf.
__________________


Alt 08.06.2010, 20:47   #3
Wombat44
 
Icq-Bild-Virus - Standard

Icq-Bild-Virus



So die Codes:

Code:
ATTFilter
OTL Extras logfile created on: 08.06.2010 21:14:33 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\XXX\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 320,70 Gb Total Space | 272,78 Gb Free Space | 85,06% Space Free | Partition Type: NTFS
Drive D: | 14,63 Gb Total Space | 9,11 Gb Free Space | 62,26% Space Free | Partition Type: FAT32
Drive E: | 345,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: X-PC
Current User Name: X
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2172357726-1718783292-1392186010-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\XXX\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27273F32-E467-4522-8C99-E12B4D225D07}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{277A6FD6-FBAC-4D31-8D5A-77D3ADCFFA49}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{41FB33FC-E264-4911-876E-C775B1A2A322}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4B381F08-39A9-49C9-9FE3-DC80F745B199}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{999EAE65-B3BF-4CE3-9CA2-9D8FA0DDF0E0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{AD76C061-8BA8-499C-9F44-0E89C61E40E9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{DEBDC2A7-CB2D-416E-BB2D-EA9A81091631}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9BD40E0-E7C2-4642-8EFA-52968737E1F8}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{FF1EA31C-BF89-40A9-A868-7434179FE107}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"TCP Query User{025BA538-8A1A-4C08-866C-4712479D9FA6}C:\program files\franzis\3d tipptrainer\ttn.exe" = protocol=6 | dir=in | app=c:\program files\franzis\3d tipptrainer\ttn.exe | 
"TCP Query User{13484E25-12AE-4D0D-8286-57BF9FE3DD86}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
"TCP Query User{1D08EFE7-DF61-471C-A932-A6A37EB5A7B7}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{39852FF7-30D0-4CDB-86FB-1B6710C0ABFF}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{3B8A0C1A-96F7-440D-A2F1-66E8307FF664}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{4EF444C9-0399-433F-A0EA-E24943750FBE}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{5E33B1F5-1415-4342-938E-ED4034797EB0}C:\program files\firefly studios\stronghold\stronghold.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe | 
"TCP Query User{5EBB1251-C2BD-4998-8DC5-ACD217C80361}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe | 
"TCP Query User{6381A72E-62C9-46E2-B45F-C287841DFB9E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{69C9826E-0D43-43F0-AAF9-1CCB0EE9C8B0}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{72C3B1AA-22B4-43B7-9FF5-2FF46E4E0B67}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{76103346-6925-4DFD-AF12-803173040202}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{7F0073FF-D8BF-491D-AF68-FF5EA4B28133}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{86EA05C3-1FE6-4F03-BBA4-3BA392C722A2}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{98FE55E7-C39E-4836-BB1F-2DA20BBB8419}C:\users\mühlhauser\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\mühlhauser\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{A97A1D4D-4B33-4650-9B31-18AA87B68C7C}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{C132CC23-71D3-4CBF-9607-C5796A224E58}C:\program files\t-online\t-online_software_6\info-cockpit\infocockpit.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\info-cockpit\infocockpit.exe | 
"TCP Query User{ED2605F7-20F1-4EE6-9E7E-FDF81635C289}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{FA7406E5-53E2-4CC7-A15F-C51D72BFCE64}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{0EF05432-BA19-41A5-9BB7-FEBEA681A0C0}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{2B238D11-93A9-45D5-8338-7A10A2D93AB8}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{3209632E-A944-48E8-94F5-0EA216EDAA44}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{32A15787-7CA7-476A-8934-567DA7FD48B5}C:\program files\firefly studios\stronghold\stronghold.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe | 
"UDP Query User{3901B10C-1B93-456A-AD0B-495330E42693}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe | 
"UDP Query User{3A2E2231-22F0-4DD2-B5E1-A43BD3DC95E7}C:\users\mühlhauser\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\mühlhauser\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{46E6B26B-A986-4DD8-959F-2063FA6D0D89}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{58706D8A-DDC1-459A-B23B-E115998A7163}C:\program files\franzis\3d tipptrainer\ttn.exe" = protocol=17 | dir=in | app=c:\program files\franzis\3d tipptrainer\ttn.exe | 
"UDP Query User{64EB303D-B0E1-4692-9F13-58E1CB6AFC7A}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{6CE5EA06-42E7-44E7-BB5D-0B752665EA3A}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{7E9675F3-26AF-4BED-BA9B-35A493D6FD7D}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{86284F06-D443-49BD-8CF5-270A84647A05}C:\program files\t-online\t-online_software_6\info-cockpit\infocockpit.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\info-cockpit\infocockpit.exe | 
"UDP Query User{88DA6D91-2B4B-4E2F-9ED8-873B4EBF85BF}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{99B8A0C3-E09F-4225-A2FF-273DAAAAF752}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{A273D04B-13FE-40F3-9DA0-DDD3F1B53E62}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{A361A9C1-F485-4CC6-B141-429DC7D54648}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{B604D7AA-0B67-4C45-B364-5C5FBCE265C3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{BA70D44F-3A77-48FD-8CC6-78EE14B4801A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{BDF20D66-9E98-4998-8DFF-E865467F2BA1}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07103848-8EBE-4287-85D8-8EC76D88B906}" = Microsoft Mathe 3.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07B64A55-B552-4F34-A904-DBFD810B752B}" = QuickSteuer DELUXE Wissens-Center 2008
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08D864D1-9CAD-7D21-AAB6-4B9E3BC8D1A5}" = ccc-core-static
"{09BC9676-A36C-456C-A86B-AD42FF5ABD8F}" = Steuer Update 14.01
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D738AF1-715D-D5B8-FED5-562FE611F738}" = Catalyst Control Center Localization German
"{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B0098FF-1816-4F42-8203-FA29F5735596}" = Samsung PC Studio 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{2949E300-133D-CD51-93DE-0F9A7F9B7047}" = CCC Help German
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33C9480C-12EE-34F1-82F5-74FF32B22787}" = ccc-utility
"{353EA50E-26A0-4ADD-A12A-3FE2E59E5BB3}" = QuickSteuer DELUXE Wissens-Center 2009
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37BA50EE-C851-4394-93DD-A0A611891031}" = Nero 7 Essentials
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3BF20AC5-767D-4FCA-B7DF-6EEDA2937BED}" = Video Creator
"{3D15064D-4371-4FCC-B9E6-F79D6CBFDDD4}" = StarOffice 8 Product Update 11
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4315FBC5-9241-E978-EA6B-D7212900F3A7}" = Catalyst Control Center Graphics Full Existing
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{59A97880-A591-447B-879A-F27D75DD79A5}" = FujiFilm iX-1
"{5A98F915-3593-4A49-B5F8-C414DCA954AA}" = Steuer Update 14.01
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F9E4DC9-4BC7-4C7A-96DB-D4471AAE6853}" = Steuer Update 14.01
"{64F38F19-7E12-4364-B00D-508EE72BE34D}" = FujiFilm iX-1 Camera Driver
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E9B276F-77BE-49F7-8676-C10017F9E20B}" = Lexware buchhalter Servicepack 2008, Version 13.50
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7923F6DE-CF0D-40ED-AB5A-A792408EA7B5}" = QuickSteuer Deluxe 2008
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{87E01B1B-92A0-416F-9F8E-9BE921A05F9F}" = StarOffice 8
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89863727-B08E-401F-995B-14398B28DE3D}" = QuickSteuer Deluxe 2009
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE37484-B5C2-497E-8501-D339F1D828CC}" = Lexware reisekosten 2008
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9800F872-AC4A-E014-3CD1-1EBDCAD06805}" = Catalyst Control Center Core Implementation
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C675B46-9998-9DA9-20FC-BAF19F340353}" = Catalyst Control Center Graphics Light
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A40ED506-EF86-48D7-B5F7-FF5F41CF1862}" = QuickSteuer Deluxe 2009
"{A8265601-91E9-4473-92D6-8C7EB2444852}" = Steuer Update 14.01
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9358EEE-34F1-4553-9382-7914D6A4B42C}" = QuickSteuer Deluxe 2008
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B1A4CE9C-0D98-43D0-8815-2212F3752063}" = Lexware reisekosten 2008
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BC63A4AC-435D-4AAD-9881-D0ED60804D1A}" = Lexware buchhalter Aktualisierung Februar 2008, Version 13.10
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D083AB13-EFA7-8D0C-1472-4E0FBAC02549}" = Catalyst Control Center Graphics Full New
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{DEE03A90-C723-4E3D-A661-86651D6F0668}" = QuickSteuer Deluxe 2010
"{DF100337-9A0E-52BE-64D8-E4EA7B41E65F}" = Catalyst Control Center Graphics Previews Vista
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7C25968-B418-4529-A389-E5DFCE792917}" = Worms 3D
"{E98371BD-6C0D-463E-B004-E6303F9A34A7}" = Lexware buchhalter 2008
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EC127C66-AF7B-D137-9878-B01A8A3ECE9B}" = Skins
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FE688026-1C8C-4E50-889D-4B6607CADC24}" = Lexware buchhalter 2008
"{FF1B3317-EADD-4AC3-BE54-37265FC9A133}" = Lexware buchhalter Servicepack 2008, Version 13.50
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"3D TippTrainer_is1" = 3D TippTrainer
"7-Zip" = 7-Zip 4.57
"ACRM1_is1" = ArchiCrypt Rescue-Master 2008 Version 1.0.6.1293
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"ArcSoft PhotoStudio Suite 20" = ArcSoft PhotoStudio Suite v2.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Brain Workshop_is1" = Brain Workshop 4.12
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Eisenbahn.exe Professional 2.43 Premium" = Eisenbahn.exe Professional 2.43 Premium
"Encarta99D" = Microsoft Encarta 99 Enzyklopädie
"FileZilla Client" = FileZilla Client 3.3.2.1
"Finale Allegro 2007 Demo" = Finale Allegro 2007 Demo
"Forte Free" = Forte Free 2.0
"Free Studio_is1" = Free Studio version 4.3
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 3.2
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 2.9
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 2.5
"GNU Solfege_is1" = GNU Solfege 3.16.0
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GraphCalc v4.0.1_is1" = GraphCalc v4.0.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Indeo® software" = Indeo® software
"IObitCom Toolbar" = IObitCom Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Picasa 3" = Picasa 3
"ProcessScanner_is1" = Uniblue ProcessScanner
"RealPlayer 12.0" = RealPlayer
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Schnell Schreiben_is1" = Schnell Schreiben 3.4.4
"Shop for HP Supplies" = Shop for HP Supplies
"SopCast" = SopCast 3.2.4
"System Explorer_is1" = System Explorer 1.5
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.5.0.1
"UEFA 2008 (en)" = UEFA 2008 (en) Screen Saver
"Uninstall_is1" = Uninstall 1.0.0.0
"WheelMouse" = Optical Mousemate V1.0
"WinGimp-2.0_is1" = GIMP 2.6.7
"ykuykyw" = Favorit
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2172357726-1718783292-1392186010-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.06.2010 11:51:49 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 9.3.2.163, Zeitstempel
 0x4bb82a58, fehlerhaftes Modul Updater.api_unloaded, Version 0.0.0.0, Zeitstempel
 0x4bb80e83, Ausnahmecode 0xc0000005, Fehleroffset 0x6fafd577,  Prozess-ID 0x13e8,
 Anwendungsstartzeit 01cb05902549e77c.
 
Error - 06.06.2010 11:51:55 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 9.3.2.163, Zeitstempel
 0x4bb82a58, fehlerhaftes Modul Updater.api_unloaded, Version 0.0.0.0, Zeitstempel
 0x4bb80e83, Ausnahmecode 0xc0000005, Fehleroffset 0x6faea232,  Prozess-ID 0x13e8,
 Anwendungsstartzeit 01cb05902549e77c.
 
Error - 07.06.2010 10:42:47 | Computer Name = XXX-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 07.06.2010 16:25:35 | Computer Name = XXX-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 08.06.2010 10:04:37 | Computer Name = XXX-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 08.06.2010 11:41:06 | Computer Name = X-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.1.0.2096 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1108  Anfangszeit: 01cb071f709cd98d  Zeitpunkt der Beendigung:
 0
 
Error - 08.06.2010 11:54:38 | Computer Name = X-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.1.0.2096 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 13a0  Anfangszeit: 01cb072105abeb0d  Zeitpunkt der Beendigung:
 17
 
Error - 08.06.2010 12:05:06 | Computer Name = X-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 08.06.2010 13:25:26 | Computer Name = X-PC | Source = VSS | ID = 12289
Description = 
 
Error - 08.06.2010 14:39:22 | Computer Name = X-PC | Source = Application Hang | ID = 1002
Description = Programm RSIT.exe, Version 3.3.6.1 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: d88  Anfangszeit: 01cb07390a26cfda  Zeitpunkt der Beendigung:
 2
 
[ OSession Events ]
Error - 30.05.2010 11:41:44 | Computer Name = X-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 10736
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 08.06.2010 12:20:24 | Computer Name = X-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.06.2010 um 18:19:18 unerwartet heruntergefahren.
 
Error - 08.06.2010 12:20:13 | Computer Name = X-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 08.06.2010 12:20:13 | Computer Name = X-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = 
 
Error - 08.06.2010 12:20:18 | Computer Name = X-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 08.06.2010 12:22:38 | Computer Name = X-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 08.06.2010 14:17:04 | Computer Name = X-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 08.06.2010 14:17:04 | Computer Name = X-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = 
 
Error - 08.06.2010 14:17:09 | Computer Name = X-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 08.06.2010 14:19:00 | Computer Name = X-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 08.06.2010 14:22:10 | Computer Name = X-PC | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >
         
__________________

Alt 08.06.2010, 20:47   #4
Wombat44
 
Icq-Bild-Virus - Standard

Icq-Bild-Virus



Code:
ATTFilter
OTL logfile created on: 08.06.2010 21:14:33 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\XXX\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 320,70 Gb Total Space | 272,78 Gb Free Space | 85,06% Space Free | Partition Type: NTFS
Drive D: | 14,63 Gb Total Space | 9,11 Gb Free Space | 62,26% Space Free | Partition Type: FAT32
Drive E: | 345,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXX-PC
Current User Name: Mühlhauser
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Public\winscdvn.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
PRC - C:\Programme\System Explorer\SystemExplorer.exe (Mister Group)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Common Files\Gnab\Service\GnabTray.exe (Empolis GmbH)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (NMIndexingService) --  File not found
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (GoogleDesktopManager-061008-081103) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Programme\IObitCom\tbIObi.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - Reg Error: Value error. File not found
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Programme\IObitCom\tbIObi.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - Reg Error: Value error. File not found
IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.2
FF - prefs.js..extensions.enabledItems: {71bfcce7-421d-4042-95d4-a585a821cbca}:2.3.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 0
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: foxgame2@foxgame.org:2.0 Beta
FF - prefs.js..extensions.enabledItems: {3713a489-0634-4472-8456-dc7abd7eba00}:1.3.1
FF - prefs.js..extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:3.6.3.1.03.04.10
FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100529
FF - prefs.js..extensions.enabledItems: {d650973c-0444-4ac7-9d00-19e3613c83b9}:3.6.7
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.03.07 23:35:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 14:55:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.29 16:46:02 | 000,000,000 | ---D | M]
 
[2008.09.19 23:28:50 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\mozilla\Extensions
[2010.06.08 19:02:00 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions
[2010.04.28 15:02:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.31 20:12:51 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\X/AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2010.04.09 14:33:46 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2010.04.07 23:46:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.04.07 23:46:30 | 000,000,000 | ---D | M] (Abaca classic) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
[2010.05.23 16:38:32 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\XAppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.06.07 16:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{71bfcce7-421d-4042-95d4-a585a821cbca}
[2010.05.28 22:23:03 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.05.09 13:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.08.15 16:23:11 | 000,000,000 | ---D | M] (Phoenity Modern) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2009.08.15 16:13:48 | 000,000,000 | ---D | M] (Green Bay Packers Theme) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{84e5f4d0-7e2b-11de-8a39-0800200c9a66}
[2010.04.30 19:59:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.21 14:45:23 | 000,000,000 | ---D | M] (Whitehart) -- C:\Users\XAppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}
[2010.05.26 16:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.04.09 14:33:50 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.03.13 19:18:24 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.03.11 23:11:24 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.05.12 13:59:05 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\cfxe@Triton
[2010.05.12 13:59:12 | 000,000,000 | ---D | M] -- C:\Users\MX\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\cfxHelper@Triton
[2009.12.09 18:27:19 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\firefox@tvunetworks.com
[2010.06.07 14:54:00 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\foxgame2@foxgame.org
[2010.05.31 18:57:50 | 000,000,000 | ---D | M] -- C:\Users\X/AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\nasanightlaunch@example.com
[2010.04.07 23:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}\chrome\mozapps\extensions
[2009.08.15 16:13:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{84e5f4d0-7e2b-11de-8a39-0800200c9a66}\chrome\global\aero\mozapps\extensions
[2009.08.15 16:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{84e5f4d0-7e2b-11de-8a39-0800200c9a66}\chrome\mozapps\extensions
[2010.03.13 20:48:13 | 000,000,873 | ---- | M] () -- C:\Users\X\AppData\Roaming\Mozilla\FireFox\Profiles\03ib11ez.default\searchplugins\conduit.xml
[2010.06.02 19:31:18 | 000,000,944 | ---- | M] () -- C:\Users\X\AppData\Roaming\Mozilla\FireFox\Profiles\03ib11ez.default\searchplugins\icqplugin.xml
[2009.12.07 18:52:40 | 000,002,108 | ---- | M] () -- C:\Users\X\AppData\Roaming\Mozilla\FireFox\Profiles\03ib11ez.default\searchplugins\qtl.xml
[2010.04.29 16:46:05 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.07.14 18:11:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.01.18 14:34:12 | 000,000,000 | ---D | M] (PHPNukeDE Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{c9508125-4747-4733-b048-e4b82dc9716d}
[2010.04.29 16:46:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008.03.07 23:35:41 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.21 20:31:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.21 20:31:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.10.21 14:19:29 | 000,000,686 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.png
[2008.10.21 14:19:29 | 000,000,531 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.src
[2010.01.21 20:31:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.21 20:31:11 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.21 20:31:11 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - Reg Error: Value error. File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IObitCom Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Programme\IObitCom\tbIObi.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - Reg Error: Value error. File not found
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Programme\IObitCom\tbIObi.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\Toolbar\WebBrowser: (PHPNukeDE Toolbar) - {C9508125-4747-4733-B048-E4B82DC9716D} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GnabTray] C:\Program Files\Common Files\Gnab\Service\GnabTray.exe (Empolis GmbH)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002..\Run: [SystemExplorer] C:\Program Files\System Explorer\SystemExplorer.exe (Mister Group)
O4 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002..\Run: [Windows Firewall Updates] C:\Users\Public\winscdvn.exe ()
O4 - Startup: C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2008.12.07 18:58:17 | 000,000,000 | -H-D | M]
O7 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} xttp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} xttp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} xttp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} xttp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} xttp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} xttp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} xttp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} xttp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} xttp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} xttp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} xttp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} xttp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\X\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mühlhauser\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.11.21 13:08:00 | 000,000,044 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2005.04.28 16:15:50 | 000,006,972 | R--- | M] () - E:\AUTORUN.JMP -- [ CDFS ]
O33 - MountPoints2\{5060ceea-8ad6-11dc-944e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5060ceea-8ad6-11dc-944e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2007.11.21 13:13:00 | 032,234,283 | R--- | M] (Franzis Verlag GmbH                                         )
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008.05.30 14:45:36 | 000,000,000 | ---D | M]
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger -  File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 6.0.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: ccc-core-static - msiexec /fums {08D864D1-9CAD-7D21-AAB6-4B9E3BC8D1A5} /qb
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\Iyvu9_32.dll ()
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.08 20:33:09 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.08 20:10:23 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.05.26 16:13:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.21 10:37:36 | 004,661,248 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxXtreme70VC8.dll
[2010.05.21 10:37:36 | 001,347,584 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXTool80VC8.dll
[2010.05.21 10:37:36 | 000,716,800 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\lxter20VC8.dll
[2010.05.21 10:37:36 | 000,557,056 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\zvkonline80VC8.dll
[2010.05.21 10:37:36 | 000,110,592 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxUISettings20Native.dll
[2010.05.21 10:37:36 | 000,069,632 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\PXTTool80VC8.dll
[2010.05.21 10:37:36 | 000,027,648 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXTPSW20VC8.dll
[2010.05.21 10:37:34 | 000,323,584 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxImport80VC8.dll
[2010.05.21 10:37:34 | 000,299,008 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXBtr80VC8.dll
[2010.05.21 10:37:34 | 000,225,280 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxBasics80VC8.dll
[2010.05.21 10:37:34 | 000,192,512 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXDasi80VC8.dll
[2010.05.21 10:37:34 | 000,135,168 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxMail30VC8.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.08 21:16:02 | 006,029,312 | -HS- | M] () -- C:\Users\X\NTUSER.DAT
[2010.06.08 21:15:06 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1F89915D-5E81-4867-9ABF-51447C132B47}.job
[2010.06.08 21:14:59 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{88D7508A-E19D-4251-9830-70FC4DCAA041}.job
[2010.06.08 21:05:03 | 000,029,564 | ---- | M] () -- C:\Users\X\AppData\Roaming\wklnhst.dat
[2010.06.08 20:51:13 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172357726-1718783292-1392186010-1002UA.job
[2010.06.08 20:38:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.08 20:37:25 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.08 20:37:25 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.08 20:22:25 | 001,445,786 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.08 20:22:25 | 000,628,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.08 20:22:25 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.08 20:22:25 | 000,126,850 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.08 20:22:25 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.08 20:21:06 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.06.08 20:17:24 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.08 20:17:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.08 20:17:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.08 20:17:10 | 2010,611,712 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.08 20:16:05 | 000,524,288 | -HS- | M] () -- C:\Users\X\NTUSER.DAT{cc1e9aa3-73a1-11de-8537-001d9202aad5}.TMContainer00000000000000000002.regtrans-ms
[2010.06.08 20:16:05 | 000,065,536 | -HS- | M] () -- C:\Users\X\NTUSER.DAT{cc1e9aa3-73a1-11de-8537-001d9202aad5}.TM.blf
[2010.06.08 20:16:02 | 003,102,259 | -H-- | M] () -- C:\Users\XAppData\Local\IconCache.db
[2010.06.08 19:55:44 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.lnk
[2010.06.08 18:51:01 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172357726-1718783292-1392186010-1002Core.job
[2010.06.08 17:58:15 | 000,219,136 | ---- | M] () -- C:\Users\X\AppData\Roaming\chrtmp
[2010.06.02 14:28:47 | 000,018,258 | ---- | M] () -- C:\Users\X\.recently-used.xbel
[2010.05.22 11:47:40 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.05.21 10:37:36 | 004,661,248 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxXtreme70VC8.dll
[2010.05.21 10:37:36 | 001,347,584 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXTool80VC8.dll
[2010.05.21 10:37:36 | 000,716,800 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\lxter20VC8.dll
[2010.05.21 10:37:36 | 000,557,056 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\zvkonline80VC8.dll
[2010.05.21 10:37:36 | 000,110,592 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxUISettings20Native.dll
[2010.05.21 10:37:36 | 000,069,632 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\PXTTool80VC8.dll
[2010.05.21 10:37:36 | 000,027,648 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXTPSW20VC8.dll
[2010.05.21 10:37:34 | 000,323,584 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxImport80VC8.dll
[2010.05.21 10:37:34 | 000,299,008 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXBtr80VC8.dll
[2010.05.21 10:37:34 | 000,225,280 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxBasics80VC8.dll
[2010.05.21 10:37:34 | 000,192,512 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXDasi80VC8.dll
[2010.05.21 10:37:34 | 000,135,168 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxMail30VC8.dll
[2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.11 23:35:40 | 009,224,849 | ---- | M] () -- C:\Users\X\Documents\Russland folie.odt
[2010.05.11 23:17:40 | 000,071,168 | ---- | M] () -- C:\Users\X\Documents\Franken Fragebogen.doc
[2010.05.11 18:26:00 | 000,028,528 | ---- | M] () -- C:\Users\X\Documents\Referat Sozi Russland.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.08 19:55:44 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.lnk
[2010.06.08 18:12:20 | 2010,611,712 | -HS- | C] () -- C:\hiberfil.sys
[2010.06.08 17:29:36 | 000,219,136 | ---- | C] () -- C:\Users\X\AppData\Roaming\chrtmp
[2010.06.02 14:28:47 | 000,018,258 | ---- | C] () -- C:\Users\X\.recently-used.xbel
[2010.05.22 11:47:40 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.05.11 23:35:36 | 009,224,849 | ---- | C] () -- C:\Users\X\Documents\Russland folie.odt
[2010.05.11 23:14:52 | 000,071,168 | ---- | C] () -- C:\Users\X\Documents\Franken Fragebogen.doc
[2010.05.11 15:52:04 | 000,028,528 | ---- | C] () -- C:\Users\X\Documents\Referat Sozi Russland.odt
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.15 14:34:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.01 15:48:39 | 000,000,020 | ---- | C] () -- C:\Windows\TTN.INI
[2009.07.01 14:45:10 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2009.06.13 13:35:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.03.03 21:12:23 | 000,172,032 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.11.15 15:47:18 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008.11.15 15:47:18 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008.11.15 15:47:18 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008.11.15 15:35:05 | 000,000,239 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.11.04 22:59:01 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008.07.23 16:41:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\BH_DATA110VC8.dll
[2008.03.15 13:03:35 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008.03.13 17:22:23 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.02.23 16:43:58 | 000,001,147 | ---- | C] () -- C:\Windows\maxlink.ini
[2008.02.23 16:43:58 | 000,000,417 | ---- | C] () -- C:\Windows\fantasy2.ini
[2008.02.23 16:43:58 | 000,000,300 | ---- | C] () -- C:\Windows\photoprn.ini
[2008.02.23 16:43:58 | 000,000,251 | ---- | C] () -- C:\Windows\pmontage.ini
[2008.02.23 16:43:58 | 000,000,139 | ---- | C] () -- C:\Windows\pstudio.ini
[2008.02.23 16:43:48 | 000,000,021 | ---- | C] () -- C:\Windows\PS_SUITE.INI
[2008.01.16 21:20:33 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.01.16 21:20:33 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2007.11.15 21:31:34 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2007.11.15 21:27:40 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2007.11.15 21:25:28 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2007.11.15 21:25:12 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2007.11.13 09:39:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll
[2007.09.21 09:00:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
[2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll
[2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll
[2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll
[2001.10.10 08:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll
[2001.10.10 08:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll
[2001.03.07 08:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll
[2000.11.29 05:47:50 | 000,000,460 | ---- | C] () -- C:\Windows\SCROLL.INI
 
========== LOP Check ==========
 
[2009.06.11 19:51:22 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\ICQ
[2008.11.22 19:57:11 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Lexware
[2009.02.06 20:37:27 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\T-Online
[2009.01.16 20:23:28 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\ArchiCrypt Rescue Master
[2010.06.04 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\FileZilla
[2010.04.02 18:51:01 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\GNU Solfege
[2010.06.02 14:28:47 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\gtk-2.0
[2008.05.12 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Haufe
[2007.12.01 21:20:03 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\ICQ Toolbar
[2010.05.11 15:05:45 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Image Zone Express
[2009.12.11 20:28:58 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\IObit
[2008.05.12 18:39:07 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Lexware
[2009.01.23 15:12:51 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\PeerNetworking
[2009.10.24 21:58:37 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Printer Info Cache
[2008.11.04 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Samsung
[2010.06.08 18:28:07 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\StarOffice8
[2007.11.17 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\T-Online
[2008.12.31 21:56:29 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\temp
[2007.11.04 16:52:43 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Template
[2009.10.24 19:57:00 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\NSSstub.job
[2010.06.08 20:16:17 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.06.08 21:15:06 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1F89915D-5E81-4867-9ABF-51447C132B47}.job
[2010.06.08 21:14:59 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{88D7508A-E19D-4251-9830-70FC4DCAA041}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.03.24 23:14:24 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Adobe
[2008.01.20 00:18:38 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Ahead
[2008.11.13 17:03:11 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Apple Computer
[2009.01.16 20:23:28 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ArchiCrypt Rescue Master
[2007.11.04 15:21:20 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ATI
[2010.06.04 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\FileZilla
[2010.04.02 18:51:01 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\GNU Solfege
[2008.03.21 00:10:33 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Google
[2010.06.02 14:28:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\gtk-2.0
[2008.05.12 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Haufe
[2009.01.04 10:57:21 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HP
[2009.11.23 15:54:50 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HpUpdate
[2007.12.01 21:20:03 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ICQ Toolbar
[2007.11.04 15:20:40 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Identities
[2010.05.11 15:05:45 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Image Zone Express
[2009.07.15 19:51:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\InstallShield
[2009.12.11 20:28:58 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\IObit
[2008.05.12 18:39:07 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Lexware
[2007.11.24 17:45:25 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Macromedia
[2009.07.11 15:56:40 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Media Center Programs
[2009.06.24 15:08:52 | 000,000,000 | --SD | M] -- C:\Users\x\AppData\Roaming\Microsoft
[2010.06.08 20:05:09 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\mIRC
[2008.09.19 23:28:50 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Mozilla
[2009.01.23 15:12:51 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\PeerNetworking
[2009.10.24 21:58:37 | 000,000,000 | ---D | M] -- C:\Users\xr\AppData\Roaming\Printer Info Cache
[2010.02.12 22:05:55 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Real
[2008.11.04 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Samsung
[2007.11.24 13:55:45 | 000,000,000 | RH-D | M] -- C:\Users\x\AppData\Roaming\SecuROM
[2010.06.03 17:37:08 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Skype
[2009.04.22 14:51:43 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\skypePM
[2010.06.08 18:28:07 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\StarOffice8
[2007.11.17 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\T-Online
[2008.03.07 23:44:42 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Talkback
[2008.12.31 21:56:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\temp
[2007.11.04 16:52:43 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Template
[2009.07.15 17:21:17 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\THQ
[2010.02.28 18:46:32 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TVU networks
[2008.01.02 17:04:06 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.11.04 17:49:36 | 000,635,664 | ---- | M] (IObit) -- C:\Users\x\AppData\Roaming\IObit\Common\TB_Helper.exe
[2009.05.12 20:18:13 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Mühlhauser\AppData\Roaming\Microsoft\Installer\{F48AAE0F-52F4-11DD-B1F7-0050560400B1}\ARPPRODUCTICON.exe
[2010.02.28 19:20:47 | 005,514,304 | ---- | M] (TVU networks) -- C:\Users\x\AppData\Roaming\TVU networks\AutoUpgrade\TVUPlayer2.5.2.2.exe
[2008.12.14 22:35:52 | 005,241,488 | ---- | M] (TVU networks) -- C:\Users\x\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.1.0.exe
[2009.04.18 20:41:27 | 000,886,910 | ---- | M] (TVU networks) -- C:\Users\x\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.5.1.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.02.13 22:55:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.13 22:55:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.13 22:55:04 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.02.13 22:55:04 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
         

Alt 08.06.2010, 20:59   #5
markusg
/// Malware-holic
 
Icq-Bild-Virus - Standard

Icq-Bild-Virus



Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun das Folgende in die Textbox.

:OTL
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - Reg Error: Value error. File not found
O2 - BHO: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - Reg Error: Value error. File not found
PRC - C:\Users\Public\winscdvn.exe ()
O3 - HKLM\..\Toolbar: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\Toolbar\WebBrowser: (PHPNukeDE Toolbar) - {C9508125-4747-4733-B048-E4B82DC9716D} - Reg Error:
Value error. File not found
O4 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002..\Run: [Windows Firewall Updates] C:\Users\Public\winscdvn.exe ()
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMPFC5A2B2
:Files
C:\Users\Public\winscdvn.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[start explorer]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten


Alt 08.06.2010, 21:19   #6
Wombat44
 
Icq-Bild-Virus - Standard

Icq-Bild-Virus



Auf dem Destkop und in anderen Ordnern erschienen Destkop.ini Dateien. War das so gewollt, oder ist das nen schlechtes Omen? Wird es noch eine schwere Geburt?
Bin nun für heute mal weg, muss früh raus! Schonmal Danke bis hierher!

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9508125-4747-4733-b048-e4b82dc9716d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9508125-4747-4733-b048-e4b82dc9716d}\ not found.
No active process named winscdvn.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c9508125-4747-4733-b048-e4b82dc9716d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9508125-4747-4733-b048-e4b82dc9716d}\ not found.
Registry value HKEY_USERS\S-1-5-21-2172357726-1718783292-1392186010-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C9508125-4747-4733-B048-E4B82DC9716D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9508125-4747-4733-B048-E4B82DC9716D}\ not found.
File Reg Error: not found.
Registry value HKEY_USERS\S-1-5-21-2172357726-1718783292-1392186010-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Firewall Updates not found.
File C:\Users\Public\winscdvn.exe not found.
Unable to delete ADS C:\ProgramData\TEMP:FA5F15C4 .
Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
========== FILES ==========
File\Folder C:\Users\Public\winscdvn.exe not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: XXX
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: XXX
->Flash cache emptied: 439 bytes
 
User: Public
 
User: Standard
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: XXX
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10607933 bytes
->Java cache emptied: 26560956 bytes
->FireFox cache emptied: 26540406 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: XXX
->Temp folder emptied: 11770475 bytes
->Temporary Internet Files folder emptied: 1283500 bytes
->Java cache emptied: 70567364 bytes
->FireFox cache emptied: 34384946 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Standard
->Temporary Internet Files folder emptied: 32768 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 441702 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 174,00 mb
 
 
OTL by OldTimer - Version 3.2.5.3 log created on 06082010_221306

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 09.06.2010, 10:24   #7
markusg
/// Malware-holic
 
Icq-Bild-Virus - Standard

Icq-Bild-Virus



die kann man löschen.

erstelle und poste ein Malwarebytes log.

Alt 09.06.2010, 14:45   #8
Wombat44
 
Icq-Bild-Virus - Standard

Icq-Bild-Virus



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4183

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

09.06.2010 15:37:43
mbam-log-2010-06-09 (15-37-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 336663
Laufzeit: 1 Stunde(n), 18 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 09.06.2010, 14:47   #9
markusg
/// Malware-holic
 
Icq-Bild-Virus - Standard

Icq-Bild-Virus



bitte erstelle und poste ein combofix log.

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Alt 09.06.2010, 17:16   #10
Wombat44
 
Icq-Bild-Virus - Standard

Icq-Bild-Virus



Combofix

Code:
ATTFilter
ComboFix 10-06-08.05 - xxx 09.06.2010  17:55:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1919.1080 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Downloads\ComboFix.exe
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\xxx\AppData\Local\ykuykyw.dat
c:\users\xxx\AppData\Local\ykuykyw_nav.dat
c:\users\xxx\AppData\Local\ykuykyw_navps.dat
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif

.
(((((((((((((((((((((((   Dateien erstellt von 2010-05-09 bis 2010-06-09  ))))))))))))))))))))))))))))))
.

2010-06-09 16:00 . 2010-06-09 16:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-06-09 16:00 . 2010-06-09 16:00	--------	d-----w-	c:\users\xxx\AppData\Local\temp
2010-06-09 13:51 . 2010-06-09 13:53	--------	d-----w-	c:\program files\ICQ7.2
2010-06-08 20:07 . 2010-06-08 20:07	--------	d-----w-	C:\_OTL
2010-06-08 18:33 . 2010-06-08 18:33	--------	d-----w-	C:\rsit
2010-06-08 18:10 . 2010-06-08 18:10	--------	d-----w-	c:\program files\CCleaner
2010-05-26 14:13 . 2010-04-23 14:13	2048	----a-w-	c:\windows\system32\tzres.dll
2010-05-21 09:22 . 2010-05-21 09:22	7168	----a-w-	c:\programdata\Lexware\QuickSteuer Deluxe\2010\versionSteuerHtml.dll
2010-05-21 09:22 . 2010-05-21 09:22	7168	----a-w-	c:\programdata\Lexware\QuickSteuer Deluxe\2010\versionTaxAppData.dll
2010-05-21 09:22 . 2010-05-21 09:22	7168	----a-w-	c:\programdata\Lexware\QuickSteuer Deluxe\2010\Daten\versionTaxDB.dll
2010-05-21 08:37 . 2010-05-21 08:37	716800	----a-w-	c:\windows\system32\lxter20VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	69632	----a-w-	c:\windows\system32\PXTTool80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	557056	----a-w-	c:\windows\system32\zvkonline80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	4661248	----a-w-	c:\windows\system32\LxXtreme70VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	27648	----a-w-	c:\windows\system32\LXTPSW20VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	1347584	----a-w-	c:\windows\system32\LXTool80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	110592	----a-w-	c:\windows\system32\LxUISettings20Native.dll
2010-05-21 08:37 . 2010-05-21 08:37	323584	----a-w-	c:\windows\system32\LxImport80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	299008	----a-w-	c:\windows\system32\LXBtr80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	225280	----a-w-	c:\windows\system32\LxBasics80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	192512	----a-w-	c:\windows\system32\LXDasi80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37	135168	----a-w-	c:\windows\system32\LxMail30VC8.dll
2010-05-12 12:06 . 2010-01-29 15:40	738816	----a-w-	c:\windows\system32\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 15:05 . 2008-03-07 21:28	--------	d-----w-	c:\programdata\Google Updater
2010-06-09 12:08 . 2006-11-02 15:33	628210	----a-w-	c:\windows\system32\perfh007.dat
2010-06-09 12:08 . 2006-11-02 15:33	126850	----a-w-	c:\windows\system32\perfc007.dat
2010-06-08 18:39 . 2009-07-11 15:47	--------	d-----w-	c:\program files\Trend Micro
2010-06-08 18:17 . 2009-07-11 13:56	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-06-08 17:55 . 2007-09-21 07:38	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-06-08 17:14 . 2010-05-09 11:30	--------	d-----w-	c:\program files\ICQ7.0
2010-06-04 14:42 . 2009-07-11 20:53	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-05-29 11:01 . 2008-01-15 20:39	--------	d-----w-	c:\program files\Microsoft
2010-05-22 09:47 . 2007-09-21 12:41	--------	d-----w-	c:\program files\Google
2010-05-12 12:54 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-05-12 12:54 . 2007-09-21 10:04	--------	d-----w-	c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-10-03 10:13	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-09 11:26 . 2010-05-09 11:26	--------	d-----w-	c:\program files\ICQ6Toolbar
2010-05-09 11:26 . 2009-03-15 14:19	--------	d-----w-	c:\programdata\ICQ
2010-04-29 14:46 . 2008-03-08 00:10	--------	d-----w-	c:\program files\Java
2010-04-29 13:39 . 2009-07-11 13:56	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-07-11 13:56	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-12 15:29 . 2010-04-29 14:46	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-04-05 13:34 . 2010-04-05 13:34	680	----a-w-	c:\users\xxx\AppData\Local\d3d9caps.dat
2010-04-05 13:29 . 2008-11-22 17:56	110144	----a-w-	c:\users\xxxRef\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-30 21:14 . 2010-03-30 21:14	1232496	----a-w-	c:\programdata\Google\Google Toolbar\Component\GoogleCld_D9AEC8D4D1915047.dll
2010-03-29 11:03 . 2010-03-29 11:03	56978	----a-w-	c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-03-29 11:03 . 2010-03-29 11:03	56766	----a-w-	c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-03-29 11:03 . 2010-03-29 11:03	53600	----a-w-	c:\programdata\DivX\Update\Uninstaller.exe
2010-03-29 11:03 . 2010-03-29 11:03	57409	----a-w-	c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-03-29 11:03 . 2010-03-29 11:03	52963	----a-w-	c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-03-29 11:03 . 2010-03-29 11:03	54073	----a-w-	c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-03-29 10:59 . 2010-03-29 11:03	754984	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-03-22 09:36 . 2010-03-29 11:03	986904	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2008-10-21 12:19 . 2008-03-07 22:37	122880	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-04-17 08:30 . 2007-04-17 08:30	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2009-10-01 16:29	2166296	----a-w-	c:\program files\IObitCom\tbIObi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2009-12-31 10:53	2349080	----a-w-	c:\program files\DVDVideoSoft\tbDVDV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"SystemExplorer"="c:\program files\System Explorer\SystemExplorer.exe" [2008-08-25 1833472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-07 68856]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-06-09 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"GnabTray"="c:\program files\Common Files\Gnab\Service\GnabTray.exe" [2007-04-13 327680]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-09 198160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-07-30 176128]

c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 12:03	292128	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):28,f9,16,ce,4c,05,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
R4 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
R4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-21 29744]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-06-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-07 14:46]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:21]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:21]

2009-10-24 c:\windows\Tasks\NSSstub.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2009-09-22 05:33]

2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{1F89915D-5E81-4867-9ABF-51447C132B47}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]

2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{88D7508A-E19D-4251-9830-70FC4DCAA041}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{A103A693-F92C-4A81-8F7F-6C80799EFF3D} - c:\program files\Tomato\TubeDownload\TDIEPage.html
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
TCP: {F025EAFD-A26D-4098-A476-9699D0CA24BB} = 192.168.2.1
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\03ib11ez.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\03ib11ez.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\users\xxxAppData\Roaming\Mozilla\Firefox\Profiles\03ib11ez.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\03ib11ez.default\extensions\cfxHelper@Triton\components\dwmxpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{c9508125-4747-4733-b048-e4b82dc9716d} - (no file)
ActiveSetup-ccc-core-static - msiexec
AddRemove-ACRM1_is1 - f:\rescue master 2008\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 18:01
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2172357726-1718783292-1392186010-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:dc,d2,a4,19,a9,a9,09,cc,c9,e2,98,a6,e6,2f,7f,17,9a,2a,39,4e,d5,20,24,
   5e,4b,fa,43,f9,35,e3,b0,b4,af,4f,7a,94,03,44,c5,52,48,a6,15,10,cb,30,e7,f3,\
"??"=hex:49,93,a4,55,8a,40,8c,12,34,e1,0f,92,d5,d6,e0,4d

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-06-09  18:03:57
ComboFix-quarantined-files.txt  2010-06-09 16:03

Vor Suchlauf: 16 Verzeichnis(se), 292.939.489.280 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 292.875.378.688 Bytes frei

- - End Of File - - 5027EFCF028224B13BF367045EDFFEBE
         

Alt 09.06.2010, 17:22   #11
markusg
/// Malware-holic
 
Icq-Bild-Virus - Standard

Icq-Bild-Virus



öffne arbeitsplatz (mein computer)
c:
dort _otl rechtsklick wähle zu _otl.rar hinzufügen.
lad sie hier hoch.
http://www.trojaner-board.de/54791-a...ner-board.html


wie unter punkt 2
gib bescheid wenn fertig

Alt 09.06.2010, 17:32   #12
Wombat44
 
Icq-Bild-Virus - Standard

Icq-Bild-Virus



Ich hab Vista.
Ich soll auf C:\_OTL mit Rechtsklick und dann? Erklär mal bitte etwas genauer.

Edit: Dort ist nur zu _OTL.zip hinzufügen

Alt 09.06.2010, 17:36   #13
markusg
/// Malware-holic
 
Icq-Bild-Virus - Standard

Icq-Bild-Virus



dort solltest du "zu _otl.rar" hinzufügen auswählen, dann packt er das und du hast eine _otl.rar
und die lädst du, wie in dem link geschrieben, zu uns hoch.

Alt 09.06.2010, 17:49   #14
Wombat44
 
Icq-Bild-Virus - Standard

Icq-Bild-Virus



Ok hochgeladen. Hatte keinen Rar Entpacker!

Alt 09.06.2010, 17:53   #15
markusg
/// Malware-holic
 
Icq-Bild-Virus - Standard

Icq-Bild-Virus



nutze jetzt den ccleaner.
http://www.trojaner-board.de/51464-a...-ccleaner.html

wenn bereinigt, klicke extras, liste der instalierten programme, speichere die als txt ab.
öffnen, nun schreibst du hinter jedes benötigte programm, benötigt, hinter nicht benötigte unnötig und hinter unbekannte, unbekannt.
so sehen wir, was ein update braucht und was wir weg tun können. die liste posten.

Antwort

Themen zu Icq-Bild-Virus
antivir, antivir guard, avgntflt.sys, avira, bho, components, converter, desktop, device driver, diagnostics, excel, firefox, flash player, fontcache, gereinigt, gupdate, hdaudio.sys, hijack, hijackthis, hkus\s-1-5-18, home premium, hotfix.exe, install.exe, installation, iobit, link angeklickt, local\temp, logfile, mp3, msiexec.exe, nicht vorhanden, notepad.exe, object, office 2007, officejet, pop-up-blocker, programdata, registry, scan, security, security update, senden, software, staropen, start menu, svchost.exe, system, systemcare, updates, virus, virus entfernt, windows, windows-defender, windows-sicherheitscenterdienst, wscript.exe



Ähnliche Themen: Icq-Bild-Virus


  1. Ist das ein Virus oder etwas anderes? Mit Bild.
    Plagegeister aller Art und deren Bekämpfung - 03.05.2015 (11)
  2. Virus-Bluescreen-Piepen-kein bild
    Plagegeister aller Art und deren Bekämpfung - 20.10.2014 (3)
  3. Smilie Virus? Bild siehe Thread
    Plagegeister aller Art und deren Bekämpfung - 21.04.2014 (16)
  4. Virus als Bild oder TXT Datei verschicken? Möglich?
    Antiviren-, Firewall- und andere Schutzprogramme - 22.08.2013 (2)
  5. BKA/GVU Virus der mit Cam ein Bild macht
    Log-Analyse und Auswertung - 01.07.2013 (15)
  6. Schlangenlinien im Bild,Virus?
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (2)
  7. 2 Computer - Virus in Volume Control und Ungültiges Bild
    Log-Analyse und Auswertung - 15.08.2012 (1)
  8. studivz virus hey bist du das auf dem bild
    Plagegeister aller Art und deren Bekämpfung - 07.02.2011 (9)
  9. Icq virus / wie findest du das bild... usw
    Plagegeister aller Art und deren Bekämpfung - 09.11.2010 (16)
  10. Skype-Facebook-Bild-Virus
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (1)
  11. ICQ-Virus 'Schau dir das Bild mal an :D'
    Log-Analyse und Auswertung - 28.06.2010 (4)
  12. Bezüglich Topic: Icq Virus 'Schau dir das Bild mal an :D'
    Log-Analyse und Auswertung - 28.06.2010 (2)
  13. Icq Virus 'Schau dir das Bild mal an :D'
    Log-Analyse und Auswertung - 28.06.2010 (25)
  14. Auch ich habe den Bild Virus von ICQ
    Plagegeister aller Art und deren Bekämpfung - 09.06.2010 (3)
  15. Msn virus durch bild ... :(
    Plagegeister aller Art und deren Bekämpfung - 21.05.2010 (1)
  16. Bild bzw Rechner friert bei Datenübertragung via USB nach Virus ein!
    Alles rund um Windows - 25.01.2009 (0)
  17. Welcher Virus verursacht dieses Bild?
    Mülltonne - 26.10.2008 (0)

Zum Thema Icq-Bild-Virus - Guten Abend, als ich mich vorhing in ICQ einloggte, versendete der Rechner automatisch lauter Nachrichten alá "wie findest du dieses Bild?". Habe dann durch meinen Bruder erfahren, dass er solch - Icq-Bild-Virus...
Archiv
Du betrachtest: Icq-Bild-Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.