Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojanerproblem

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.11.2010, 22:31   #1
crissbee
 
Trojanerproblem - Standard

Trojanerproblem



Da ich neu hier bin sage ich erstmal ein freundliches Hallo an alle.

Ich habe schon einiges über Google und eure SuFu probiert,aber bisher habe ich noch keine Lösung gefunden.

Jetzt zu meinem eigentlichen Problem.

Meine Bank hat mich angerufen und meine Onlinebankingdaten gesperrt, da von meinem Rechner wohl ein Trojanerangriff ausging. Einerseits ärgerlich, andererseits gut. Jetzt habe ich aber nicht die Möglichkeit meinen Rechner zu formatieren und muss den weg zu Fuß wählen. Ich hoffe ihr könnt mir dabei helfen.

Zu meinen System.

Ich habe Vista Home Premium 32-Bit,mit Servicepack 2 und Avira 10.

HiJackThis habe ich schon durchlaufen lassen und Malwarebytes auch, beides ohne erkennbare Logs.
Eben habe ich im Abgesichtern Modus noch Avira durchlaufen lassen und OTL habe ich eben auch schon mal durchlaufen lassen.

Avira und OTL poste ich hier gleich mal mit. Hoffentlich könnt ihr mir helfen.

Vielen Dank schon mal im voraus !!!

Zitat:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Dienstag, 2. November 2010 19:40

Es wird nach 2992847 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Abgesicherter Modus
Benutzername : Christian
Computername : CHRISTIAN-PC

Versionsinformationen:
BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.2010 11:37:35
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:16
LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 02:21:39
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 02:21:39
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 14:46:58
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 22:37:44
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 19:22:38
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 19:02:13
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 19:02:16
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 19:02:23
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 19:02:28
VBASE009.VDF : 7.10.11.134 2048 Bytes 13.09.2010 19:02:28
VBASE010.VDF : 7.10.11.135 2048 Bytes 13.09.2010 19:02:28
VBASE011.VDF : 7.10.11.136 2048 Bytes 13.09.2010 19:02:28
VBASE012.VDF : 7.10.11.137 2048 Bytes 13.09.2010 19:02:28
VBASE013.VDF : 7.10.11.165 172032 Bytes 15.09.2010 19:02:29
VBASE014.VDF : 7.10.11.202 144384 Bytes 18.09.2010 19:02:29
VBASE015.VDF : 7.10.11.231 129024 Bytes 21.09.2010 19:02:29
VBASE016.VDF : 7.10.12.4 126464 Bytes 23.09.2010 19:02:29
VBASE017.VDF : 7.10.12.38 146944 Bytes 27.09.2010 19:02:30
VBASE018.VDF : 7.10.12.64 133120 Bytes 29.09.2010 19:02:30
VBASE019.VDF : 7.10.12.99 134144 Bytes 01.10.2010 19:02:30
VBASE020.VDF : 7.10.12.122 131584 Bytes 05.10.2010 19:02:30
VBASE021.VDF : 7.10.12.148 119296 Bytes 07.10.2010 19:02:31
VBASE022.VDF : 7.10.12.175 142848 Bytes 11.10.2010 19:02:31
VBASE023.VDF : 7.10.12.198 131584 Bytes 13.10.2010 19:02:31
VBASE024.VDF : 7.10.12.216 133120 Bytes 14.10.2010 19:02:31
VBASE025.VDF : 7.10.12.238 137728 Bytes 18.10.2010 19:02:32
VBASE026.VDF : 7.10.12.254 129536 Bytes 20.10.2010 19:02:32
VBASE027.VDF : 7.10.13.22 137728 Bytes 22.10.2010 19:02:32
VBASE028.VDF : 7.10.13.39 124416 Bytes 26.10.2010 19:02:33
VBASE029.VDF : 7.10.13.62 141312 Bytes 28.10.2010 19:02:33
VBASE030.VDF : 7.10.13.73 137216 Bytes 29.10.2010 19:02:33
VBASE031.VDF : 7.10.13.76 36864 Bytes 01.11.2010 19:00:14
Engineversion : 8.2.4.86
AEVDF.DLL : 8.1.2.1 106868 Bytes 31.10.2010 19:02:39
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 31.10.2010 19:02:39
AESCN.DLL : 8.1.6.1 127347 Bytes 31.10.2010 19:02:38
AESBX.DLL : 8.1.3.1 254324 Bytes 31.10.2010 19:02:39
AERDL.DLL : 8.1.9.2 635252 Bytes 31.10.2010 19:02:38
AEPACK.DLL : 8.2.3.11 471416 Bytes 31.10.2010 19:02:37
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 31.10.2010 19:02:37
AEHEUR.DLL : 8.1.2.37 2974072 Bytes 31.10.2010 19:02:37
AEHELP.DLL : 8.1.14.0 246134 Bytes 31.10.2010 19:02:35
AEGEN.DLL : 8.1.3.23 401779 Bytes 31.10.2010 19:02:35
AEEMU.DLL : 8.1.2.0 393588 Bytes 31.10.2010 19:02:34
AECORE.DLL : 8.1.17.0 196982 Bytes 31.10.2010 19:02:34
AEBB.DLL : 8.1.1.0 53618 Bytes 31.10.2010 19:02:34
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.2010 11:35:44
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.2010 11:39:49
AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 11:22:11
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.2010 13:14:28

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Dienstag, 2. November 2010 19:40

Der Suchlauf nach versteckten Objekten wird begonnen.
Der Treiber konnte nicht initialisiert werden.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '142' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1775' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\Christian\AppData\Local\Temp\~TM2D75.tmp
[FUND] Ist das Trojanische Pferd TR/Obfuscated.DO.138
Beginne mit der Suche in 'D:\'

Beginne mit der Desinfektion:
C:\Users\Christian\AppData\Local\Temp\~TM2D75.tmp
[FUND] Ist das Trojanische Pferd TR/Obfuscated.DO.138
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '496aca7a.qua' verschoben!


Ende des Suchlaufs: Dienstag, 2. November 2010 21:03
Benötigte Zeit: 1:19:59 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

38162 Verzeichnisse wurden überprüft
1550133 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1550132 Dateien ohne Befall
12713 Archive wurden durchsucht
0 Warnungen
1 Hinweise
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.11.2010 22:03:07 - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = D:\Firefox\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 23,65 Gb Free Space | 16,41% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 74,92 Gb Free Space | 52,03% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13F24517-A679-480A-8281-4B94C8CFCC92}" = rport=139 | protocol=6 | dir=out | app=system | 
"{14315AEE-9EDC-4179-AE23-992AEE7822A6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{306F8DD5-045C-4967-8594-A703435FA82E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{44A5D88A-21D7-4363-8AD4-FBDAE64E6ED0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{45472588-FAC0-47CB-AFD9-63D6BB69FAFD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{48ABE508-B57A-42B0-8134-A0E177C7F803}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{4BF367EB-4124-465C-8DB0-7DE190A817D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4D605817-004F-4462-9A64-C069FCC9AF5D}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{64B780D1-3F28-4069-A1EB-554AB165A260}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{68EDB7CD-9198-4827-82CC-43C13D1607AB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8C9F8A0E-6AFB-4969-B8B1-742DB5BE8C89}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{CB5EA41F-9DEF-4920-BCC2-14CDC504680C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{CD97FB65-BE4A-4E4F-8670-A5511B9A207D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DF35A2C2-F78B-4BD9-B318-DD07F89D9ADB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EAA3D75C-C09B-4919-B619-49A17907D068}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FB755E4B-2010-43D8-A784-C15B1220C957}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0483307E-8DBA-438D-8D14-D4CBE429AF4D}" = protocol=17 | dir=in | app=d:\spiele\fear\fearmp.exe | 
"{0D00001B-C244-4F83-B4DB-42769912B5BA}" = protocol=17 | dir=in | app=d:\spiele\assassins creed\assassinscreed_dx10.exe | 
"{0D35B68E-EC59-4C22-AD7B-A30333FBACF8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{105FFEB6-74D9-4253-A6E8-EC096D00EE03}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2048FA3B-0DE8-4A49-9987-CBE83C1037DF}" = protocol=17 | dir=in | app=d:\spiele\assassins creed\assassinscreed_dx9.exe | 
"{25662DAB-CE08-4279-9178-892A834A3562}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{25AF42C1-0AE1-426F-A5CA-8F6637BABC36}" = protocol=17 | dir=in | app=d:\spiele\assassins creed\assassinscreed_launcher.exe | 
"{452350C2-0522-4B44-AB5D-0B5D4AF8AD4C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{4F4C0B94-ADEC-4AC2-BA99-A876B5FB82A6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5E163527-D76A-4529-BC27-9474CF23F98D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{79E947EB-ACC4-48EE-8E70-6CDA8CCEAEEF}" = protocol=6 | dir=in | app=d:\spiele\assassins creed\assassinscreed_dx10.exe | 
"{8C16C848-B55B-44C6-B30F-AA4581ABECBC}" = protocol=6 | dir=in | app=d:\spiele\fear\fear.exe | 
"{9CE55421-5557-466C-8455-848F03108B9E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{B87AC476-A12F-4791-B6F8-5FB8399BD9B6}" = protocol=6 | dir=in | app=d:\spiele\assassins creed\assassinscreed_launcher.exe | 
"{B94EAF15-BD9D-4C8E-A004-95C10E1CD8EB}" = protocol=6 | dir=in | app=d:\spiele\assassins creed\assassinscreed_dx9.exe | 
"{BA207B8B-3F60-4089-883F-42E98091CCEA}" = protocol=17 | dir=in | app=d:\spiele\wolkig mit aussicht auf fleischbällchen\wolkig mit aussicht auf fleischbällchen\jadeengine_final.exe | 
"{BAECE7B3-6389-4857-ABCF-E1F597617358}" = protocol=17 | dir=in | app=d:\spiele\fear\fear.exe | 
"{C9A2C6A5-5A58-47B6-B4A9-C9D06FB8F0B0}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{D88DFB0C-A278-41DD-BC7D-C55F62F04CCE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{D9B572E9-452B-4917-B48D-8652376E6B01}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E0185CCA-8423-494E-8450-9E401E11B8B5}" = protocol=6 | dir=in | app=d:\spiele\fear\fearmp.exe | 
"{E1CA20F8-3AE0-4BB9-BB2C-2ABD9496E79F}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{F04FB8FC-F1BD-4B04-8917-99E54A2B47BC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F31FC6EA-87A1-4E17-97EB-204FFD089A7D}" = protocol=6 | dir=in | app=d:\spiele\wolkig mit aussicht auf fleischbällchen\wolkig mit aussicht auf fleischbällchen\jadeengine_final.exe | 
"TCP Query User{41D3558E-F81A-4280-B0C0-A7703F61C8B8}D:\server\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\server\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{5FBE3410-3754-4CA3-A615-A9BF0D2F73D9}D:\server\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\server\xampp\apache\bin\httpd.exe | 
"TCP Query User{8E7835CE-48EC-4807-8E2C-078C1D6FFB11}D:\stick\wosportable\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=d:\stick\wosportable\mysql\bin\mysqld-nt.exe | 
"TCP Query User{9B0AD6B0-30DC-44D7-BED3-FE6CF7664E82}D:\stick\wosportable\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=d:\stick\wosportable\apache2\bin\httpd.exe | 
"TCP Query User{9DED243C-CB1A-4D8E-A783-69E44DAAB0E7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{E1F32FE5-9F11-4CD3-813B-AFB5945716F1}D:\server\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\server\xampp\apache\bin\httpd.exe | 
"TCP Query User{E3FBA8E1-8741-442E-9E16-F89FD112DE86}D:\server\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\server\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{E40FCE82-4F33-4281-B8FA-4348AE719CD9}D:\autosearch2\phoner\phoner.exe" = protocol=6 | dir=in | app=d:\autosearch2\phoner\phoner.exe | 
"UDP Query User{0707539B-5E3C-48F6-B571-1C76BF622040}D:\server\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\server\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{09BA5595-4E98-47FF-ACED-5BD33A5FFDE6}D:\stick\wosportable\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=d:\stick\wosportable\apache2\bin\httpd.exe | 
"UDP Query User{42C7E197-A635-435A-B924-4E92D9EDD050}D:\autosearch2\phoner\phoner.exe" = protocol=17 | dir=in | app=d:\autosearch2\phoner\phoner.exe | 
"UDP Query User{610AAE60-00F0-4F26-B7B8-65E384567CB9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{6AFF2CE4-43DC-43A2-8E01-1FCECFEB07F3}D:\stick\wosportable\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=d:\stick\wosportable\mysql\bin\mysqld-nt.exe | 
"UDP Query User{94378459-2391-4A23-8C48-4CDB2C722D1F}D:\server\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\server\xampp\apache\bin\httpd.exe | 
"UDP Query User{A552CCA4-17A0-45DD-9F30-928800268311}D:\server\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\server\xampp\apache\bin\httpd.exe | 
"UDP Query User{E5EF82B5-EE0B-405C-BC4B-8D147AEDE441}D:\server\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\server\xampp\mysql\bin\mysqld.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32A3A4F4-B792-11D6-A78A-00B0D0160110}" = Java(TM) SE Development Kit 6 Update 11
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = Saboteur™
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{718E5F0B-485B-4617-A264-5BC573EE51C0}" = The Bat! Professional v4.0.26
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{855B0AD8-0EFD-4D8B-BB79-751784C1779F}" = Profiler3D Autodetektor DE
"{85EBB283-65AF-4C53-9EBE-7C0A232762F7}" = AGEIA PhysX v7.03.21
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9550BFE-CA73-4C24-8E20-4C72992375BE}" = WISO Angebot und Rechnung
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B76BE192-7AD9-4A02-90A8-E3DA068D2F00}" = Wolkig mit Aussicht auf Fleischbällchen(TM)
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9A67F1-BDD3-4259-9F5C-2EFCE6B3A6C5}" = Clive Barker's Jericho
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3EC9E5A-27BA-4834-828E-5D7A77CDE964}" = Samsung PC Studio 3
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_697a06b96d8bcbe2d77b88e7d5448d0" = Adobe Creative Suite 4 Master Collection
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ALZip_is1" = ALZip
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ControlMK" = ControlMK 0.232
"DFHEXEditor 1.1_is1" = DF HEXEditor 1.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2:*Die neuen Abenteuer
"InstallShield_{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.5.1 (Full)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NAVIGON Fresh" = NAVIGON Fresh 3.0.1
"nbi-glassfish-2.0.2.4.20080515" = GlassFish V2 UR2
"nbi-glassfish-mod-3.0.0.28.20081022" = GlassFish v3 Prelude
"nbi-nb-base-6.5.0.0.200812050001" = NetBeans IDE 6.5
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"xampp" = XAMPP 1.7.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.08.2010 21:26:49 | Computer Name = Christian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 21:26:49 | Computer Name = Christian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 21:26:50 | Computer Name = Christian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 21:26:50 | Computer Name = Christian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 21:26:51 | Computer Name = Christian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 21:26:51 | Computer Name = Christian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 21:26:54 | Computer Name = Christian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 21:26:55 | Computer Name = Christian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 21:28:14 | Computer Name = Christian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.08.2010 18:27:12 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e01da5, fehlerhaftes Modul fun_avcodec.dll, Version 0.0.0.0, Zeitstempel 0x4667643f,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000301a, Prozess-ID 0x13c, Anwendungsstartzeit
01cb3aaa16479932.
 
[ System Events ]
Error - 02.11.2010 14:40:39 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.11.2010 14:40:39 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.11.2010 14:40:39 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.11.2010 14:40:39 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 02.11.2010 14:40:39 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.11.2010 14:40:39 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.11.2010 14:40:39 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.11.2010 14:40:39 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.11.2010 16:08:22 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.11.2010 16:08:53 | Computer Name = Christian-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.11.2010 22:03:07 - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = D:\Firefox\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 23,65 Gb Free Space | 16,41% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 74,92 Gb Free Space | 52,03% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Firefox\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - D:\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile)
PRC - C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Firefox\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GtDetectSc) -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\DRIVERS\iaNvStor.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option NV)
DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)
DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.arcor.de"
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.01 20:54:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.01 20:54:13 | 000,000,000 | ---D | M]
 
[2008.12.15 00:27:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2010.11.02 21:18:29 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vuz5bnic.default\extensions
[2010.08.02 20:02:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vuz5bnic.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.04.15 07:36:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vuz5bnic.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.06.28 08:48:13 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vuz5bnic.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009.09.12 03:02:33 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vuz5bnic.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.03.16 21:44:38 | 000,001,196 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\FireFox\Profiles\vuz5bnic.default\searchplugins\winamp-search.xml
[2010.01.15 22:03:51 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.09.16 19:12:17 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.16 19:12:17 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.16 19:12:17 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.16 19:12:17 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.16 19:12:17 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.12.16 00:06:57 | 000,001,241 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Photoshop\AdobeCS4Master\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Photoshop\AdobeCS4Master\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] D:\Quicktime-Player\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] D:\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [defje] C:\Users\Christian\AppData\Roaming\defje.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Sec\Wallpapers\Wallpaper2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Sec\Wallpapers\Wallpaper2.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.06.20 03:19:05 | 000,000,000 | ---D | M] - D:\Autobingooo -- [ NTFS ]
O32 - AutoRun File - [2010.03.09 00:24:26 | 000,000,000 | ---D | M] - D:\Autodetektor -- [ NTFS ]
O33 - MountPoints2\{4c01e140-0a68-11df-8e60-001377b21c6a}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\{7051588e-ca34-11dd-b5ef-001377b21c6a}\Shell - "" = AutoRun
O33 - MountPoints2\{7051588e-ca34-11dd-b5ef-001377b21c6a}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.02 21:40:41 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2010.11.02 21:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.02 21:25:01 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2010.11.02 21:24:23 | 000,000,000 | ---D | C] -- C:\Windows\9EFA732347A048E28F7735DB5EED500A.TMP
[2010.10.29 12:59:33 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Avira
[2010.10.29 12:54:55 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.10.29 12:54:55 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.10.27 04:20:28 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.10.27 04:20:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.10.27 04:20:27 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.10.14 06:00:16 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.14 05:59:50 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.14 05:59:30 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.14 05:59:27 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.10.14 05:59:27 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.14 05:59:27 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.14 05:59:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.14 05:59:26 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.14 05:59:26 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.14 05:59:26 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.14 05:59:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.14 05:59:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.10.14 05:59:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.14 05:59:26 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.10.14 05:59:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.10.14 05:59:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.10.14 05:59:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.10.14 05:59:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.14 05:59:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.14 05:59:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.14 05:59:25 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.14 05:59:25 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.14 05:59:24 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.14 05:59:23 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.14 05:59:22 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.07 20:20:35 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Buhl Data Service
[2010.10.07 20:19:20 | 004,082,688 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\qtintf70.dll
[2010.10.07 20:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2010.10.07 20:18:55 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Buhl Data Service
[2010.10.07 20:17:59 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Buhl Data Service
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.02 21:24:20 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2010.11.02 21:12:28 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.02 21:12:28 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.02 21:12:28 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.02 21:12:28 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.02 21:07:22 | 000,145,299 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.11.02 21:06:48 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.02 21:06:48 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.02 21:06:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.02 21:06:34 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.02 19:37:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.11.02 19:32:52 | 000,145,299 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.11.02 15:51:28 | 000,066,048 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.25 14:31:03 | 000,032,578 | ---- | M] () -- C:\Users\Christian\Desktop\BD-Player.JPG
[2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.10.15 02:22:37 | 002,304,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.07 20:19:39 | 000,000,534 | ---- | M] () -- C:\Users\Christian\Desktop\WISO Angebot & Rechnung.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.02 21:06:34 | 3215,572,992 | -HS- | C] () -- C:\hiberfil.sys
[2010.10.25 14:31:03 | 000,032,578 | ---- | C] () -- C:\Users\Christian\Desktop\BD-Player.JPG
[2010.10.07 20:19:39 | 000,000,534 | ---- | C] () -- C:\Users\Christian\Desktop\WISO Angebot & Rechnung.lnk
[2010.05.24 11:53:33 | 000,000,016 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\khiteb.dat
[2010.03.28 19:54:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.03.28 19:49:26 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.01.05 02:51:42 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.01.05 02:51:42 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.01.05 02:51:40 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.01.05 02:51:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.01.05 02:51:39 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.01.05 02:02:42 | 000,145,299 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.01.05 02:02:20 | 000,145,299 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.11.21 03:43:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.12.15 14:18:30 | 000,066,048 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.15 03:18:34 | 000,008,268 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2008.12.14 23:37:36 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008.09.12 05:03:48 | 000,001,670 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.09.12 05:03:06 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.09.12 05:03:06 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.09.12 04:54:39 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.09.11 16:02:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.03.26 10:45:18 | 000,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2007.02.20 14:59:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.02.20 14:59:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
< End of report >
         
--- --- ---

Alt 03.11.2010, 15:42   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojanerproblem - Standard

Trojanerproblem



Zitat:
HiJackThis habe ich schon durchlaufen lassen und Malwarebytes auch, beides ohne erkennbare Logs.
Was heißt ohne erkennbare Logs? Die Tools erstellen immer Logs, also poste sie auch. V.a. das von Malwarebytes auch wenn nichts gefunden wurde.

Zitat:
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
Und was soll das? Wieso soll Dein Rechner Adobe nicht erreichen können?
__________________

__________________

Alt 03.11.2010, 17:13   #3
crissbee
 
Trojanerproblem - Standard

Trojanerproblem



Zitat:
Was heißt ohne erkennbare Logs? Die Tools erstellen immer Logs, also poste sie auch. V.a. das von Malwarebytes auch wenn nichts gefunden wurde.
Sorry, war die falsche Wortwahl. Ich meinte eigentlich, ohne für mich erkennbare Probleme.

Zitat:
Und was soll das? Wieso soll Dein Rechner Adobe nicht erreichen können?
Kann ich dir ehrlich gesagt nicht beantworten.

Nun werde ich dir aber die fehlenden Logs posten. Ich hoffe es hilft weiter.

HiJackThis:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:10:03, on 03.11.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Firefox\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Photoshop\AdobeCS4Master\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Photoshop\AdobeCS4Master\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Quicktime-Player\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [defje] "C:\Users\Christian\AppData\Roaming\defje.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: web'n'walk Manager.lnk = C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GtDetectSc - Option - C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

--
End of file - 8498 bytes
         
Und Malwarebytes:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5026

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

03.11.2010 17:00:18
mbam-log-2010-11-03 (17-00-18).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 162892
Laufzeit: 7 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
__________________

Alt 03.11.2010, 19:16   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojanerproblem - Standard

Trojanerproblem



Zitat:
Art des Suchlaufs: Quick-Scan
mach mal einen Vollscan mit Malwarebytes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.11.2010, 21:11   #5
crissbee
 
Trojanerproblem - Standard

Trojanerproblem



So, habe jetzt den Vollscan durchlaufen lassen.

Laßt ihr eigentlich nur dir C:Partition durchscannen oder alle ?

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5026

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

03.11.2010 21:06:23
mbam-log-2010-11-03 (21-06-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 455572
Laufzeit: 1 Stunde(n), 17 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

__________________
__________________
Gruß, Christian

Alt 04.11.2010, 17:27   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojanerproblem - Standard

Trojanerproblem



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [defje] C:\Users\Christian\AppData\Roaming\defje.exe File not found
O32 - AutoRun File - [2010.06.20 03:19:05 | 000,000,000 | ---D | M] - D:\Autobingooo -- [ NTFS ]
O32 - AutoRun File - [2010.03.09 00:24:26 | 000,000,000 | ---D | M] - D:\Autodetektor -- [ NTFS ]
O33 - MountPoints2\{4c01e140-0a68-11df-8e60-001377b21c6a}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\{7051588e-ca34-11dd-b5ef-001377b21c6a}\Shell - "" = AutoRun
O33 - MountPoints2\{7051588e-ca34-11dd-b5ef-001377b21c6a}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
[2010.11.02 21:24:23 | 000,000,000 | ---D | C] -- C:\Windows\9EFA732347A048E28F7735DB5EED500A.TMP
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
--> Trojanerproblem

Alt 04.11.2010, 21:19   #7
crissbee
 
Trojanerproblem - Standard

Trojanerproblem



Hallo Arne,

ich habe das Script jetzt ausgeführt und hier jetzt das entsprechende Logfile:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\defje deleted successfully.
File  not found.
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c01e140-0a68-11df-8e60-001377b21c6a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c01e140-0a68-11df-8e60-001377b21c6a}\ not found.
File F:\Get_Started_for_Win.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7051588e-ca34-11dd-b5ef-001377b21c6a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7051588e-ca34-11dd-b5ef-001377b21c6a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7051588e-ca34-11dd-b5ef-001377b21c6a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7051588e-ca34-11dd-b5ef-001377b21c6a}\ not found.
File F:\setup.exe not found.
C:\Windows\9EFA732347A048E28F7735DB5EED500A.TMP folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Christian
->Temp folder emptied: 388468082 bytes
->Temporary Internet Files folder emptied: 159940028 bytes
->Java cache emptied: 60508544 bytes
->FireFox cache emptied: 44855936 bytes
->Google Chrome cache emptied: 6982117 bytes
->Flash cache emptied: 2637093 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Spielen
->Temp folder emptied: 248919 bytes
->Temporary Internet Files folder emptied: 33636 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43216829 bytes
RecycleBin emptied: 44330655 bytes
 
Total Files Cleaned = 716,00 mb
 
 
OTL by OldTimer - Version 3.2.17.2 log created on 11042010_211227

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
__________________
__________________
Gruß, Christian

Alt 04.11.2010, 21:31   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojanerproblem - Standard

Trojanerproblem



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.11.2010, 23:16   #9
crissbee
 
Trojanerproblem - Standard

Trojanerproblem



Ich habe jetzt CCleaner nach Anleitung ausgeführt und anschließend ComboFix.

Hier nun das Ergebnis der Logdatei:

Code:
ATTFilter
ComboFix 10-11-03.04 - Christian 04.11.2010  23:02:28.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.2106 [GMT 1:00]
ausgeführt von:: c:\users\Christian\Desktop\Cofi.exe.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-10-04 bis 2010-11-04  ))))))))))))))))))))))))))))))
.

2010-11-04 22:07 . 2010-11-04 22:07	--------	d-----w-	c:\users\Christian\AppData\Local\temp
2010-11-04 22:07 . 2010-11-04 22:07	--------	d-----w-	c:\users\Spielen\AppData\Local\temp
2010-11-04 22:07 . 2010-11-04 22:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-11-04 21:32 . 2010-11-04 21:32	--------	d-----w-	c:\program files\CCleaner
2010-11-04 00:46 . 2010-10-07 23:21	6146896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A516374E-7137-4CBB-8DCF-F25F74C3D1D3}\mpengine.dll
2010-11-03 15:44 . 2010-11-03 15:44	--------	d-----w-	c:\users\Christian\AppData\Roaming\HP
2010-11-03 15:43 . 2010-11-03 15:43	--------	d-----w-	c:\programdata\WEBREG
2010-11-03 15:42 . 2010-11-03 15:42	--------	d-----w-	c:\programdata\Hewlett-Packard
2010-11-03 15:42 . 2007-10-20 17:21	278016	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2010-11-03 15:38 . 2010-11-03 15:38	--------	d-----w-	c:\programdata\HP Product Assistant
2010-11-03 15:38 . 2010-11-03 15:38	--------	d-----w-	c:\program files\Hewlett-Packard
2010-11-03 15:38 . 2010-11-03 15:38	--------	d-----w-	c:\program files\Common Files\Hewlett-Packard
2010-11-03 15:37 . 2010-11-03 15:37	--------	d-----w-	c:\program files\Common Files\HP
2010-11-03 15:34 . 2007-11-07 22:52	271704	----a-w-	c:\windows\system32\hpzids01.dll
2010-11-03 15:34 . 2007-10-20 17:25	117760	----a-w-	c:\windows\system32\hpzll5mu.dll
2010-11-03 15:34 . 2007-10-29 17:25	372736	----a-w-	c:\windows\system32\hppldcoi.dll
2010-11-03 15:34 . 2007-10-29 17:11	729088	----a-w-	c:\windows\system32\hpowiax7.dll
2010-11-03 15:34 . 2007-10-29 17:11	303104	----a-w-	c:\windows\system32\hpovst15.dll
2010-11-03 15:34 . 2007-10-29 17:11	581632	----a-w-	c:\windows\system32\hpotscl6.dll
2010-11-03 15:33 . 2010-11-03 15:38	--------	d-----w-	c:\program files\HP
2010-11-03 15:31 . 2010-11-03 15:39	--------	d-----w-	c:\programdata\HP
2010-11-03 00:13 . 2010-04-29 11:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-03 00:13 . 2010-11-03 00:13	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-11-03 00:13 . 2010-04-29 11:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-11-02 20:40 . 2010-11-02 20:40	--------	d-----w-	c:\users\Christian\AppData\Roaming\Malwarebytes
2010-11-02 20:40 . 2010-11-02 20:40	--------	d-----w-	c:\programdata\Malwarebytes
2010-11-02 20:25 . 2010-11-02 20:25	--------	d-----w-	c:\program files\Enigma Software Group
2010-10-29 11:59 . 2010-10-29 11:59	--------	d-----w-	c:\users\Christian\AppData\Roaming\Avira
2010-10-29 11:54 . 2009-05-11 10:49	51992	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-10-29 11:54 . 2009-05-11 10:49	17016	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-10-27 03:20 . 2010-08-26 16:34	1696256	----a-w-	c:\windows\system32\gameux.dll
2010-10-27 03:20 . 2010-08-26 16:33	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-10-27 03:20 . 2010-08-26 14:23	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-14 05:00 . 2010-09-13 13:56	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2010-10-14 05:00 . 2010-09-13 13:56	168960	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2010-10-07 19:20 . 2010-10-07 19:20	--------	d-----w-	c:\users\Christian\AppData\Roaming\Buhl Data Service
2010-10-07 19:19 . 2010-10-07 19:19	58696	----a-r-	c:\users\Christian\AppData\Roaming\Microsoft\Installer\{A9550BFE-CA73-4C24-8E20-4C72992375BE}\ARPPRODUCTICON.exe
2010-10-07 19:19 . 2010-10-07 19:19	341320	----a-r-	c:\users\Christian\AppData\Roaming\Microsoft\Installer\{A9550BFE-CA73-4C24-8E20-4C72992375BE}\NewShortcut6_DFAA5A5B71F14365BF3E62E5A4456CFF.exe
2010-10-07 19:19 . 2002-08-23 08:00	4082688	----a-w-	c:\windows\system32\qtintf70.dll
2010-10-07 19:18 . 2010-10-07 19:20	--------	d-----w-	c:\programdata\Buhl Data Service GmbH
2010-10-07 19:18 . 2010-10-07 19:19	--------	d-----w-	c:\program files\Common Files\Buhl Data Service
2010-10-07 19:17 . 2010-10-07 19:17	--------	d-----w-	c:\users\Christian\AppData\Local\Buhl Data Service

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-04 20:22 . 2009-04-14 22:10	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-11-04 20:22 . 2009-04-14 22:10	126856	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-10-19 09:41 . 2009-10-12 01:16	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-08-26 16:33 . 2010-10-27 03:20	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 03:20	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 03:20	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 03:20	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11 . 2010-09-15 02:38	128000	----a-w-	c:\windows\system32\spoolsv.exe
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-10 40048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinampAgent"="d:\winamp\winampa.exe" [2010-01-13 37888]
"QuickTime Task"="d:\quicktime-player\QTTask.exe" [2010-03-17 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
web'n'walk Manager.lnk - c:\program files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe [2007-11-7 798720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-07-09 95744]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-06-26 51968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2008-05-08 226328]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
S2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [2007-11-05 204915]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-09-12 13312]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2009-01-23 243840]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2010-11-04 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-10-27 12:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp:\\www.samsungcomputer.com
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\vuz5bnic.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.arcor.de
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: d:\quicktime-player\Plugins\npqtplugin.dll
FF - plugin: d:\quicktime-player\Plugins\npqtplugin2.dll
FF - plugin: d:\quicktime-player\Plugins\npqtplugin3.dll
FF - plugin: d:\quicktime-player\Plugins\npqtplugin4.dll
FF - plugin: d:\quicktime-player\Plugins\npqtplugin5.dll
FF - plugin: d:\quicktime-player\Plugins\npqtplugin6.dll
FF - plugin: d:\quicktime-player\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-04 23:07
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-11-04  23:08:25
ComboFix-quarantined-files.txt  2010-11-04 22:08

Vor Suchlauf: 7 Verzeichnis(se), 25.521.356.800 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 25.460.891.648 Bytes frei

- - End Of File - - F4EBDD5A0F6B66715FB085652E5338FD
         
__________________
__________________
Gruß, Christian

Alt 05.11.2010, 14:52   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojanerproblem - Standard

Trojanerproblem



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.11.2010, 23:04   #11
crissbee
 
Trojanerproblem - Standard

Trojanerproblem



Habe ich jetzt getan. Hier nun die 3 Logs.

Gmer:

Code:
ATTFilter
GMER 1.0.15.15507 - hxxp://www.gmer.net
Rootkit scan 2010-11-06 22:48:27
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 11.0
Running: 5f5hge5p.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kgldiuod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                             section is writeable [0x8FC04340, 0x3EE687, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[3248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [73AA7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [73AFA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [73AABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [73A9F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [73AA75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [73A9E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [73AD8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [73AADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [73A9FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [73A9FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [73A971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [73B2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [73ACC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [73A9D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [73A96853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [73A9687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [73AA2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fa0371                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fc199b                          
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1fa0371 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1fc199b (not active ControlSet)      

---- EOF - GMER 1.0.15 ----
         
Osam:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:57:48 on 06.11.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.12

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"SupBackGroundTask.job" - ? - C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Version Cue CS4" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl
"QuickTime" - "Apple Inc." - D:\Quicktime-Player\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys  (File not found)
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\ENTECH.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kgldiuod" (kgldiuod) - ? - C:\Users\CHRIST~1\AppData\Local\Temp\kgldiuod.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{4EB37360-49E8-11D3-95B5-004033382980} "ALZip 5.0 Context Menu Shell Extension" - "ESTsoft" - C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll
{EBDF1F20-C829-11D1-8233-0020AF3E97A6} "ATS Context Menu Shell Extension" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} "Contribute Toolbar" - "Adobe Systems Incorporated." - D:\Photoshop\AdobeCS4Master\Adobe Contribute CS4\contributeieplugin.dll
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{074C1DC5-9320-4A9A-947D-C042949C6216} "ContributeBHO Class" - "Adobe Systems Incorporated." - D:\Photoshop\AdobeCS4Master\Adobe Contribute CS4\contributeieplugin.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
"web'n'walk Manager.lnk" - "T-Mobile" - C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe_ID0ENQBO" - "Adobe Systems Incorporated" - C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task" - "Apple Inc." - "D:\Quicktime-Player\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"
"WinampAgent" - "Nullsoft, Inc." - D:\Winamp\winampa.exe

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"LIDIL hpzll5mu" - "Hewlett-Packard Company" - C:\Windows\system32\hpzll5mu.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Version Cue CS4" (Adobe Version Cue CS4) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"GtDetectSc" (GtDetectSc) - "Option" - C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
Und MBRCheck:

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer:		Phoenix Technologies Ltd.
System Manufacturer:		SAMSUNG ELECTRONICS CO., LTD.
System Product Name:		R710
Logical Drives Mask:		0x0000003c

Kernel Drivers (total 148):
  0x8243E000 \SystemRoot\system32\ntoskrnl.exe
  0x8240B000 \SystemRoot\system32\hal.dll
  0x8A404000 \SystemRoot\system32\kdcom.dll
  0x8A40B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8A47B000 \SystemRoot\system32\PSHED.dll
  0x8A48C000 \SystemRoot\system32\BOOTVID.dll
  0x8A494000 \SystemRoot\system32\CLFS.SYS
  0x8A4D5000 \SystemRoot\system32\CI.dll
  0x8A5B5000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8A631000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8A63E000 \SystemRoot\system32\drivers\acpi.sys
  0x8A684000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x8A68D000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8A695000 \SystemRoot\system32\drivers\pci.sys
  0x8A6BC000 \SystemRoot\System32\drivers\partmgr.sys
  0x8A6CB000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8A6CE000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8A6D8000 \SystemRoot\system32\drivers\volmgr.sys
  0x8A6E7000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8A731000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8A80C000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8A8DC000 \SystemRoot\system32\DRIVERS\iaNvStor.sys
  0x8A924000 \SystemRoot\system32\drivers\atapi.sys
  0x8A92C000 \SystemRoot\system32\drivers\ataport.SYS
  0x8A94A000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8A97C000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8A98C000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8A996000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8AA07000 \SystemRoot\system32\drivers\ndis.sys
  0x8AB12000 \SystemRoot\system32\drivers\msrpc.sys
  0x8AB3D000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8AC0B000 \SystemRoot\System32\drivers\tcpip.sys
  0x8ACF5000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8AD10000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8AE20000 \SystemRoot\system32\drivers\volsnap.sys
  0x8AE59000 \SystemRoot\System32\Drivers\spldr.sys
  0x8AE61000 \SystemRoot\System32\Drivers\mup.sys
  0x8AE70000 \SystemRoot\System32\drivers\ecache.sys
  0x8AE97000 \SystemRoot\system32\drivers\disk.sys
  0x8AEA8000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8AEC9000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8AFAF000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8AFBA000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8FC04000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x90337000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x903D8000 \SystemRoot\System32\drivers\watchdog.sys
  0x903E4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8AB78000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x903EF000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8A741000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8F406000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8F4C8000 \SystemRoot\system32\DRIVERS\yk60x86.sys
  0x8F514000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8F518000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8F52B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8F536000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8F564000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8F566000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8F571000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8F589000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8F598000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8F5C7000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8F608000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8F613000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8F62A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8F635000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8F658000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8F667000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8F67B000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8F690000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8F6A0000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8F6A2000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8F6CC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8F6D6000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8F6E3000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8F718000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x90400000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x90600000 \SystemRoot\system32\drivers\portcls.sys
  0x9062D000 \SystemRoot\system32\drivers\drmk.sys
  0x90652000 \SystemRoot\system32\drivers\nvhda32v.sys
  0x90660000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x90669000 \SystemRoot\System32\Drivers\Null.SYS
  0x90670000 \SystemRoot\System32\Drivers\Beep.SYS
  0x90677000 \SystemRoot\System32\drivers\vga.sys
  0x90683000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x906A4000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x906AD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x906BD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x906C4000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x906CC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x906E1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x906E9000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x906F1000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x906FC000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x9070A000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x90713000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x90729000 \SystemRoot\system32\DRIVERS\smb.sys
  0x9073D000 \SystemRoot\system32\drivers\afd.sys
  0x90785000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x9079C000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x907CE000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x907D7000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x907ED000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8F729000 \SystemRoot\System32\Drivers\VMC302.sys
  0x8F765000 \SystemRoot\System32\Drivers\StarOpen.SYS
  0x8F76B000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8F77E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8F784000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8F7C0000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8F7CA000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8AFC3000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x907FB000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x8ABB6000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x8F7E1000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8AED2000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x96870000 \SystemRoot\System32\win32k.sys
  0x8F7EE000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8AFE6000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x96A90000 \SystemRoot\System32\TSDDD.dll
  0x96AB0000 \SystemRoot\System32\cdd.dll
  0x96AC0000 \SystemRoot\System32\ATMFD.DLL
  0x8ABDE000 \SystemRoot\system32\drivers\luafv.sys
  0x8A7CE000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x8F7F8000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys
  0x9D004000 \SystemRoot\system32\drivers\spsys.sys
  0x9D0B4000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9D0C4000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9D0EE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9D0F8000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9D10B000 \SystemRoot\system32\drivers\HTTP.sys
  0x9D178000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9D195000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9D1AE000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9D1C3000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9D1E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9D203000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9D23C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9D254000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9D27C000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9D2E2000 \SystemRoot\System32\Drivers\adfs.SYS
  0x9D2F3000 \SystemRoot\system32\drivers\peauth.sys
  0x9D3D1000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x9D3DB000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9D3E7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x9D2CA000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0x8A7E3000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x89001000 \??\C:\Users\CHRIST~1\AppData\Local\Temp\kgldiuod.sys
  0x77900000 \Windows\System32\ntdll.dll

Processes (total 79):
       0 System Idle Process
       4 System
     460 C:\Windows\System32\smss.exe
     588 csrss.exe
     640 C:\Windows\System32\wininit.exe
     656 csrss.exe
     688 C:\Windows\System32\services.exe
     728 C:\Windows\System32\lsass.exe
     736 C:\Windows\System32\lsm.exe
     872 C:\Windows\System32\svchost.exe
     944 C:\Windows\System32\nvvsvc.exe
     972 C:\Windows\System32\svchost.exe
    1008 C:\Windows\System32\svchost.exe
    1056 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\svchost.exe
    1096 C:\Windows\System32\svchost.exe
    1160 C:\Windows\System32\audiodg.exe
    1180 C:\Windows\System32\svchost.exe
    1196 C:\Windows\System32\SLsvc.exe
    1240 C:\Windows\System32\svchost.exe
    1352 C:\Windows\System32\winlogon.exe
    1420 C:\Windows\System32\svchost.exe
    1644 C:\Windows\System32\rundll32.exe
    1712 C:\Windows\System32\spoolsv.exe
    1784 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1812 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1832 C:\Windows\System32\svchost.exe
    1912 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1936 C:\Windows\System32\svchost.exe
     716 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    2116 C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
    2132 C:\Windows\System32\svchost.exe
    2176 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    2200 C:\Windows\System32\svchost.exe
    2236 C:\Windows\System32\svchost.exe
    2260 C:\Windows\System32\svchost.exe
    2300 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    2328 C:\Windows\System32\svchost.exe
    2364 C:\Windows\System32\svchost.exe
    2448 C:\Windows\System32\SearchIndexer.exe
    2720 WUDFHost.exe
    3128 C:\Windows\System32\taskeng.exe
    3144 C:\Windows\System32\dwm.exe
    3204 C:\Windows\System32\taskeng.exe
    3212 C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
    3248 C:\Windows\explorer.exe
    3364 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    3404 C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
    3420 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
    3644 C:\Program Files\Windows Defender\MSASCui.exe
    3648 C:\Windows\RtHDVCpl.exe
     340 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
     312 C:\Windows\System32\rundll32.exe
    2468 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3684 C:\Windows\System32\wpcumi.exe
    3672 C:\Program Files\Java\jre6\bin\jusched.exe
    2428 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    1484 D:\Winamp\winampa.exe
    1584 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    1596 C:\Program Files\Windows Sidebar\sidebar.exe
    1580 C:\Windows\ehome\ehtray.exe
    1620 C:\Program Files\Windows Media Player\wmpnscfg.exe
    1608 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    3124 C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
    4064 C:\Windows\ehome\ehmsas.exe
    3792 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3380 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    3548 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    2752 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    3308 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
     724 C:\Windows\System32\svchost.exe
    5152 C:\Windows\System32\SearchProtocolHost.exe
    4516 C:\Windows\System32\SearchFilterHost.exe
    3588 C:\Windows\System32\notepad.exe
    4596 C:\Windows\System32\dllhost.exe
     320 dllhost.exe
    2840 dllhost.exe
    2188 D:\Firefox\Downloads\Trojaner-Board\MBRCheck.exe
    2440 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`85d00000  (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-35ZCT0, Rev: 11.01A11

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 898F3CF28E8EC7228D29035E39B672E205D702F2


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice: 

Done!
         
__________________
__________________
Gruß, Christian

Alt 06.11.2010, 23:46   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojanerproblem - Standard

Trojanerproblem



Sind noch andere Betriebssysteme außer Vista installiert?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.11.2010, 19:19   #13
crissbee
 
Trojanerproblem - Standard

Trojanerproblem



Nein, auf dem Laptop ist nur Vista installiert.
__________________
__________________
Gruß, Christian

Alt 07.11.2010, 23:24   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojanerproblem - Standard

Trojanerproblem



Wenn Du eine ganz normale Vista-DVD hast, bitte von dieser booten und bei Punkt (3.) weitermachen, wenn nicht ab Punkt (1.) :


1.) Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

2.) Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

3.) Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.11.2010, 14:17   #15
crissbee
 
Trojanerproblem - Standard

Trojanerproblem



So, habe ich auch gemacht.
__________________
__________________
Gruß, Christian

Antwort

Themen zu Trojanerproblem
0 bytes, 32-bit, adobe after effects, analysis, antivir, avgntflt.sys, avira, bho, black, corp./icp, cs4/contributeieplugin.dll, desktop, enigma, error, excel, excel.exe, firefox, firefox.exe, flash player, google, home, home premium, iastor.sys, indesign, install.exe, location, logfile, microsoft office 2003, microsoft office word, mozilla, nt.dll, nvlddmkm.sys, office 2007, oldtimer, otl.exe, pixel, programdata, programm, realtek, registry, saver, sched.exe, searchplugins, security, senden, server, shell32.dll, software, staropen, start menu, studio, svchost.exe, t-mobile, third party, usb, verweise, virus gefunden, vista, wallpapers, windows, wiso



Ähnliche Themen: Trojanerproblem


  1. Trojanerproblem/*.vbs entdeckt
    Plagegeister aller Art und deren Bekämpfung - 28.04.2013 (21)
  2. GUV Trojanerproblem
    Log-Analyse und Auswertung - 23.02.2013 (10)
  3. Trojanerproblem
    Alles rund um Windows - 18.08.2012 (1)
  4. HiJackThis Log nach Trojanerproblem
    Log-Analyse und Auswertung - 03.01.2012 (11)
  5. Trojanerproblem
    Plagegeister aller Art und deren Bekämpfung - 03.10.2010 (28)
  6. Trojanerproblem
    Mülltonne - 17.05.2008 (0)
  7. Großes Trojanerproblem
    Log-Analyse und Auswertung - 11.05.2008 (30)
  8. Trojanerproblem HJT-Log
    Log-Analyse und Auswertung - 22.02.2008 (10)
  9. Trojanerproblem: TR/PWS.Sinowal.Gen
    Plagegeister aller Art und deren Bekämpfung - 12.11.2007 (2)
  10. Trojanerproblem
    Mülltonne - 12.11.2007 (0)
  11. Viren- oder Trojanerproblem?
    Log-Analyse und Auswertung - 02.08.2007 (10)
  12. Trojanerproblem
    Log-Analyse und Auswertung - 25.10.2006 (1)
  13. Trojanerproblem
    Plagegeister aller Art und deren Bekämpfung - 03.04.2006 (2)
  14. Trojanerproblem, bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 08.01.2006 (9)
  15. Massives Trojanerproblem und mehr
    Plagegeister aller Art und deren Bekämpfung - 15.09.2005 (9)
  16. fetzn trojanerproblem-needing help
    Plagegeister aller Art und deren Bekämpfung - 26.09.2004 (11)
  17. Grosses Trojanerproblem!!!!!!!!!!!!!
    Plagegeister aller Art und deren Bekämpfung - 05.07.2004 (2)

Zum Thema Trojanerproblem - Da ich neu hier bin sage ich erstmal ein freundliches Hallo an alle. Ich habe schon einiges über Google und eure SuFu probiert,aber bisher habe ich noch keine Lösung gefunden. - Trojanerproblem...
Archiv
Du betrachtest: Trojanerproblem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.