Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.BHO löschen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.09.2010, 20:44   #1
trojanerin
 
Trojan.BHO löschen - Standard

Trojan.BHO löschen



Hallo,

hab mir blöderweise den Trojan.BHO eingefangen.

Malwarebytes zeigte mir drei Einträge (siehe mbam-log-2010-09-26 (08-20-47).txt ). 2 in der Registry und eine infizierte Datei.

In Internet (Forum Avira) gab es den Hinweis, die ICQ Toolbar zu deinstallieren. Das habe ich gemacht.
Die infizierte Datei ist nun weg, die Einträge in der Registry sind leider immer noch da, siehe das log von Malwarebytes (mbam-log-2010-09-26 (18-37-55).txt).

Hat jemand eine Idee, wie ich den Rechner sauber bekommen kann?

Danke!!!!!!

Viele Grüße
Trojanerin
Angehängte Dateien
Dateityp: txt mbam-log-2010-09-26 (18-37-55).txt (1,1 KB, 200x aufgerufen)
Dateityp: txt mbam-log-2010-09-26 (08-20-47).txt (1,1 KB, 187x aufgerufen)

Alt 27.09.2010, 23:49   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.BHO löschen - Standard

Trojan.BHO löschen



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 28.09.2010, 20:38   #3
trojanerin
 
Trojan.BHO löschen - Standard

Trojan.BHO löschen



Hallo Arne,

hier das log:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 9/28/2010 8:22:35 PM - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Marit\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,013.00 Mb Total Physical Memory | 131.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.56 Gb Total Space | 29.77 Gb Free Space | 28.20% Space Free | Partition Type: NTFS
Drive D: | 6.23 Gb Total Space | 2.31 Gb Free Space | 37.03% Space Free | Partition Type: NTFS
Drive E: | 4.21 Gb Total Space | 4.21 Gb Free Space | 100.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARIT-PC
Current User Name: Administrator_1
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Marit\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Marit\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.dll File not found
SRV - (Net Driver HPZ12) -- C:\Windows\System32\HPZinw12.dll File not found
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (HRService) -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe ()
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\DRIVERS\snpstd3.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (QCDonner) Labtec WebCam(PID_0840) -- C:\Windows\System32\drivers\lvcd.sys (Labtec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Notebook | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP Notebook | MSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = go.web.de/homehxxp://start.icq.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "1und1 Suche"
FF - prefs.js..browser.search.order.3: "amazon.de"
FF - prefs.js..browser.search.order.4: "WEB.DE Suche"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.web.de"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}:5.0.16
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {a82d0125-000a-4a57-abbc-5d4b0dbaab54}:1.5
FF - prefs.js..keyword.URL: "hxxp://go.web.de/suchbox/webdesuche?su="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/22 23:58:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/10 17:14:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/08 20:09:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2009/06/22 08:04:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Extensions
[2010/01/23 00:00:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions
[2009/11/29 12:24:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/04/15 10:17:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/26 21:01:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/22 23:59:20 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010/01/22 23:59:19 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2010/01/05 21:29:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Sunbird\Profiles\5shfxuur.default\extensions
[2010/01/23 00:00:18 | 000,005,599 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\1und1-suche.xml
[2010/01/23 00:00:17 | 000,001,381 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\amazonde.xml
[2010/01/23 00:00:17 | 000,010,613 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\gmx-suche.xml
[2008/05/28 08:57:47 | 000,000,950 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-1.xml
[2008/04/15 10:16:19 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-2.xml
[2008/04/15 10:19:43 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-3.xml
[2008/05/28 08:47:38 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-4.xml
[2009/11/29 12:24:45 | 000,000,950 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-5.xml
[2008/03/31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.gif
[2008/03/31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.src
[2009/07/13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.xml
[2009/07/26 21:01:08 | 000,001,632 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\live-search.xml
[2010/01/23 00:00:17 | 000,005,596 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\webde-suche.xml
[2010/09/26 09:39:11 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007/10/29 11:12:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/26 21:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/01/22 23:58:30 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010/01/22 23:58:30 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2009/06/22 08:04:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
[2008/08/30 23:10:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008/08/30 23:10:16 | 000,002,642 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008/08/30 23:10:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2008/08/30 23:10:16 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2008/08/30 23:10:16 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programme\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} Seite nicht gefunden | Facebook (Facebook Photo Uploader 5 Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldes-es.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldes-es.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/09/25 21:03:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator_1\AppData\Roaming\Malwarebytes
[2010/09/25 21:01:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/25 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/25 21:00:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/25 20:58:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/09/25 20:16:19 | 000,000,000 | ---D | C] -- C:\Programme\Trojancheck 6
[2010/09/25 19:59:00 | 000,000,000 | ---D | C] -- C:\Programme\AVG
[2010/09/16 15:08:08 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/09/28 20:30:20 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/28 20:30:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{31F8CAE6-055C-43D5-B8F6-50CBD77521FE}.job
[2010/09/28 20:22:15 | 001,572,864 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat
[2010/09/28 20:21:57 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat{afbd2641-863b-11dd-bcdd-ebf3f1ad6977}.TMContainer00000000000000000002.regtrans-ms
[2010/09/28 20:21:57 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat{afbd2641-863b-11dd-bcdd-ebf3f1ad6977}.TM.blf
[2010/09/28 20:13:01 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/09/28 20:11:18 | 000,032,768 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/09/28 20:11:07 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/28 20:10:43 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/28 20:10:42 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/28 20:10:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/28 20:10:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/28 20:10:22 | 1063,280,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/27 13:33:03 | 001,525,290 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/27 13:33:03 | 000,663,300 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/09/27 13:33:03 | 000,624,056 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/27 13:33:03 | 000,135,254 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/09/27 13:33:03 | 000,111,432 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/25 18:52:23 | 588,990,017 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/04/09 22:57:34 | 000,000,607 | ---- | C] () -- C:\Windows\wiso.ini
[2010/01/18 11:12:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/29 11:47:14 | 000,015,872 | ---- | C] () -- C:\Windows\System32\vtssm32.dll
[2008/12/23 21:53:22 | 000,000,600 | ---- | C] () -- C:\Users\Administrator_1\AppData\Roaming\winscp.rnd
[2008/12/06 16:23:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2008/11/28 19:30:41 | 000,000,680 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\d3d9caps.dat
[2008/09/16 22:15:54 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2008/09/16 22:15:54 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll
[2008/09/16 22:15:53 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll
[2008/08/29 14:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/10/28 19:43:53 | 000,004,608 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/13 19:32:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\QSwitch.txt
[2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\DSwitch.txt
[2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\AtStart.txt
[2007/07/05 08:08:18 | 000,004,179 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/05/31 13:14:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/05/31 12:49:06 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/02/27 22:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 08:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 08:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/12/10 15:52:04 | 000,409,600 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC8.dll
[2006/11/04 03:58:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/19 17:37:58 | 000,015,852 | ---- | C] () -- C:\Windows\System32\SETUP.INI
[2006/09/29 15:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2006/09/24 21:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2006/09/24 21:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2006/09/21 13:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll
[2006/09/21 13:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll
[2006/09/21 13:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll
[2005/11/09 12:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll
[2005/11/09 12:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll
[2005/11/09 12:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll
[2001/10/10 09:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll
[2001/10/10 09:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll
[2001/03/07 09:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
< End of report >
         
--- --- ---

Viele Grüße
Martin
__________________

Alt 28.09.2010, 22:03   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.BHO löschen - Standard

Trojan.BHO löschen



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe File not found
O32 - AutoRun File - [2005/09/11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.09.2010, 21:25   #5
trojanerin
 
Trojan.BHO löschen - Standard

Trojan.BHO löschen



Hallo Arne,

hier das Logfile, das ich bekommen habe, nachdem der Rechner neu gestartet ist:



All processes killed
========== OTL ==========
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\System32\drivers\blbdrive.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NapsterShell deleted successfully.
D:\AUTOMODE moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator_1
->Temp folder emptied: 1182790492 bytes
->Temporary Internet Files folder emptied: 96274306 bytes
->Java cache emptied: 13689524 bytes
->FireFox cache emptied: 5393012 bytes
->Flash cache emptied: 704 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mami
->Temp folder emptied: 2713688 bytes
->Temporary Internet Files folder emptied: 11188384 bytes
->FireFox cache emptied: 91749953 bytes
->Flash cache emptied: 680 bytes

User: Marit
->Temp folder emptied: 892233235 bytes
->Temporary Internet Files folder emptied: 528300447 bytes
->Java cache emptied: 12919479 bytes
->FireFox cache emptied: 47003853 bytes
->Flash cache emptied: 13533701 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 24270 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 703353790 bytes
RecycleBin emptied: 1724656018 bytes

Total Files Cleaned = 5,079.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 09292010_204010

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





Gruß
Martin


Alt 30.09.2010, 16:01   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.BHO löschen - Standard

Trojan.BHO löschen



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> Trojan.BHO löschen

Alt 30.09.2010, 21:48   #7
trojanerin
 
Trojan.BHO löschen - Standard

Trojan.BHO löschen



Hallo Arne,

hier das log von Combofix:


Combofix Logfile:
Code:
ATTFilter
ComboFix 10-09-30.01 - Administrator_1 30.09.2010  20:54:40.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.49.1031.18.1013.242 [GMT 2:00]
ausgeführt von:: c:\users\Marit\Desktop\cofi.exe.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\setup.ini

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-28 bis 2010-09-30  ))))))))))))))))))))))))))))))
.

2010-09-30 18:37 . 2010-09-30 18:45	--------	d-----w-	c:\program files\CCleaner
2010-09-29 18:40 . 2010-09-29 18:40	--------	d-----w-	C:\_OTL
2010-09-26 05:42 . 2010-09-26 05:42	--------	d-----w-	c:\users\Marit\AppData\Roaming\Malwarebytes
2010-09-25 19:03 . 2010-09-25 19:03	--------	d-----w-	c:\users\Administrator_1\AppData\Roaming\Malwarebytes
2010-09-25 19:01 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-25 19:01 . 2010-09-25 19:01	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-25 19:00 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-25 18:58 . 2010-09-25 19:02	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-25 18:16 . 2010-09-26 07:40	--------	d-----w-	c:\program files\Trojancheck 6
2010-09-25 17:59 . 2010-09-25 17:59	--------	d-----w-	c:\program files\AVG
2010-09-16 13:08 . 2010-04-16 16:10	501760	----a-w-	c:\windows\system32\usp10.dll
2010-09-16 13:08 . 2010-08-17 13:32	126464	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-16 13:08 . 2010-04-05 16:08	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2010-09-16 13:08 . 2010-05-27 19:16	738816	----a-w-	c:\windows\system32\inetcomm.dll
2010-09-08 18:14 . 2010-06-20 02:21	214016	----a-w-	c:\users\Marit\AppData\Roaming\Thunderbird\Profiles\kr2fu9cv.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 18:29 . 2008-07-09 20:09	--------	d-----w-	c:\users\Marit\AppData\Roaming\OpenOffice.org2
2010-09-30 13:34 . 2007-07-05 06:11	--------	d-----w-	c:\program files\Google
2010-09-30 12:28 . 2006-11-02 10:25	51200	----a-w-	c:\windows\Inf\infpub.dat
2010-09-30 12:28 . 2006-11-02 10:25	143360	----a-w-	c:\windows\Inf\infstrng.dat
2010-09-27 11:33 . 2006-11-02 15:38	663300	----a-w-	c:\windows\system32\perfh007.dat
2010-09-27 11:33 . 2006-11-02 15:38	135254	----a-w-	c:\windows\system32\perfc007.dat
2010-09-26 07:48 . 2008-05-18 17:45	--------	d-----w-	c:\program files\LyX15
2010-09-26 07:46 . 2007-07-05 04:58	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-09-26 07:46 . 2008-11-27 13:25	--------	d-----w-	c:\program files\Xpress2008A
2010-09-26 07:43 . 2008-11-15 11:14	--------	d-----w-	c:\programdata\Lavasoft
2010-09-25 09:00 . 2008-05-18 17:49	--------	d-----w-	c:\users\Marit\AppData\Roaming\lyx15
2010-09-16 20:00 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-09-08 18:09 . 2008-12-23 15:17	--------	d-----w-	c:\users\Marit\AppData\Roaming\Thunderbird
2010-09-08 18:09 . 2008-12-23 15:15	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-09-06 11:28 . 2008-04-15 08:15	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-09-05 21:49 . 2008-01-16 10:12	--------	d-----w-	c:\users\Marit\AppData\Roaming\ICQ
2010-09-05 21:49 . 2010-01-18 08:57	--------	d-----w-	c:\users\Marit\AppData\Roaming\Skype
2010-09-05 20:27 . 2008-01-04 19:58	--------	d-----w-	c:\users\Marit\AppData\Roaming\ChessBase
2010-09-05 14:50 . 2010-01-18 09:11	--------	d-----w-	c:\users\Marit\AppData\Roaming\skypePM
2010-08-30 13:02 . 2010-08-10 15:18	--------	d-----w-	c:\users\Administrator_1\AppData\Roaming\Skype
2010-08-10 15:14 . 2010-03-09 11:11	--------	d-----w-	c:\programdata\NOS
2007-10-27 19:35 . 2007-10-27 19:35	22	--sha-w-	c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-05 149280]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-12-04 366592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"UCam_Menu"="c:\program files\\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\Marit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2008-12-15 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1623168461-2455287914-1741078707-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 135664]
R3 HRService;Haufe iDesk-Service in c:\program files\Haufe\iDesk\iDeskService\Zope;c:\program files\Haufe\iDesk\iDeskService\iDeskService.exe [2007-09-07 71208]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-03-17 30560]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23	452136	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 09:12]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 09:12]

2010-09-30 c:\windows\Tasks\User_Feed_Synchronization-{31F8CAE6-055C-43D5-B8F6-50CBD77521FE}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.web.de
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
FF - ProfilePath - c:\users\Administrator_1\AppData\Roaming\Mozilla\Firefox\Profiles\papmkgx9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.web.de
FF - prefs.js: keyword.URL - hxxp://go.web.de/suchbox/webdesuche?su=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("general.useragent.extra.cck", "(WEB.DE)");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-30 21:15
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 


c:\users\ADMINI~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-30  21:24:13
ComboFix-quarantined-files.txt  2010-09-30 19:24

Vor Suchlauf: 17 Verzeichnis(se), 36.995.567.616 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 37.208.956.928 Bytes frei

- - End Of File - - 39CBD109B88182CA0DA899A0DC35F584
         
--- --- ---





Viele Grüße
Martin

Alt 01.10.2010, 08:55   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.BHO löschen - Standard

Trojan.BHO löschen



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.10.2010, 21:05   #9
trojanerin
 
Trojan.BHO löschen - Standard

Trojan.BHO löschen



Hallo Arne,

GMER ist abgestürzt.

Hier sind die logs von OSAM als html

HTML-Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Report of OSAM: Autorun Manager v5.0.11926.0</title>
<style type="text/css">
body
{
    margin                    : 10px 10px 10px 20px;
    color                     : #000000;
    background-color          : #fffbf0;
    font                      : 10pt Tahoma, Verdana, Arial, Helvetica, sans-serif;
    scrollbar-3dlight-color   : #fffbf0;
    scrollbar-arrow-color     : #000000;
    scrollbar-darkshadow-color: #000000;
    scrollbar-face-color      : #fffbf0;
    scrollbar-highlight-color : #000000;
    scrollbar-shadow-color    : #fffbf0;
    scrollbar-track-color     : #fffbf0;
}
a:link
{
    color: #e15616;
}
a:visited 
{
    color: #e15616;
}
a:hover
{
    color: #e4743f;
}
a:active
{
    color: #e4743f;
}
.header1
{
    font-size  : 115%;
    font-weight: bold;
    margin-left: 0px;
}
table
{
    border-collapse: collapse;
    border         : 1px solid #000000;
    cellpadding    : 0;
    cellspacing    : 0;
    width          : 90%;
}
td,th
{
    font-size     : 12px;
    color         : #000000;
    background    : #fffbf0;
    border        : 1px solid #000000;
    text-align    : left;
    vertical-align: top;
    padding       : 2px 4px 2px 4px;
}
.cap
{
    font-weight: bold;
    font-size  : 10pt;
    padding    : 2px 4px 2px 4px;
    border     : 1px solid #000000;
}
.group
{
    font-weight: bold;
    font-size  : 10pt;
    padding    : 2px 4px 2px 4px;
    text-align : center;
}
.reg
{
    font-weight: bold;
    font-size  : 10pt;
    border     : 0px none;
    padding    : 2px 4px 2px 4px;
}
.notfound
{
    background-color: #B3DDFF;
}
.blocked
{
    background-color: #FF96EB;
}
.nodetails
{
    background-color: #FFFF75;
}
.trusted
{
    background-color: #C8FFC8;
}
.rootkit
{
    background-color: #FF8696;
}
td.rs { text-align: center; vertical-align: center; font-family: courier; }
td.rs.rm { background: #F90424; title: "Malware"; }
td.rs.ri { background: #F90424; title: "Infected"; color: #21F411; }
td.rs.rw { background: #F90424; title: "Unwanted"; }
td.rs.rs { background: #F90424; title: "Suspicious"; }
td.rs.rt { background: #21F411; title: "Trusted"; }
td.rs.rc { background: #21F411; title: "Checked"; }
td.rs.ry { background: #21F411; title: "Up-to-You"; }
td.rs.rr { background: #F6EB13; title: "Riskware"; }
td.rs.ru { background: #D4D0C8; title: "Unknown"; }
td.rs.rn { background: #FFFFFF; title: "Not checked"; }
</style>
</head>
<body>
<p><span class="header1">Report of OSAM: Autorun Manager v5.0.11926.0</span><br>
<a href="hxxp://www.online-solutions.ru/en/" target="_blank">hxxp://www.online-solutions.ru/en/</a><br>
Saved at 20:48:27 on 01.10.2010</p>
<b>OS</b>: Windows Vista Home Basic Edition Service Pack 1 (Build 6001), 32-bit<br>

<b>Default Browser</b>: Mozilla Corporation Firefox 3.5.7<br>
<br><b>Scanner Settings</b><br>
<input type="checkbox" disabled checked>Rootkits detection (hidden registry)<br>
<input type="checkbox" disabled checked>Rootkits detection (hidden files)<br>
<input type="checkbox" disabled checked>Retrieve files information<br>
<input type="checkbox" disabled checked>Check Microsoft signatures<br>
<br><b>Filters</b><br>
<input type="checkbox" disabled>Trusted entries<br>

<input type="checkbox" disabled>Empty entries<br>
<input type="checkbox" disabled checked>Hidden registry entries (rootkit activity)<br>
<input type="checkbox" disabled checked>Exclusively opened files<br>
<input type="checkbox" disabled checked>Not found files<br>
<input type="checkbox" disabled checked>Files without detailed information<br>
<input type="checkbox" disabled checked>Existing files<br>
<input type="checkbox" disabled>Non-startable services<br>
<input type="checkbox" disabled>Non-startable drivers<br>
<input type="checkbox" disabled checked>Active entries<br>

<input type="checkbox" disabled checked>Disabled entries<br>
<br>
<table border="1" cellpadding="0" cellspacing="0">
<tr>
<th class="cap" width="20">&nbsp;</th>
<th class="cap">Risk</th>
<th class="cap">Name</th>
<th class="cap">Publisher</th>
<th class="cap">Full Path</th>
<th class="cap">Status</th>
</tr>

<tr>
<td class="group" colspan="6">Common</td>
</tr>
<tr>
<td class="reg" colspan="6">%SystemRoot%\Tasks</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"GoogleUpdateTaskMachineCore.job"</td>
<td>"Google Inc."</td>
<td>C:\Program Files\Google\Update\GoogleUpdate.exe</td>

<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"GoogleUpdateTaskMachineUA.job"</td>
<td>"Google Inc."</td>
<td>C:\Program Files\Google\Update\GoogleUpdate.exe</td>
<td>File exists</td>
</tr>
<tr>

<td class="group" colspan="6">Drivers</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"catchme" (catchme)</td>
<td class="notfound"></td>
<td class="notfound">C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys</td>
<td class="notfound">File not found</td>

</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Cisco Systems Inc. IPSec Driver" (CVPNDRVA)</td>
<td>"Cisco Systems, Inc."</td>
<td>C:\Windows\system32\Drivers\CVPNDRVA.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>

<td>"FssFltr" (fssfltr)</td>
<td>"Microsoft Corporation"</td>
<td>C:\Windows\System32\DRIVERS\fssfltr.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"IP in IP Tunnel Driver" (IpInIp)</td>
<td class="notfound"></td>
<td class="notfound">C:\Windows\System32\DRIVERS\ipinip.sys</td>

<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"IPX Traffic Filter Driver" (NwlnkFlt)</td>
<td class="notfound"></td>
<td class="notfound">C:\Windows\System32\DRIVERS\nwlnkflt.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>

<td class="notfound">"IPX Traffic Forwarder Driver" (NwlnkFwd)</td>
<td class="notfound"></td>
<td class="notfound">C:\Windows\System32\DRIVERS\nwlnkfwd.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"PxHelp20" (PxHelp20)</td>
<td>"Sonic Solutions"</td>
<td>C:\Windows\System32\Drivers\PxHelp20.sys</td>

<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"USB PC Camera (SNPSTD3)" (SNPSTD3)</td>
<td class="notfound"></td>
<td class="notfound">C:\Windows\System32\DRIVERS\snpstd3.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="group" colspan="6">Explorer</td>

</tr>
<tr>
<td class="reg" colspan="6">HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Carpetas Web"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL</td>
<td>File exists</td>

</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel"</td>
<td>"Hewlett-Packard Company"</td>
<td>"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"</td>
<td>File exists</td>

</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Classes\Folder\shellex\ColumnHandlers</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension"</td>
<td>"Adobe Systems, Inc."</td>
<td>C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll</td>
<td>File exists</td>

</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class"</td>
<td>"Tracker Software Products Ltd."</td>
<td>C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>

<td>{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"</td>
<td></td>
<td>C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Classes\Protocols\Handler</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class"</td>

<td>"Skype Technologies"</td>
<td>C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{828030A1-22C1-4009-854F-8E305202313F} "livecall"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL</td>

<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll</td>
<td>File exists</td>
</tr>
<tr>

<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{828030A1-22C1-4009-854F-8E305202313F} "msnim"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler"</td>

<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Windows Live\Mail\mailcomm.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"</td>
<td class="notfound"></td>

<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>

</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension"</td>
<td>"Igor Pavlov"</td>
<td>C:\Program Files\7-Zip\7-zip.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>

<td class="notfound">{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>

<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Windows Live\Mail\mailcomm.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder"</td>

<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>

<td class="rs rt">||||||</td>
<td>{0006F045-0000-0000-C000-000000000046} "Extensión de iconos de archivo de Outlook"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist"</td>
<td class="notfound"></td>

<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll</td>
<td>File exists</td>
</tr>

<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>

<td>{00020d75-0000-0000-c000-000000000046} "Microsoft Outlook"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\MICROS~3\Office\MLSHEXT.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler"</td>
<td></td>
<td>C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll</td>

<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler"</td>
<td></td>
<td>C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>

<td class="rs rt">||||||</td>
<td>{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler"</td>
<td></td>
<td>C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer"</td>
<td></td>

<td>C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider"</td>
<td>"Tracker Software Products Ltd."</td>
<td>C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll</td>
<td>File exists</td>

</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler"</td>
<td>"Tracker Software Products Ltd."</td>
<td>C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>

<td>{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider"</td>
<td>"Tracker Software Products Ltd."</td>
<td>C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>

</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning"</td>
<td class="notfound"></td>

<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF"</td>
<td>"XSS"</td>
<td>C:\Windows\System32\ShellvRTF.dll</td>
<td>File exists</td>
</tr>

<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>

<td>{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim"</td>
<td>"Microsoft Corporation"</td>

<td>C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll</td>
<td>File exists</td>

</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>

<td>{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim"</td>
<td>"Microsoft Corporation"</td>

<td>C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>

<td class="rs rt">||||||</td>
<td>{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}"</td>
<td class="notfound"></td>

<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="group" colspan="6">Internet Explorer</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td><binary data> "&Windows Live Toolbar"</td>

<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Windows Live\Toolbar\wltcore.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound"><binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>

</tr>
<tr>
<td class="reg" colspan="6">HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"{855F3B16-6D32-4fe6-8A56-BBB695989046}"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>

<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{0CCA191D-13A6-4E29-B746-314DEE697D83} "Facebook Photo Uploader 5 Control"<br>hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab</td>

<td>"The Facebook"</td>
<td>C:\Windows\Downloaded Program Files\PhotoUploader5.ocx</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control"<br>hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab</td>
<td>"The Facebook"</td>
<td>C:\Windows\Downloaded Program Files\PhotoUploader55.ocx</td>

<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab</td>
<td>"Sun Microsystems, Inc."</td>
<td>C:\Program Files\Java\jre6\bin\jp2iexp.dll</td>
<td>File exists</td>
</tr>

<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab</td>
<td>"Sun Microsystems, Inc."</td>
<td>C:\Program Files\Java\jre6\bin\jp2iexp.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>

<td>{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab</td>
<td>"Sun Microsystems, Inc."</td>
<td>C:\Program Files\Java\jre6\bin\jp2iexp.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab</td>

<td>"Sun Microsystems, Inc."</td>
<td>C:\Program Files\Java\jre6\bin\jp2iexp.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab</td>
<td>"Sun Microsystems, Inc."</td>
<td>C:\Program Files\Java\jre6\bin\npjpi160_17.dll</td>

<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class"<br>hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab</td>
<td>"Microsoft Corporation"</td>
<td>C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll</td>
<td>File exists</td>
</tr>

<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool"<br>hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldes-es.cab</td>
<td>"Microsoft® Corporation"</td>
<td>C:\Windows\Downloaded Program Files\MsnPUpld.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>

<td>{E77F23EB-E7AB-4502-8F37-247DBAF1A147} "Windows Live Hotmail Photo Upload Tool"<br>hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldes-es.cab</td>
<td>"Microsoft® Corporation"</td>
<td>C:\Windows\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}"<br>hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab</td>
<td class="notfound"></td>

<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "Agregar entrada"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll</td>

<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"PDFill PDF Editor"</td>
<td>"PlotSoft LLC"</td>
<td>C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe</td>
<td>File exists</td>
</tr>
<tr>

<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td><binary data> "&Windows Live Toolbar"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Windows Live\Toolbar\wltcore.dll</td>
<td>File exists</td>

</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>

<td class="rs rt">||||||</td>
<td>{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader"</td>
<td>"Adobe Systems Incorporated"</td>
<td>C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper"</td>

<td>"Sun Microsystems, Inc."</td>
<td>C:\Program Files\Java\jre6\bin\jp2ssv.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rc">||&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll</td>

<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll</td>
<td>File exists</td>
</tr>
<tr>

<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} "Windows Live Family Safety Browser Helper Class"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Windows Live\Family Safety\fssbho.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper"</td>

<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Windows Live\Toolbar\wltcore.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{055FD26D-3A88-4e15-963D-DC8493744B1D} "{055FD26D-3A88-4e15-963D-DC8493744B1D}"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>

<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="group" colspan="6">Logon</td>
</tr>
<tr>
<td class="reg" colspan="6">%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup</td>

</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"desktop.ini"</td>
<td></td>
<td>C:\Users\Administrator_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup</td>
</tr>

<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"desktop.ini"</td>
<td></td>
<td>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Microsoft Office.lnk"</td>

<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Microsoft Office\Office\OSA9.EXE</td>
<td>Shortcut exists | File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"VPN Client.lnk"</td>
<td>"Cisco Systems, Inc."</td>
<td>C:\Program Files\Cisco Systems\VPN Client\vpngui.exe</td>

<td>Shortcut exists | File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"LightScribe Control Panel"</td>
<td>"Hewlett-Packard Company"</td>
<td>C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden</td>

<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Skype"</td>
<td>"Skype Technologies S.A."</td>
<td>"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized</td>
<td>File exists</td>
</tr>
<tr>

<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"StartupPrograms"</td>
<td class="notfound"></td>
<td class="notfound">rdpclip</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Run</td>

</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Adobe Reader Speed Launcher"</td>
<td>"Adobe Systems Incorporated"</td>
<td>"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>

<td>"FreePDF Assistant"</td>
<td>"shbox.de"</td>
<td>C:\Program Files\FreePDF_XP\fpassist.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"fssui"</td>
<td>"Microsoft Corporation"</td>

<td>"C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"HP Health Check Scheduler"</td>
<td>"Hewlett-Packard"</td>
<td>C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe</td>
<td>File exists</td>

</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"HP Software Update"</td>
<td>"Hewlett-Packard Co."</td>
<td>C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>

<td>"hpWirelessAssistant"</td>
<td>"Hewlett-Packard Development Company, L.P."</td>
<td>%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"LifeCam"</td>
<td>"Microsoft Corporation"</td>

<td>"C:\Program Files\Microsoft LifeCam\LifeExp.exe"</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"QPService"</td>
<td>"CyberLink Corp."</td>
<td>"C:\Program Files\HP\QuickPlay\QPService.exe"</td>
<td>File exists</td>

</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"SunJavaUpdateSched"</td>
<td>"Sun Microsystems, Inc."</td>
<td>"C:\Program Files\Java\jre6\bin\jusched.exe"</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>

<td>"UCam_Menu"</td>
<td>"CyberLink Corp."</td>
<td>"C:\Program Files\\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"WAWifiMessage"</td>
<td>"Hewlett-Packard Development Company, L.P."</td>

<td>%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rc">||&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Launcher"</td>
<td>"soft thinks"</td>

<td>%WINDIR%\SMINST\launcher.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Print Monitors</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>

<td>"KM Language Monitor"</td>
<td>"KYOCERA MITA Corporation"</td>
<td>C:\Windows\system32\KMPJLMN.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"KM USB Port"</td>
<td>"KYOCERA MITA"</td>

<td>C:\Windows\system32\KM-PMKN.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"PDFill Writer Monitor"</td>
<td>"Windows (R) Codename Longhorn DDK provider"</td>
<td>C:\Program Files\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll</td>
<td>File exists</td>

</tr>
<tr>
<td class="nodetails"><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td class="nodetails">"Redirected Port"</td>
<td class="nodetails"></td>
<td class="nodetails">C:\Windows\system32\redmonnt.dll</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td class="group" colspan="6">Services</td>
</tr>

<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400)</td>
<td>"Microsoft Corporation"</td>
<td>C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe</td>
<td>File exists</td>
</tr>

<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Cisco Systems, Inc. VPN Service" (CVPND)</td>
<td>"Cisco Systems, Inc."</td>
<td>C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>

<td>"Com4Qlb" (Com4Qlb)</td>
<td>"Hewlett-Packard Development Company, L.P."</td>
<td>C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Google Software Updater" (gusvc)</td>
<td>"Google"</td>

<td>C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Google Update Service (gupdate)" (gupdate)</td>
<td>"Google Inc."</td>
<td>C:\Program Files\Google\Update\GoogleUpdate.exe</td>
<td>File exists</td>

</tr>
<tr>
<td class="nodetails"><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td class="nodetails">"Haufe iDesk-Service in C:\Program Files\Haufe\iDesk\iDeskService\Zope" (HRService)</td>
<td class="nodetails"></td>
<td class="nodetails">C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>

<td>"HP Health Check Service" (HP Health Check Service)</td>
<td>"Hewlett-Packard"</td>
<td>C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"hpqwmiex" (hpqwmiex)</td>
<td>"Hewlett-Packard Development Company, L.P."</td>

<td>C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"InstallDriver Table Manager" (IDriverT)</td>
<td>"Macrovision Corporation"</td>
<td>C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe</td>
<td>File exists</td>

</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"LightScribeService Direct Disc Labeling Service" (LightScribeService)</td>
<td>"Hewlett-Packard Company"</td>
<td>C:\Program Files\Common Files\LightScribe\LSSrvc.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>

<td>"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32)</td>
<td>"Microsoft Corporation"</td>
<td>C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"MSCamSvc" (MSCamSvc)</td>
<td>"Microsoft Corporation"</td>

<td>C:\Program Files\Microsoft LifeCam\MSCamS32.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"Net Driver HPZ12" (Net Driver HPZ12)</td>
<td class="notfound"></td>
<td class="notfound">C:\Windows\system32\HPZinw12.dll</td>
<td class="notfound">File not found</td>
</tr>
<tr>

<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"Pml Driver HPZ12" (Pml Driver HPZ12)</td>
<td class="notfound"></td>
<td class="notfound">C:\Windows\system32\HPZipm12.dll</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"RoxMediaDB9" (RoxMediaDB9)</td>
<td>"Sonic Solutions"</td>

<td>C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"SeaPort" (SeaPort)</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe</td>
<td>File exists</td>

</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Servicio de Windows Live Protección infantil" (fsssvc)</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Windows Live\Family Safety\fsssvc.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>

<td>"stllssvr" (stllssvr)</td>
<td>"MicroVision Development, Inc."</td>
<td>C:\Program Files\Common Files\SureThing Shared\stllssvr.exe</td>
<td>File exists</td>
</tr>
</table>
<p>If You have questions or want to get some help, You can visit <a href="hxxp://forum.online-solutions.ru" target="_blank">hxxp://forum.online-solutions.ru</a></p>
</body></html>

und der Output von bootkit remover (Console)

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 1 (build 600
1), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: df1c10548966c4f16c540ebf80ffd180

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...


Viele Grüße
Martin

Alt 01.10.2010, 21:08   #10
trojanerin
 
Trojan.BHO löschen - Standard

Trojan.BHO löschen



Zusätzlich noch das Log von bootkit remover als zip.

Alt 03.10.2010, 13:10   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.BHO löschen - Standard

Trojan.BHO löschen



Zitat:
Hier sind die logs von OSAM als html
Wieso als html? In der Anleitung steht doch, Du sollst es als *.log abspeichern! Ich mein ich kann es so auch lesen, aber wieso befolgst Du nicht die Anleitung?

Wie dem auch sei, das OSAM-Log ist ok.

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.10.2010, 21:04   #12
trojanerin
 
Trojan.BHO löschen - Standard

Trojan.BHO löschen



Hallo Arne,

die Funktion speichern als *.log habe ich nicht gefunden, darum habe ich den html-code gepostet.

Die MBRCheck_<Datum>_<Uhrzeit>.txt-Datei liegt leider auch nicht auf meinem Desktop, irgendetwas scheine ich falsch zu machen

Hier der log-Output von der Console, ich hoffe, der hilft Dir weiter:


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G7000 Notebook PC
Logical Drives Mask: 0x0000001c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001a`63d9a800 (NTFS)

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: Y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:



Danke und Gruß
Martin

Alt 04.10.2010, 21:17   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.BHO löschen - Standard

Trojan.BHO löschen



Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).
Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.10.2010, 22:40   #14
trojanerin
 
Trojan.BHO löschen - Standard

Trojan.BHO löschen



Hallo Arne,

hab ich gemacht.

Malwarebytes zeigt jetzt noch einen infizierten Key an:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4693

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

10/7/2010 10:27:27 PM
mbam-log-2010-10-07 (22-27-27).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 820001
Time elapsed: 1 hour(s), 55 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL sagt folgendes:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10/7/2010 10:28:44 PM - Run 2
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Marit\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,013.00 Mb Total Physical Memory | 109.00 Mb Available Physical Memory | 11.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.56 Gb Total Space | 49.18 Gb Free Space | 46.59% Space Free | Partition Type: NTFS
Drive D: | 6.23 Gb Total Space | 2.31 Gb Free Space | 37.03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARIT-PC
Current User Name: Administrator_1
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Marit\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Marit\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.dll File not found
SRV - (Net Driver HPZ12) -- C:\Windows\System32\HPZinw12.dll File not found
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (HRService) -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe ()
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\DRIVERS\snpstd3.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (QCDonner) Labtec WebCam(PID_0840) -- C:\Windows\System32\drivers\lvcd.sys (Labtec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.web.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "1und1 Suche"
FF - prefs.js..browser.search.order.3: "amazon.de"
FF - prefs.js..browser.search.order.4: "WEB.DE Suche"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.web.de"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}:5.0.16
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {a82d0125-000a-4a57-abbc-5d4b0dbaab54}:1.5
FF - prefs.js..keyword.URL: "hxxp://go.web.de/suchbox/webdesuche?su="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/22 23:58:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/10 17:14:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/08 20:09:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2009/06/22 08:04:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Extensions
[2010/01/23 00:00:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions
[2009/11/29 12:24:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/04/15 10:17:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/26 21:01:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/22 23:59:20 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010/01/22 23:59:19 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2010/01/05 21:29:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Sunbird\Profiles\5shfxuur.default\extensions
[2010/01/23 00:00:18 | 000,005,599 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\1und1-suche.xml
[2010/01/23 00:00:17 | 000,001,381 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\amazonde.xml
[2010/01/23 00:00:17 | 000,010,613 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\gmx-suche.xml
[2008/05/28 08:57:47 | 000,000,950 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-1.xml
[2008/04/15 10:16:19 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-2.xml
[2008/04/15 10:19:43 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-3.xml
[2008/05/28 08:47:38 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-4.xml
[2009/11/29 12:24:45 | 000,000,950 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-5.xml
[2008/03/31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.gif
[2008/03/31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.src
[2009/07/13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.xml
[2009/07/26 21:01:08 | 000,001,632 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\live-search.xml
[2010/01/23 00:00:17 | 000,005,596 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\webde-suche.xml
[2010/09/30 20:47:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007/10/29 11:12:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/26 21:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/01/22 23:58:30 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010/01/22 23:58:30 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2009/06/22 08:04:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
[2008/08/30 23:10:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008/08/30 23:10:16 | 000,002,642 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008/08/30 23:10:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2008/08/30 23:10:16 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2008/08/30 23:10:16 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/09/30 21:15:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programme\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldes-es.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldes-es.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/09/30 21:24:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/30 21:24:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/09/30 21:24:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator_1\AppData\Local\temp
[2010/09/30 20:48:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/30 20:48:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/30 20:48:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/30 20:48:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/30 20:48:47 | 000,000,000 | ---D | C] -- C:\cofi.exe
[2010/09/30 20:47:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/30 20:46:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/30 20:37:45 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010/09/30 15:06:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/29 20:40:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/25 21:03:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator_1\AppData\Roaming\Malwarebytes
[2010/09/25 21:01:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/25 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/25 21:00:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/25 20:58:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/09/25 20:16:19 | 000,000,000 | ---D | C] -- C:\Programme\Trojancheck 6
[2010/09/25 19:59:00 | 000,000,000 | ---D | C] -- C:\Programme\AVG
[2010/09/16 15:08:08 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
 
========== Files - Modified Within 30 Days ==========
 
[2010/10/07 22:30:25 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/07 22:30:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{31F8CAE6-055C-43D5-B8F6-50CBD77521FE}.job
[2010/10/07 22:28:47 | 001,572,864 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat
[2010/10/07 22:28:30 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat{afbd2641-863b-11dd-bcdd-ebf3f1ad6977}.TMContainer00000000000000000002.regtrans-ms
[2010/10/07 22:28:30 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat{afbd2641-863b-11dd-bcdd-ebf3f1ad6977}.TM.blf
[2010/10/07 21:49:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/07 21:49:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/07 19:51:32 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/10/07 19:50:21 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/07 19:49:50 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/10/07 19:49:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/07 19:49:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/07 19:49:13 | 1061,216,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/01 20:48:05 | 000,044,756 | ---- | M] () -- C:\Users\Administrator_1\Desktop\osam.html
[2010/10/01 20:35:02 | 207,754,849 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/30 21:27:06 | 002,271,579 | -H-- | M] () -- C:\Users\Administrator_1\AppData\Local\IconCache.db
[2010/09/30 21:15:52 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/30 21:15:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/30 20:46:17 | 000,000,512 | ---- | M] () -- C:\Users\Administrator_1\Documents\cc_20100930_204611.reg
[2010/09/30 20:45:15 | 000,000,804 | ---- | M] () -- C:\Users\Administrator_1\Desktop\CCleaner.lnk
[2010/09/30 20:41:28 | 000,211,702 | ---- | M] () -- C:\Users\Administrator_1\Documents\cc_20100930_204112.reg
[2010/09/30 15:35:48 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/09/27 13:33:03 | 001,525,290 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/27 13:33:03 | 000,663,300 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/09/27 13:33:03 | 000,624,056 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/27 13:33:03 | 000,135,254 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/09/27 13:33:03 | 000,111,432 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2010/10/01 20:46:57 | 000,044,756 | ---- | C] () -- C:\Users\Administrator_1\Desktop\osam.html
[2010/10/01 20:33:51 | 207,754,849 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/30 20:48:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/30 20:48:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/30 20:48:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/30 20:48:59 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/30 20:48:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/30 20:46:15 | 000,000,512 | ---- | C] () -- C:\Users\Administrator_1\Documents\cc_20100930_204611.reg
[2010/09/30 20:45:15 | 000,000,804 | ---- | C] () -- C:\Users\Administrator_1\Desktop\CCleaner.lnk
[2010/09/30 20:41:18 | 000,211,702 | ---- | C] () -- C:\Users\Administrator_1\Documents\cc_20100930_204112.reg
[2010/09/30 15:35:47 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/09 22:57:34 | 000,000,607 | ---- | C] () -- C:\Windows\wiso.ini
[2010/01/18 11:12:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/29 11:47:14 | 000,015,872 | ---- | C] () -- C:\Windows\System32\vtssm32.dll
[2008/12/23 21:53:22 | 000,000,600 | ---- | C] () -- C:\Users\Administrator_1\AppData\Roaming\winscp.rnd
[2008/12/06 16:23:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2008/11/28 19:30:41 | 000,000,680 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\d3d9caps.dat
[2008/09/16 22:15:54 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2008/09/16 22:15:54 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll
[2008/09/16 22:15:53 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll
[2008/08/29 14:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/10/28 19:43:53 | 000,004,608 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/13 19:32:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\QSwitch.txt
[2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\DSwitch.txt
[2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\AtStart.txt
[2007/07/05 08:08:18 | 000,004,179 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/05/31 13:14:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/05/31 12:49:06 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/02/27 22:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 08:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 08:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/12/10 15:52:04 | 000,409,600 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC8.dll
[2006/11/04 03:58:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/29 15:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2006/09/24 21:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2006/09/24 21:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2006/09/21 13:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll
[2006/09/21 13:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll
[2006/09/21 13:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll
[2005/11/09 12:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll
[2005/11/09 12:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll
[2005/11/09 12:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll
[2001/10/10 09:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll
[2001/10/10 09:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll
[2001/03/07 09:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
< End of report >
         
--- --- ---


Wie geht's nun weiter?

Danke und Gruß
Martin

Alt 08.10.2010, 12:27   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.BHO löschen - Standard

Trojan.BHO löschen



Nach dem mbr-fix brauch ich eines neues Log von mbrcheck
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Trojan.BHO löschen
avira, deinstalliere, einträge, forum, hinweis, icq, infizierte, inter, interne, internet, löschen, rechner, registry, sauber, toolbar, troja, trojan.bho, träge



Ähnliche Themen: Trojan.BHO löschen


  1. Trojan.Malpack.Gen, C:\ksoadv.exe nicht zu löschen
    Log-Analyse und Auswertung - 23.04.2015 (12)
  2. trojan: win32/mediyes.E löschen - wie?
    Plagegeister aller Art und deren Bekämpfung - 17.08.2013 (8)
  3. Wie kann ich den Trojan.ZbotR.Gen löschen?
    Plagegeister aller Art und deren Bekämpfung - 01.02.2013 (21)
  4. Kann Trojan.Ransom nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (11)
  5. Trojan Win 32 Qhost eingefangen Wie lÖschen?
    Log-Analyse und Auswertung - 10.05.2011 (1)
  6. Trojan-Dropper.Win32.Agent.dw - Wie Löschen?
    Plagegeister aller Art und deren Bekämpfung - 14.01.2011 (1)
  7. Trojan.Win32.AutoRun.sc löschen
    Plagegeister aller Art und deren Bekämpfung - 05.10.2010 (7)
  8. Virus Trojan.DNS_Changer löschen?!
    Plagegeister aller Art und deren Bekämpfung - 10.10.2009 (2)
  9. Trojan-Spy.Win32.Agent.amui wie löschen
    Plagegeister aller Art und deren Bekämpfung - 13.05.2009 (1)
  10. Trojan-PWS.Vb.JL lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 02.06.2008 (15)
  11. trojan horse manuell löschen?
    Plagegeister aller Art und deren Bekämpfung - 08.12.2007 (5)
  12. Trojan-Clicker löschen?
    Plagegeister aller Art und deren Bekämpfung - 10.10.2006 (4)
  13. Download.Trojan lässt sich nicht löschen!
    Log-Analyse und Auswertung - 19.04.2006 (1)
  14. Muss den Trojan löschen!
    Log-Analyse und Auswertung - 17.01.2006 (1)
  15. Trojan start.page löschen klappt nicht
    Plagegeister aller Art und deren Bekämpfung - 28.02.2005 (3)
  16. Kann Trojan im Archiv nicht löschen!
    Plagegeister aller Art und deren Bekämpfung - 27.10.2004 (3)
  17. Wie kann ich einen SWPORT.TROJAN (MS7135.EXE) löschen ???
    Plagegeister aller Art und deren Bekämpfung - 15.03.2003 (3)

Zum Thema Trojan.BHO löschen - Hallo, hab mir blöderweise den Trojan.BHO eingefangen. Malwarebytes zeigte mir drei Einträge (siehe mbam-log-2010-09-26 (08-20-47).txt ). 2 in der Registry und eine infizierte Datei. In Internet (Forum Avira) gab es - Trojan.BHO löschen...
Archiv
Du betrachtest: Trojan.BHO löschen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.