Internet Explorer öffnet sich von alleine und hat Werbeseiten

Kentala · 03.07.2010, 13:13

Hi,

habe scho mal ein bisschen im Forum rumgestöbert und den Malwarebytes angewende. Dazu habe ich auch schon die Berichte des OTL:

Ich hoffe jemand kann mir weiterhelfen.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4264

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

03.07.2010 13:49:27
mbam-log-2010-07-03 (13-49-27).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 278174
Time elapsed: 44 minute(s), 23 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
C:\Users\Marita\AppData\Local\Temp\Fv0.exe (Trojan.FraudPack) -> Failed to unload process.
C:\Users\Marita\AppData\Local\Temp\Fv1.exe (Trojan.FraudPack) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\QNB2EB90WX (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qnb2eb90wx (Trojan.FraudPack) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Marita\AppData\Local\Temp\Fv0.exe (Trojan.FraudPack) -> Delete on reboot.
C:\Users\Marita\AppData\Local\Temp\Fv1.exe (Trojan.FraudPack) -> Delete on reboot.
C:\Users\Marita\AppData\Local\Temp\ayho.exe (Malware.Gen) -> Quarantined and deleted successfully.
C:\Users\Marita\AppData\Local\Temp\Fvz.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Users\Marita\AppData\Local\Temp\~TMFF49.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Marita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sisytj32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Marita\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Marita\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Marita\AppData\Roaming\dhxiuw.dat (Malware.Trace) -> Quarantined and deleted successfully.

OTL logfile created on: 03.07.2010 14:04:48 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Marita\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18)
Locale: | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,51 Gb Total Space | 651,56 Gb Free Space | 71,48% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 5,73 Gb Free Space | 28,66% Space Free | Partition Type: FAT32
Drive E: | 2,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BÜRO-PC
Current User Name: Klaui
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Marita\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - c:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Users\Marita\AppData\Local\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE (WEB.DE GmbH)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Programme\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Trust\GM-4600 Gamer Mouse\Amoumain.exe ()
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\prevhost.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\AOL 9.0 VR\shellmon.exe (AOL, LLC.)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\AOL 9.0 VR\waol.exe (AOL, LLC.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Programme\Common Files\aol\1227803092\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)

========== Modules (SafeList) ==========

MOD - C:\Users\Marita\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (szserver) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)

========== Driver Services (SafeList) ==========

DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (szkgfs) -- C:\Windows\system32\drivers\szkgfs.sys (iS3, Inc.)
DRV - (szkg5) -- C:\Windows\system32\DRIVERS\szkg.sys (iS3 Inc.)
DRV - (is3srv) -- C:\Windows\system32\drivers\is3srv.sys (iS3 Inc.)
DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (Amusbprt) -- C:\Windows\System32\drivers\Amusbprt.sys ((Standard mouse types))
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (HPFXBULK) -- C:\Windows\System32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (Amfilter) -- C:\Windows\System32\drivers\Amfilter.sys ((Standard mouse types))
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2206084
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.0.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6
FF - prefs.js..extensions.enabledItems: {9d81af43-de53-48d0-a199-42c2a226b24c}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.27 14:17:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.27 14:17:24 | 000,000,000 | ---D | M]

[2009.01.11 17:22:49 | 000,000,000 | ---D | M] -- C:\Users\Klaui\AppData\Roaming\mozilla\Extensions
[2010.06.27 14:17:41 | 000,000,000 | ---D | M] -- C:\Users\Klaui\AppData\Roaming\mozilla\Firefox\Profiles\edr4v29y.default\extensions
[2009.11.13 15:12:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Klaui\AppData\Roaming\mozilla\Firefox\Profiles\edr4v29y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.26 15:54:44 | 000,000,000 | ---D | M] (Softonic Deutsch FF Toolbar) -- C:\Users\Klaui\AppData\Roaming\mozilla\Firefox\Profiles\edr4v29y.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2010.06.26 15:30:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Klaui\AppData\Roaming\mozilla\Firefox\Profiles\edr4v29y.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.05.29 10:26:26 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Klaui\AppData\Roaming\mozilla\Firefox\Profiles\edr4v29y.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.04.23 18:08:57 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Klaui\AppData\Roaming\mozilla\Firefox\Profiles\edr4v29y.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.06.26 15:30:33 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Klaui\AppData\Roaming\mozilla\Firefox\Profiles\edr4v29y.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.02.19 19:42:28 | 000,002,447 | ---- | M] () -- C:\Users\Klaui\AppData\Roaming\Mozilla\FireFox\Profiles\edr4v29y.default\searchplugins\bsplayer-search.xml
[2010.06.27 14:17:48 | 000,000,873 | ---- | M] () -- C:\Users\Klaui\AppData\Roaming\Mozilla\FireFox\Profiles\edr4v29y.default\searchplugins\conduit.xml
[2010.06.27 14:17:41 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.27 14:17:18 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.27 14:17:18 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.27 14:17:18 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.27 14:17:18 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.27 14:17:18 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.06.26 16:13:46 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Programme\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1227803092\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WheelMouse] C:\Programme\Trust\GM-4600 Gamer Mouse\Amoumain.exe ()
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Klaui\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} hxxp://iloapp.erziehungsfamilie.com/gallery/executable/IlosoftMultipleImageUpload.dll (IlosoftMultipleImageCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} hxxp://webc.erziehungsfamilie.com/auth/controls/IlosoftImageUpload.dll (IlosoftImageUploadCtl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{368c8bc3-c5d1-11dd-805d-00038a000015}\Shell\AutoRun\command - "" = J:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010.07.01 20:05:04 | 000,000,000 | ---D | C] -- C:\Users\Klaui\AppData\Roaming\Malwarebytes
[2010.07.01 20:04:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.01 20:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.01 20:04:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.01 20:04:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.01 19:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010.07.01 19:32:22 | 000,000,000 | ---D | C] -- C:\Programme\STOPzilla!
[2010.07.01 19:32:21 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\iS3
[2010.07.01 19:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010.06.27 09:43:40 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.06.27 09:43:40 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.06.27 09:43:37 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.06.27 09:43:35 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010.06.27 09:43:35 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010.06.26 15:54:45 | 000,000,000 | ---D | C] -- C:\Programme\Softonic_Deutsch_FF
[2010.06.26 15:54:40 | 000,000,000 | ---D | C] -- C:\Users\Klaui\Documents\FFOutput
[2010.06.26 15:54:20 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2010.06.26 15:54:02 | 000,000,000 | ---D | C] -- C:\Programme\FreeTime
[2010.06.26 15:30:35 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB
[2010.06.26 15:30:32 | 000,000,000 | ---D | C] -- C:\Users\Klaui\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.26 15:30:22 | 000,000,000 | ---D | C] -- C:\Users\Klaui\Documents\DVDVideoSoft
[2010.06.26 15:30:11 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.06.26 15:29:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.06.25 09:27:10 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.25 09:27:10 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.25 09:27:10 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.24 11:35:04 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.06.24 11:35:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.06.11 18:48:16 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2010.06.10 14:41:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.10 14:40:01 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.10 14:40:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.10 14:38:56 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.06.10 14:38:36 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.06.10 14:38:36 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.10 14:38:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.06.10 14:38:36 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.10 14:38:36 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.06.10 14:38:35 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.06.10 14:38:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.10 14:38:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.06.10 14:38:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.06.10 14:38:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.06.10 14:38:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.06.10 14:38:35 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.06.10 14:38:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.06.10 14:38:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.10 14:38:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.06.10 14:33:27 | 002,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2010.07.03 14:05:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BDB3077A-BAF7-4D6C-93DF-546DA1464041}.job
[2010.07.03 14:04:14 | 001,835,008 | -HS- | M] () -- C:\Users\Klaui\NTUSER.DAT
[2010.07.03 14:03:59 | 000,524,288 | -HS- | M] () -- C:\Users\Klaui\NTUSER.DAT{a4573a79-7471-11de-89d6-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010.07.03 14:03:59 | 000,065,536 | -HS- | M] () -- C:\Users\Klaui\NTUSER.DAT{a4573a79-7471-11de-89d6-00038a000015}.TM.blf
[2010.07.03 13:59:45 | 001,432,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.03 13:59:45 | 000,623,042 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.03 13:59:45 | 000,591,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.03 13:59:45 | 000,125,172 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.03 13:59:45 | 000,102,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.03 13:54:39 | 000,000,912 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010.07.03 13:52:43 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.03 13:52:35 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.03 13:52:35 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.03 13:52:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.03 13:52:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.03 13:52:26 | 3485,696,000 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.03 13:34:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.02 19:07:23 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C0FC1D0-4DBA-4089-9B1D-1D65ED8E2D37}.job
[2010.07.01 22:06:02 | 003,209,771 | -H-- | M] () -- C:\Users\Klaui\AppData\Local\IconCache.db
[2010.07.01 22:03:27 | 000,000,422 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010.07.01 22:03:27 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2030.DAT
[2010.07.01 22:02:30 | 376,253,218 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.07.01 20:04:26 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.01 19:35:34 | 002,736,128 | -H-- | M] () -- C:\SZKGFS.dat
[2010.06.30 10:14:28 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.06.26 16:13:46 | 000,000,822 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.06.26 15:54:15 | 000,000,995 | ---- | M] () -- C:\Users\Klaui\Desktop\Format Factory.lnk
[2010.06.26 15:30:30 | 000,001,036 | ---- | M] () -- C:\Users\Klaui\Desktop\DVDVideoSoft Free Studio.lnk
[2010.06.26 14:26:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.06.24 19:03:00 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010.06.12 17:42:58 | 000,000,774 | ---- | M] () -- C:\Users\Klaui\Desktop\Free Video Converter.lnk
[2010.06.12 11:50:01 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.11 18:48:27 | 000,000,832 | ---- | M] () -- C:\Users\Klaui\Desktop\JDownloader.lnk
[2010.06.11 09:09:56 | 000,402,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010.07.03 13:54:27 | 000,000,912 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010.07.01 22:01:50 | 376,253,218 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.07.01 20:04:26 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.01 19:35:34 | 002,736,128 | -H-- | C] () -- C:\SZKGFS.dat
[2010.06.26 15:54:15 | 000,000,995 | ---- | C] () -- C:\Users\Klaui\Desktop\Format Factory.lnk
[2010.06.26 15:30:24 | 000,001,036 | ---- | C] () -- C:\Users\Klaui\Desktop\DVDVideoSoft Free Studio.lnk
[2010.06.26 14:26:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.06.24 19:03:00 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010.06.11 18:48:27 | 000,000,832 | ---- | C] () -- C:\Users\Klaui\Desktop\JDownloader.lnk
[2010.04.13 18:42:35 | 008,676,883 | ---- | C] () -- C:\Windows\System32\mp3Media2.dll
[2010.04.13 18:14:07 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
[2009.12.12 19:03:29 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.12.12 19:03:29 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\1A7D8AF491.sys
[2008.11.28 17:00:29 | 000,000,422 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.10.20 10:35:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.10.17 17:15:05 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini
[2008.10.17 16:56:47 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2007.03.13 09:01:44 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Amhooker.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:25 | 001,197,056 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002.03.07 12:39:28 | 000,000,074 | ---- | C] () -- C:\Windows\logitrace_v12.ini

========== LOP Check ==========

[2009.02.19 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\Klaui\AppData\Roaming\BSplayer Pro
[2010.06.26 15:30:32 | 000,000,000 | ---D | M] -- C:\Users\Klaui\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.13 18:14:06 | 000,000,000 | ---D | M] -- C:\Users\Klaui\AppData\Roaming\FreeVideoConverter
[2009.01.11 15:50:11 | 000,000,000 | ---D | M] -- C:\Users\Klaui\AppData\Roaming\FRITZ!
[2008.11.27 17:02:07 | 000,000,000 | ---D | M] -- C:\Users\Klaui\AppData\Roaming\Template
[2010.03.28 17:45:53 | 000,000,000 | ---D | M] -- C:\Users\Klaui\AppData\Roaming\Uniblue
[2010.07.03 13:51:20 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008.10.20 11:35:07 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2010.07.02 19:07:23 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4C0FC1D0-4DBA-4089-9B1D-1D65ED8E2D37}.job
[2010.07.03 14:05:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BDB3077A-BAF7-4D6C-93DF-546DA1464041}.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 03.07.2010 14:04:48 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Marita\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,51 Gb Total Space | 651,56 Gb Free Space | 71,48% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 5,73 Gb Free Space | 28,66% Space Free | Partition Type: FAT32
Drive E: | 2,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BÜRO-PC
Current User Name: Klaui
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16F0F7F3-488C-4AA1-ABAB-22FAF3223912}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2472B9C8-63C8-4EC5-AC98-6C62067EE37D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37B9A5FE-3246-4EDD-96AB-97B4C5A4D7E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4E047B19-244D-4833-831D-477397A8FA67}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{57EC3D03-29F5-419B-8CF9-1B65371CCB5E}" = lport=137 | protocol=17 | dir=in | app=system |
"{5F4397CD-37C3-40E3-B0B1-7274D6F100F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{66553CF8-4017-4B4F-82C8-21BF2C2101B6}" = lport=138 | protocol=17 | dir=in | app=system |
"{6F4B8A58-F539-4ED4-92E2-2025BE39129C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72991C02-79FA-44A2-8707-15107B3B6258}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{89A1E4AE-EB30-47EF-BD41-655767E4AB06}" = rport=139 | protocol=6 | dir=out | app=system |
"{8E9CC25A-07EC-4DDA-AF78-CCC6054501D2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9D158C43-A477-4FDC-9A0D-28CA1359D33E}" = rport=137 | protocol=17 | dir=out | app=system |
"{BBB71A08-1F2A-4BAA-A210-DE3A591AA2C9}" = rport=445 | protocol=6 | dir=out | app=system |
"{C2B37ADD-C6A1-4CA8-A966-289D23C977A5}" = lport=445 | protocol=6 | dir=in | app=system |
"{C4D563A6-B44B-42DC-9401-C3D551E95FA2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C785CB76-D7A7-4639-9C54-15283B87CAA5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CFBA200B-1597-4DC7-B216-30A730C3A106}" = lport=139 | protocol=6 | dir=in | app=system |
"{DF16150A-2306-4C7C-98A6-EAC8886F24B5}" = rport=138 | protocol=17 | dir=out | app=system |
"{EA8B906F-9CCB-4B5F-BEA3-9D6D0288C080}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FBB2951E-7FC0-4D14-9EFC-2D129C9FACFC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C9571B-472A-49F9-96A4-7C9B92A5A195}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{0A36F63B-7C5D-43C4-84D8-CA7B36AC560E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0A7BC317-3FEA-47AF-85D6-0BD8AE7BF021}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{0EFF7527-4F0F-45D1-A5C0-2B0E4065E938}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{11F8B331-5C04-4892-896E-21895F26C2E9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{13417B26-833D-4DEA-AE27-64F3077868FF}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{229802F7-8228-40C0-BFD0-FCD78DBE4A41}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1227803092\ee\aolsoftware.exe |
"{2BC8FB88-0687-40C3-A27F-49EE217CA7E7}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{2C2E74A2-D96F-48DA-8108-4873693CCE58}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{310ECEC3-7B74-4397-9743-F16D50E33FBC}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{41929F63-E12F-4C06-B436-4CE45914752B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{42468B61-AFF8-4A4B-95E3-2C1E1F287A01}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{45309D49-E570-4F8B-8509-F5EBC2F6295C}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{48B85C0D-6027-42E8-B5CF-6D907616DA78}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1227803092\ee\aolsoftware.exe |
"{4E378E20-8A5B-42A8-80FC-B2DAB490E186}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{60D7F137-EDE0-437C-9F60-1C6270FECC32}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{676359AF-637E-4494-A455-EFE2C8567F36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{67FD3586-C46B-485F-BDD0-CBBD5D3B4182}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7505D012-FD0E-4E3B-9CDB-0F98E762E042}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{86D163A6-DF5D-4587-B47E-A24F199CB735}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{87BD6CB1-3420-40ED-828E-03D1282AB3FA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{971F723D-E217-476B-92EC-F53560FEEC1D}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{99B80A39-4611-470F-99DD-5ACB4C41DE56}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{9E2C6467-8919-4050-9D00-C351B0D9FD9E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A03193FB-EC21-424F-A35A-A47900260562}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{AEE7D93A-4657-4B22-8E4F-B8E58892BCDC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{B0AB0822-DB36-4C8F-B1A3-6EC9B86EDEC5}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{B1E62F7D-66EE-44CD-A157-ECDEF81CF233}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{B8BB21BB-DD5B-49BD-8AF7-10509C2A29FB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C26D8B14-A27E-4318-ADBD-8D9F44435B78}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{C6D9EC1C-D455-4DED-9E24-80212D69BB56}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C74F93DA-1B05-4650-8805-3CBD0AA7C1A3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{C98EEE85-A0EB-4F94-B5CC-0143C021C4DA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{CD54C93A-3D60-40D7-BAAF-902E7F578EC1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E88F956B-658D-46D6-9FA3-DC4370DBB257}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{EA561401-BF6A-4197-A382-4B9B84ADADED}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{EDF1163A-7745-43B8-B654-11E4067B9F90}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{F8FB2EF4-15A9-4C7A-A817-D4ACCEBB7F85}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{FE93BA81-9C21-4990-B52B-D15FAD12CC94}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"TCP Query User{2B4C224B-037F-4750-A005-6AD2B4BC9611}C:\program files\aol 9.0 vr\waol.exe" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"TCP Query User{3A4690A6-61AB-426E-88F5-8B4D414EECCC}C:\users\marita\appdata\local\web.de\web.de multimessenger\messengr.exe" = protocol=6 | dir=in | app=c:\users\marita\appdata\local\web.de\web.de multimessenger\messengr.exe |
"TCP Query User{4D909DE7-3F4A-4E6F-ACCB-F6E37F3C9621}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{988181FB-E43A-4EDE-A07E-35E1F8FCA7AA}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"TCP Query User{AE3557D9-1113-4966-8898-FE42341C7B61}C:\users\marita\appdata\local\web.de\web.de multimessenger\messengr.exe" = protocol=6 | dir=in | app=c:\users\marita\appdata\local\web.de\web.de multimessenger\messengr.exe |
"TCP Query User{DD62267F-412C-4816-A532-6AE1BC74C9B7}C:\users\marita\downloads\serial.koyote.free.video.converter.2.7.exe" = protocol=6 | dir=in | app=c:\users\marita\downloads\serial.koyote.free.video.converter.2.7.exe |
"UDP Query User{054D81DB-C1D1-47B7-97F7-7DF242084861}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{36543D18-25D9-4EC3-B1E4-5719841AD75A}C:\program files\aol 9.0 vr\waol.exe" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"UDP Query User{9DDFAE14-1C20-413E-98DF-654037106BEF}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{B0DC71B3-5E32-438A-A75F-B8A1066E31C3}C:\users\marita\appdata\local\web.de\web.de multimessenger\messengr.exe" = protocol=17 | dir=in | app=c:\users\marita\appdata\local\web.de\web.de multimessenger\messengr.exe |
"UDP Query User{C333D1F5-425E-4C9F-9328-7A618A5F1CD7}C:\users\marita\downloads\serial.koyote.free.video.converter.2.7.exe" = protocol=17 | dir=in | app=c:\users\marita\downloads\serial.koyote.free.video.converter.2.7.exe |
"UDP Query User{ECA47618-EFA0-42AB-B9B1-4E5AAF33DAD7}C:\users\marita\appdata\local\web.de\web.de multimessenger\messengr.exe" = protocol=17 | dir=in | app=c:\users\marita\appdata\local\web.de\web.de multimessenger\messengr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{223C0721-A6B0-4853-88C0-331029841734}" = HP Color LaserJet CP1510 Series 4.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{5079F5CA-210A-4C0C-9FBF-02CF77FB0EAC}" = NVIDIA PhysX v8.09.19
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7ADCEEA0-AC82-4360-AD6B-CCF01B66F9DB}" = hppusgCP1510
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_WORD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_WORD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_WORD_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9A9EB5FC-1155-497B-9AF9-D1AB20382B10}" = STOPzilla
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA4850F-7E20-40D7-A4C3-3697E7FA4A54}" = Intel(R) Network Connections 13.2.8.0
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C938308A-B386-48C8-98FE-AD4C56B52F07}" = Logitrace V12
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AOL Deinstallation" = AOL Deinstallation
"AOL Installations-Manager" = AOL Installations-Manager
"AOL Toolbar 4.0" =
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"eMule" = eMule
"FormatFactory" = FormatFactory 2.30
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free Video Converter_is1" = Free Video Converter V 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"Google Desktop" = Google Desktop
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder Audio Edition" = MediaCoder Audio Edition 0.7.3.4610
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PROSetDX" = Intel(R) Network Connections 13.2.8.0
"Rossmann Fotoservice_is1" = Rossmann Fotoservice
"Shop for HP Supplies" = Shop for HP Supplies
"Softonic_Deutsch_FF Toolbar" = Softonic_Deutsch_FF Toolbar
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"WheelMouse" = Trust GM-4600 Gamer Mouse
"WinGimp-2.0_is1" = GIMP 2.6.9
"WinRAR archiver" = WinRAR
"WORD" = Microsoft Office Word 2007
"X10Hardware" = X10 Hardware(TM)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20.05.2010 05:18:48 | Computer Name = Büro-PC | Source = WinMgmt | ID = 10
Description =

Error - 22.05.2010 03:11:32 | Computer Name = Büro-PC | Source = WinMgmt | ID = 10
Description =

Error - 24.05.2010 02:37:54 | Computer Name = Büro-PC | Source = WinMgmt | ID = 10
Description =

Error - 25.05.2010 05:45:19 | Computer Name = Büro-PC | Source = WinMgmt | ID = 10
Description =

Error - 25.05.2010 16:49:58 | Computer Name = Büro-PC | Source = WinMgmt | ID = 10
Description =

Error - 26.05.2010 00:05:34 | Computer Name = Büro-PC | Source = WinMgmt | ID = 10
Description =

Error - 27.05.2010 02:53:57 | Computer Name = Büro-PC | Source = WinMgmt | ID = 10
Description =

Error - 28.05.2010 02:25:31 | Computer Name = Büro-PC | Source = WinMgmt | ID = 10
Description =

Error - 29.05.2010 05:54:37 | Computer Name = Büro-PC | Source = WinMgmt | ID = 10
Description =

Error - 29.05.2010 11:08:19 | Computer Name = Büro-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_stisvc, Version 6.0.6001.18000,
Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel
0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x72452074, Prozess-ID 0xa00,
Anwendungsstartzeit 01caff14bf2eb1c5.

[ OSession Events ]
Error - 02.07.2009 16:43:44 | Computer Name = Büro-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 29680
seconds with 540 seconds of active time. This session ended with a crash.

Error - 15.01.2010 18:31:20 | Computer Name = Büro-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 45917
seconds with 1800 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 01.07.2010 16:05:41 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 02.07.2010 05:55:54 | Computer Name = Büro-PC | Source = HTTP | ID = 15016
Description =

Error - 02.07.2010 05:58:11 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 02.07.2010 05:58:11 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 02.07.2010 10:56:51 | Computer Name = Büro-PC | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Renos.JW&threatid=2147629817

User:
NT-AUTORITÄT\SYSTEM Name: TrojanDownloader:Win32/Renos.JW ID: 2147629817 Severity:
Severe Category: Trojan Downloader Path: Action: %%808 Error Code: 0x80508023 Error
description: The program could not find the spyware and other potentially unwanted
software on this computer. Status: Signature Version: AV: 1.85.1178.0, AS: 1.85.1178.0

Engine
Version: 1.1.5902.0

Error - 03.07.2010 02:41:21 | Computer Name = Büro-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.1178.0 Update Source: %%859 Update Stage:
%%854 Source Path: hxxp://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error
code: 0x80070643 Error description: Schwerwiegender Fehler bei der Installation.

Error - 03.07.2010 02:41:38 | Computer Name = Büro-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 03.07.2010 07:52:34 | Computer Name = Büro-PC | Source = HTTP | ID = 15016
Description =

Error - 03.07.2010 07:54:12 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 03.07.2010 07:54:12 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

cosinus · 03.07.2010, 16:07

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O33 - MountPoints2\{368c8bc3-c5d1-11dd-805d-00038a000015}\Shell\AutoRun\command - "" = J:\setupSNK.exe -- File not found
[2010.07.03 13:54:27 | 000,000,912 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010.07.01 22:03:27 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2030.DAT
[2010.07.01 19:35:34 | 002,736,128 | -H-- | M] () -- C:\SZKGFS.dat
[2009.12.12 19:03:29 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\1A7D8AF491.sys
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Internet Explorer öffnet sich von alleine und hat Werbeseiten

Log-Analyse und Auswertung: Internet Explorer öffnet sich von alleine und hat Werbeseiten

Internet Explorer öffnet sich von alleine und hat Werbeseiten

Internet Explorer öffnet sich von alleine und hat Werbeseiten

Ähnliche Themen: Internet Explorer öffnet sich von alleine und hat Werbeseiten