Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: FakeAlert!grb eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.05.2011, 20:14   #1
moitrich
 
FakeAlert!grb eingefangen - Standard

FakeAlert!grb eingefangen



Hallo,
ich benötige Eure Hilfe.
Habe mir vor 2 Tagen einen Trojaner eingefangen.
McAfee sagt:
"McAfee hat auf ihrem Computer eine Bedrohung (Trojaner) entdeckt und etfernt. Es sind keine weiteren Maßnahmen notwendig."
Unter "Details" steht:
FakeAlert!grb
C\ProgramData\33218296

Leider ist er nicht weg.
Folgende Symptome habe ich:
- Desktopsymbole weg
- Ordner angeblich leer
- Fehlermeldung von Windows Vista Recovery ständig am Desktop
- Festplatte angeblich beschädigt
- RAM Temperatur angeblich zu hoch etc.

Was ich bisher gemacht haber:
- Windows mit Sichern und Wiederherstellen um eine Woche zurückgesetzt, brachte keine Lösung


Hier das Malwarebytes Logfiles:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6618

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

19.05.2011 19:56:58
mbam-log-2011-05-19 (19-56-58).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161390
Laufzeit: 15 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\programdata\33218296.exe (Trojan.FakeAlert.Gen) -> 2720 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\blyadstvoeb (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\alex und ramona\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\33218296.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\blyadstvoeb\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.




Hier das OTL logfile:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.05.2011 20:00:03 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Alex und Ramona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 269,41 Gb Total Space | 75,42 Gb Free Space | 28,00% Space Free | Partition Type: NTFS
Drive D: | 28,67 Gb Total Space | 20,52 Gb Free Space | 71,60% Space Free | Partition Type: FAT32
Drive E: | 596,17 Gb Total Space | 292,30 Gb Free Space | 49,03% Space Free | Partition Type: NTFS
 
Computer Name: MEDION-MD8822 | User Name: Alex und Ramona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Alex und Ramona\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
PRC - C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Programme\Home Cinema\TV Enhance\TVEService.exe (CyberLink Corp.)
PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Alex und Ramona\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\McAfee\SiteAdvisor\sahook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (srvcPVR) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation)
DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation)
DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation)
DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation)
DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation)
DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation)
DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation)
DRV - (s816mdm) -- C:\Windows\System32\drivers\s816mdm.sys (MCCI Corporation)
DRV - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s816mgmt.sys (MCCI Corporation)
DRV - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\System32\drivers\s816unic.sys (MCCI)
DRV - (s816obex) -- C:\Windows\System32\drivers\s816obex.sys (MCCI Corporation)
DRV - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\System32\drivers\s816nd5.sys (MCCI Corporation)
DRV - (s816mdfl) -- C:\Windows\System32\drivers\s816mdfl.sys (MCCI Corporation)
DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\System32\drivers\s816bus.sys (MCCI Corporation)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (xfilt) -- C:\Windows\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\Windows\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (LBeepKE) -- C:\Windows\System32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (LHidKe) -- C:\Windows\System32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\Windows\System32\drivers\LMOUKE.sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.SYS (Logitech, Inc.)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.03.03 13:15:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.12 19:45:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.08 19:15:30 | 000,000,000 | ---D | M]
 
[2009.01.10 04:30:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alex und Ramona\AppData\Roaming\mozilla\Extensions
[2010.01.13 01:38:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alex und Ramona\AppData\Roaming\mozilla\Firefox\Profiles\167hx8in.default\extensions
[2011.02.22 01:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.26 00:06:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.23 17:21:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.08 00:09:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.25 14:04:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.22 01:18:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.03.03 13:15:52 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2009.05.05 20:41:30 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009.01.11 22:05:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.03.27 00:02:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.08.30 18:47:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.10.21 18:11:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.11.17 17:41:18 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.26 00:06:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.23 17:21:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.08 00:09:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.02.27 02:16:06 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.02.27 02:16:06 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.02.27 02:16:06 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.02.27 02:16:06 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.02.27 02:16:06 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20110512194549.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [InstantOn] C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [TVEService] C:\Program Files\Home Cinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [fJhJIqofiBapKso] File not found
O4 - HKCU..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kba.de ([www] * in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: sachvip-argetp21.de ([www] * in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: tuev-dekra.de ([sachvip-rili1] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: tuev-dekra.de ([www] * in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: tuev-sued.de ([as-info] https in Vertrauenswürdige Sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.109.123.197 213.191.74.19
O18 - Protocol\Handler\bw+0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {6E0C4909-2D5F-49A4-9E4E-41F09409F5F9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Alex und Ramona\Pictures\Alex\Diverses\IMOT\HD_2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alex und Ramona\Pictures\Alex\Diverses\IMOT\HD_2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0228f194-efd2-11df-8366-0019db5bbb46}\Shell - "" = AutoRun
O33 - MountPoints2\{0228f194-efd2-11df-8366-0019db5bbb46}\Shell\AutoRun\command - "" = K:\Startme.exe
O33 - MountPoints2\{93a8c3ed-3de3-11de-8980-0019db5bbb46}\Shell\AutoRun\command - "" = K:\pstart.exe
O33 - MountPoints2\{93a8c3ed-3de3-11de-8980-0019db5bbb46}\Shell\open\command - "" = K:\pstart.exe
O33 - MountPoints2\{b45d55cb-de4f-11dd-b976-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b45d55cb-de4f-11dd-b976-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\{daf968c7-3944-11de-be22-0019db5bbb46}\Shell\AutoRun\command - "" = K:\pstart.exe
O33 - MountPoints2\{daf968c7-3944-11de-be22-0019db5bbb46}\Shell\open\command - "" = K:\pstart.exe
O33 - MountPoints2\{e8aae153-310f-11df-b84b-0019db5bbb46}\Shell\AutoRun\command - "" = pbudsara.exe
O33 - MountPoints2\{e8aae153-310f-11df-b84b-0019db5bbb46}\Shell\open\Command - "" = pbudsara.exe
O33 - MountPoints2\{efb1555f-37c4-11de-98b0-0019db5bbb46}\Shell\AutoRun\command - "" = K:\PStart.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.19 19:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.05.19 19:51:14 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2011.05.19 19:27:54 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Alex und Ramona\Desktop\OTL.exe
[2011.05.19 19:22:56 | 000,000,000 | -H-D | C] -- C:\Users\Alex und Ramona\AppData\Roaming\Malwarebytes
[2011.05.19 19:22:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.19 19:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.19 19:22:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.05.19 19:22:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.19 19:22:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.19 19:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.05.18 00:07:28 | 000,000,000 | -H-D | C] -- C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011.05.13 11:26:03 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.12 19:21:51 | 000,000,000 | -H-D | C] -- C:\Users\Alex und Ramona\AppData\Local\WinZip
[2011.04.27 21:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.27 21:37:29 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.04.27 21:33:37 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.04.27 02:11:48 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.27 02:11:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.27 02:11:42 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.25 21:42:29 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.25 21:42:28 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.25 21:42:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.25 21:42:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.25 21:42:26 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.25 21:42:26 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.25 21:42:26 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.25 21:42:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.25 21:42:23 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.25 21:42:23 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.25 21:42:23 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.25 21:42:23 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.25 21:42:23 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.25 21:42:22 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.25 21:42:22 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.25 21:42:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.25 21:42:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.25 21:42:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.25 21:42:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.25 21:42:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.25 21:42:21 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.25 21:42:20 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.25 21:42:20 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.25 21:42:20 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.25 21:42:19 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.25 21:42:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.25 21:42:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.25 21:42:16 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.25 21:42:15 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.25 21:42:15 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.25 21:42:14 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.25 21:42:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.25 21:42:13 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.25 21:42:13 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.25 21:42:13 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.25 21:42:13 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.25 21:42:13 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.25 21:42:13 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.25 21:42:12 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.19 19:58:06 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\skwg.sys
[2011.05.19 19:27:58 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Alex und Ramona\Desktop\OTL.exe
[2011.05.19 19:22:46 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.19 19:13:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.19 19:13:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.19 19:13:21 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.19 19:13:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.19 19:13:11 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.19 19:07:18 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.18 18:45:23 | 000,665,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.18 18:45:23 | 000,627,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.18 18:45:23 | 000,141,146 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.18 18:45:23 | 000,116,120 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.18 00:26:10 | 000,000,016 | -H-- | M] () -- C:\ProgramData\~33218296
[2011.05.18 00:07:29 | 000,000,599 | -H-- | M] () -- C:\Users\Alex und Ramona\Desktop\Windows Vista Recovery.lnk
[2011.05.17 16:33:33 | 000,007,052 | -H-- | M] () -- C:\Users\Alex und Ramona\AppData\Local\d3d9caps.dat
[2011.05.13 11:26:04 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.04.27 21:40:04 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011.04.25 21:42:42 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.04.25 21:42:42 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.04.25 21:42:29 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.25 21:42:28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.25 21:42:28 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.25 21:42:26 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.25 21:42:26 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.25 21:42:26 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.25 21:42:26 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.25 21:42:26 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.25 21:42:24 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.25 21:42:23 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.25 21:42:23 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.25 21:42:23 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.25 21:42:23 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.25 21:42:23 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.25 21:42:22 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.25 21:42:22 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.25 21:42:22 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.25 21:42:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.25 21:42:22 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.04.25 21:42:22 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.25 21:42:22 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.25 21:42:21 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.25 21:42:20 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.25 21:42:20 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.25 21:42:20 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.25 21:42:19 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.25 21:42:17 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.25 21:42:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.25 21:42:16 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.25 21:42:15 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.25 21:42:15 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.25 21:42:14 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.25 21:42:14 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.25 21:42:14 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.25 21:42:13 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.25 21:42:13 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.25 21:42:13 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.25 21:42:13 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.25 21:42:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.25 21:42:12 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
 
========== Files Created - No Company Name ==========
 
[2011.05.19 19:58:06 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\skwg.sys
[2011.05.19 19:22:46 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.18 00:07:29 | 000,000,599 | -H-- | C] () -- C:\Users\Alex und Ramona\Desktop\Windows Vista Recovery.lnk
[2011.05.18 00:07:29 | 000,000,016 | -H-- | C] () -- C:\ProgramData\~33218296
[2011.04.27 01:17:47 | 000,002,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2011.04.27 01:17:47 | 000,001,837 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011.04.27 01:17:47 | 000,001,792 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011.04.27 01:17:47 | 000,001,161 | -H-- | C] () -- C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2011.04.25 21:42:22 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010.05.31 11:33:54 | 000,000,699 | ---- | C] () -- C:\Windows\wiso.ini
[2009.09.24 14:01:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 14:01:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.02.17 23:10:14 | 000,000,116 | -H-- | C] () -- C:\Users\Alex und Ramona\AppData\Roaming\wklnhst.dat
[2009.01.18 21:02:33 | 000,000,188 | -H-- | C] () -- C:\Users\Alex und Ramona\AppData\Roaming\Default.PLS
[2009.01.09 23:28:57 | 000,118,784 | R--- | C] () -- C:\Windows\bwUnin-7.2.0.137-8876480SL.exe
[2009.01.09 22:27:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.01.09 22:25:42 | 000,126,464 | -H-- | C] () -- C:\Users\Alex und Ramona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.09 15:56:41 | 000,007,052 | -H-- | C] () -- C:\Users\Alex und Ramona\AppData\Local\d3d9caps.dat
[2007.02.26 18:14:35 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007.02.26 18:14:35 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007.02.10 17:17:37 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.02.09 16:43:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.02.09 15:32:51 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2007.02.09 15:12:31 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2006.12.11 06:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 17:33:31 | 000,665,870 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,141,146 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,406,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,627,296 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,116,120 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.20 08:34:10 | 000,000,000 | -H-- | C] () -- C:\Windows\Buhl.ini
[2002.03.13 14:15:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\mupkernps11.dll
 
========== LOP Check ==========
 
[2010.05.31 11:42:39 | 000,000,000 | -H-D | M] -- C:\Users\Alex und Ramona\AppData\Roaming\Buhl Data Service
[2011.01.04 21:19:45 | 000,000,000 | -H-D | M] -- C:\Users\Alex und Ramona\AppData\Roaming\Canon
[2011.02.09 01:13:49 | 000,000,000 | -H-D | M] -- C:\Users\Alex und Ramona\AppData\Roaming\MyPhoneExplorer
[2009.05.05 20:46:33 | 000,000,000 | -H-D | M] -- C:\Users\Alex und Ramona\AppData\Roaming\OpenOffice.org
[2009.02.17 23:10:16 | 000,000,000 | -H-D | M] -- C:\Users\Alex und Ramona\AppData\Roaming\Template
[2011.05.19 19:11:56 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:8FF81EB0
 
< End of report >
         
--- --- ---

Alt 19.05.2011, 20:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!grb eingefangen - Standard

FakeAlert!grb eingefangen



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 20.05.2011, 06:40   #3
moitrich
 
FakeAlert!grb eingefangen - Standard

FakeAlert!grb eingefangen



Hallo Arne,
nach dem Malwarebytes Scan und anschließendem Neustart poppt die Fehlermeldung "critical system error" nicht mehr auf.
Desktop ist weiterhin schwarz, Ordner sind weiterhin angeblich leer.

Hier der vollständige Scan:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6619

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

20.05.2011 06:36:22
mbam-log-2011-05-20 (06-36-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 485786
Laufzeit: 4 Stunde(n), 14 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\users\alex und ramona\appdata\local\microsoft\windows\temporary internet files\content.ie5\5e31ak97\readme[1].exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
__________________

Alt 20.05.2011, 10:25   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!grb eingefangen - Standard

FakeAlert!grb eingefangen



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [fJhJIqofiBapKso] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0228f194-efd2-11df-8366-0019db5bbb46}\Shell - "" = AutoRun
O33 - MountPoints2\{0228f194-efd2-11df-8366-0019db5bbb46}\Shell\AutoRun\command - "" = K:\Startme.exe
O33 - MountPoints2\{93a8c3ed-3de3-11de-8980-0019db5bbb46}\Shell\AutoRun\command - "" = K:\pstart.exe
O33 - MountPoints2\{93a8c3ed-3de3-11de-8980-0019db5bbb46}\Shell\open\command - "" = K:\pstart.exe
O33 - MountPoints2\{b45d55cb-de4f-11dd-b976-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b45d55cb-de4f-11dd-b976-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\{daf968c7-3944-11de-be22-0019db5bbb46}\Shell\AutoRun\command - "" = K:\pstart.exe
O33 - MountPoints2\{daf968c7-3944-11de-be22-0019db5bbb46}\Shell\open\command - "" = K:\pstart.exe
O33 - MountPoints2\{e8aae153-310f-11df-b84b-0019db5bbb46}\Shell\AutoRun\command - "" = pbudsara.exe
O33 - MountPoints2\{e8aae153-310f-11df-b84b-0019db5bbb46}\Shell\open\Command - "" = pbudsara.exe
O33 - MountPoints2\{efb1555f-37c4-11de-98b0-0019db5bbb46}\Shell\AutoRun\command - "" = K:\PStart.exe
[2011.05.18 00:26:10 | 000,000,016 | -H-- | M] () -- C:\ProgramData\~33218296
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:8FF81EB0
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.05.2011, 18:19   #5
moitrich
 
FakeAlert!grb eingefangen - Standard

FakeAlert!grb eingefangen



========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fJhJIqofiBapKso deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0228f194-efd2-11df-8366-0019db5bbb46}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0228f194-efd2-11df-8366-0019db5bbb46}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0228f194-efd2-11df-8366-0019db5bbb46}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0228f194-efd2-11df-8366-0019db5bbb46}\ not found.
File K:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93a8c3ed-3de3-11de-8980-0019db5bbb46}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93a8c3ed-3de3-11de-8980-0019db5bbb46}\ not found.
File K:\pstart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93a8c3ed-3de3-11de-8980-0019db5bbb46}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93a8c3ed-3de3-11de-8980-0019db5bbb46}\ not found.
File K:\pstart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b45d55cb-de4f-11dd-b976-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b45d55cb-de4f-11dd-b976-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b45d55cb-de4f-11dd-b976-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b45d55cb-de4f-11dd-b976-806e6f6e6963}\ not found.
File G:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daf968c7-3944-11de-be22-0019db5bbb46}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daf968c7-3944-11de-be22-0019db5bbb46}\ not found.
File K:\pstart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daf968c7-3944-11de-be22-0019db5bbb46}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daf968c7-3944-11de-be22-0019db5bbb46}\ not found.
File K:\pstart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8aae153-310f-11df-b84b-0019db5bbb46}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8aae153-310f-11df-b84b-0019db5bbb46}\ not found.
File pbudsara.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8aae153-310f-11df-b84b-0019db5bbb46}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8aae153-310f-11df-b84b-0019db5bbb46}\ not found.
File pbudsara.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efb1555f-37c4-11de-98b0-0019db5bbb46}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{efb1555f-37c4-11de-98b0-0019db5bbb46}\ not found.
File K:\PStart.exe not found.
C:\ProgramData\~33218296 moved successfully.
ADS C:\ProgramData\Temp:8FF81EB0 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05202011_181804


Alt 20.05.2011, 22:21   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!grb eingefangen - Standard

FakeAlert!grb eingefangen



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> FakeAlert!grb eingefangen

Alt 21.05.2011, 00:38   #7
moitrich
 
FakeAlert!grb eingefangen - Standard

FakeAlert!grb eingefangen



2011/05/21 00:36:54.0122 5204 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/21 00:36:55.0911 5204 ================================================================================
2011/05/21 00:36:55.0911 5204 SystemInfo:
2011/05/21 00:36:55.0911 5204
2011/05/21 00:36:55.0911 5204 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/21 00:36:55.0911 5204 Product type: Workstation
2011/05/21 00:36:55.0911 5204 ComputerName: MEDION-MD8822
2011/05/21 00:36:55.0911 5204 UserName: Alex und Ramona
2011/05/21 00:36:55.0911 5204 Windows directory: C:\Windows
2011/05/21 00:36:55.0911 5204 System windows directory: C:\Windows
2011/05/21 00:36:55.0912 5204 Processor architecture: Intel x86
2011/05/21 00:36:55.0912 5204 Number of processors: 2
2011/05/21 00:36:55.0912 5204 Page size: 0x1000
2011/05/21 00:36:55.0912 5204 Boot type: Normal boot
2011/05/21 00:36:55.0912 5204 ================================================================================
2011/05/21 00:37:03.0431 5204 Initialize success
2011/05/21 00:37:07.0496 3068 ================================================================================
2011/05/21 00:37:07.0496 3068 Scan started
2011/05/21 00:37:07.0496 3068 Mode: Manual;
2011/05/21 00:37:07.0496 3068 ================================================================================
2011/05/21 00:37:10.0192 3068 3xHybrid (5abd10518dec48b4fa5ffc03b73402e5) C:\Windows\system32\DRIVERS\3xHybrid.sys
2011/05/21 00:37:11.0181 3068 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/21 00:37:11.0369 3068 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/21 00:37:11.0584 3068 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/21 00:37:11.0695 3068 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/21 00:37:11.0788 3068 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/21 00:37:12.0009 3068 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/21 00:37:12.0210 3068 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/21 00:37:12.0283 3068 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/21 00:37:12.0387 3068 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/21 00:37:12.0457 3068 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/21 00:37:12.0521 3068 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/21 00:37:12.0589 3068 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/21 00:37:12.0823 3068 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/21 00:37:13.0020 3068 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/21 00:37:13.0296 3068 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/21 00:37:13.0376 3068 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/21 00:37:13.0474 3068 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/21 00:37:13.0605 3068 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/21 00:37:13.0730 3068 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/21 00:37:13.0787 3068 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/21 00:37:13.0879 3068 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/21 00:37:13.0926 3068 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/21 00:37:13.0980 3068 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/21 00:37:14.0019 3068 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/21 00:37:14.0099 3068 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/21 00:37:14.0223 3068 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/21 00:37:14.0313 3068 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/21 00:37:14.0483 3068 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
2011/05/21 00:37:14.0523 3068 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/21 00:37:14.0600 3068 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/21 00:37:14.0878 3068 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/21 00:37:14.0968 3068 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/05/21 00:37:15.0075 3068 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/21 00:37:15.0146 3068 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/21 00:37:15.0591 3068 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/21 00:37:15.0785 3068 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/21 00:37:15.0956 3068 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/21 00:37:16.0057 3068 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/21 00:37:16.0195 3068 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/21 00:37:16.0304 3068 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/21 00:37:16.0455 3068 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/21 00:37:16.0629 3068 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/21 00:37:16.0709 3068 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/21 00:37:16.0753 3068 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/21 00:37:16.0862 3068 FETNDIS (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
2011/05/21 00:37:16.0935 3068 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/21 00:37:17.0026 3068 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/21 00:37:17.0078 3068 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/21 00:37:17.0171 3068 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/21 00:37:17.0298 3068 fssfltr (574cea4d3510ec905c0163c42d305ba5) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/05/21 00:37:17.0653 3068 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/21 00:37:17.0717 3068 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/21 00:37:17.0821 3068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/21 00:37:18.0011 3068 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/05/21 00:37:18.0175 3068 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/05/21 00:37:18.0486 3068 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/21 00:37:18.0584 3068 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/21 00:37:18.0698 3068 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/21 00:37:18.0740 3068 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/21 00:37:18.0848 3068 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/21 00:37:18.0917 3068 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/21 00:37:19.0000 3068 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/21 00:37:19.0077 3068 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/21 00:37:19.0164 3068 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/21 00:37:19.0225 3068 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/21 00:37:19.0277 3068 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/21 00:37:19.0387 3068 IntcAzAudAddService (04bef1c4aa990e0d5851c7532fc8642c) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/21 00:37:19.0599 3068 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/05/21 00:37:19.0673 3068 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/21 00:37:19.0779 3068 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/21 00:37:19.0878 3068 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/21 00:37:19.0966 3068 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/21 00:37:20.0080 3068 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/21 00:37:20.0166 3068 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/21 00:37:20.0251 3068 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/21 00:37:20.0319 3068 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/21 00:37:20.0383 3068 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/21 00:37:20.0457 3068 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\Windows\system32\DRIVERS\k750bus.sys
2011/05/21 00:37:20.0601 3068 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/21 00:37:20.0688 3068 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/21 00:37:20.0755 3068 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/21 00:37:20.0897 3068 L8042Kbd (e141ab3701ea166109212dca4b28ca2c) C:\Windows\system32\Drivers\L8042Kbd.sys
2011/05/21 00:37:21.0158 3068 LBeepKE (b28c741ae2912a079cf90041a9e5c0a4) C:\Windows\system32\Drivers\LBeepKE.sys
2011/05/21 00:37:21.0395 3068 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/05/21 00:37:21.0527 3068 LHidKe (dd40c03d85649205ec086722474c8a63) C:\Windows\system32\DRIVERS\LHidKE.Sys
2011/05/21 00:37:21.0647 3068 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/21 00:37:21.0732 3068 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/05/21 00:37:21.0922 3068 LMouKE (2ebd4c02d259944869630a912ec86bce) C:\Windows\system32\DRIVERS\LMouKE.Sys
2011/05/21 00:37:22.0039 3068 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/21 00:37:22.0110 3068 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/21 00:37:22.0168 3068 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/21 00:37:22.0218 3068 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/21 00:37:22.0289 3068 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/05/21 00:37:22.0557 3068 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/21 00:37:22.0635 3068 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys
2011/05/21 00:37:22.0948 3068 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
2011/05/21 00:37:23.0160 3068 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
2011/05/21 00:37:23.0256 3068 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
2011/05/21 00:37:23.0410 3068 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys
2011/05/21 00:37:23.0555 3068 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/05/21 00:37:23.0708 3068 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
2011/05/21 00:37:23.0892 3068 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2011/05/21 00:37:24.0089 3068 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
2011/05/21 00:37:24.0259 3068 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
2011/05/21 00:37:24.0471 3068 MOBKFilter (e896775837a8bce436348df460522394) C:\Windows\system32\DRIVERS\MOBK.sys
2011/05/21 00:37:24.0673 3068 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/21 00:37:24.0733 3068 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/21 00:37:24.0782 3068 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/21 00:37:24.0844 3068 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/21 00:37:24.0923 3068 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/21 00:37:24.0993 3068 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/21 00:37:25.0048 3068 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/21 00:37:25.0145 3068 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/21 00:37:25.0235 3068 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/21 00:37:25.0397 3068 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/21 00:37:25.0593 3068 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/21 00:37:25.0840 3068 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/21 00:37:26.0015 3068 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/21 00:37:26.0082 3068 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/21 00:37:26.0169 3068 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/21 00:37:26.0270 3068 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/21 00:37:26.0392 3068 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/21 00:37:26.0465 3068 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/21 00:37:26.0536 3068 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/21 00:37:26.0618 3068 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/21 00:37:26.0713 3068 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/21 00:37:26.0757 3068 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/21 00:37:26.0865 3068 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/21 00:37:27.0016 3068 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/21 00:37:27.0283 3068 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/21 00:37:27.0430 3068 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/21 00:37:27.0516 3068 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/21 00:37:27.0615 3068 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/21 00:37:27.0686 3068 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/21 00:37:27.0790 3068 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/21 00:37:27.0850 3068 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/21 00:37:28.0019 3068 netr73 (91d44aa2a61006136da32118a179bf12) C:\Windows\system32\DRIVERS\netr73.sys
2011/05/21 00:37:28.0258 3068 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/21 00:37:28.0362 3068 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/21 00:37:28.0448 3068 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/21 00:37:28.0567 3068 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/21 00:37:28.0707 3068 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/21 00:37:28.0774 3068 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/21 00:37:29.0061 3068 nvlddmkm (68ba207655b6cd6bbdcb8917c8f241f5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/21 00:37:29.0591 3068 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/21 00:37:29.0663 3068 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/21 00:37:29.0752 3068 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/21 00:37:30.0092 3068 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/21 00:37:30.0180 3068 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/05/21 00:37:30.0248 3068 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/21 00:37:30.0294 3068 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/21 00:37:30.0404 3068 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/21 00:37:30.0468 3068 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/05/21 00:37:30.0552 3068 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/21 00:37:30.0631 3068 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/21 00:37:30.0844 3068 Ph3xIB32 (9f2f541c52cd7a452e235e885f7d95de) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
2011/05/21 00:37:31.0279 3068 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/21 00:37:31.0372 3068 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/21 00:37:31.0456 3068 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/21 00:37:31.0553 3068 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/21 00:37:31.0678 3068 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/21 00:37:31.0768 3068 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/21 00:37:31.0920 3068 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/21 00:37:32.0140 3068 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/21 00:37:32.0231 3068 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/21 00:37:32.0301 3068 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/21 00:37:32.0380 3068 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/21 00:37:32.0451 3068 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/21 00:37:32.0557 3068 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/21 00:37:32.0618 3068 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/21 00:37:32.0699 3068 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/21 00:37:32.0896 3068 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/21 00:37:33.0041 3068 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/21 00:37:33.0112 3068 s1029bus (69013a123a00b3042c260b0056df0152) C:\Windows\system32\DRIVERS\s1029bus.sys
2011/05/21 00:37:33.0319 3068 s1029mdfl (1565fc31f872963fe8af471123d8424c) C:\Windows\system32\DRIVERS\s1029mdfl.sys
2011/05/21 00:37:33.0469 3068 s1029mdm (d67a8042ecf6c983ac0e308b36603677) C:\Windows\system32\DRIVERS\s1029mdm.sys
2011/05/21 00:37:33.0609 3068 s1029mgmt (9ac56f06c1e13a963c82ebd067fdf274) C:\Windows\system32\DRIVERS\s1029mgmt.sys
2011/05/21 00:37:33.0787 3068 s1029nd5 (00c66c6baafb2747f15f94f15888c94a) C:\Windows\system32\DRIVERS\s1029nd5.sys
2011/05/21 00:37:33.0926 3068 s1029obex (6fc093aba554e45755dc2f3896b6c8d7) C:\Windows\system32\DRIVERS\s1029obex.sys
2011/05/21 00:37:34.0069 3068 s1029unic (9979b0e68815394665b2109b03d15fa1) C:\Windows\system32\DRIVERS\s1029unic.sys
2011/05/21 00:37:34.0247 3068 s117bus (1f561844318914e7eb6e54673a4cc54c) C:\Windows\system32\DRIVERS\s117bus.sys
2011/05/21 00:37:34.0437 3068 s117mdfl (ba93eec3cdf6a63b77ae66221aa4f902) C:\Windows\system32\DRIVERS\s117mdfl.sys
2011/05/21 00:37:34.0650 3068 s117mdm (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\Windows\system32\DRIVERS\s117mdm.sys
2011/05/21 00:37:34.0774 3068 s117mgmt (bd6483e64b1da17e812b34bcdefd9459) C:\Windows\system32\DRIVERS\s117mgmt.sys
2011/05/21 00:37:34.0969 3068 s117nd5 (c7ca36c3054b4cd47a1f6611b046e2f9) C:\Windows\system32\DRIVERS\s117nd5.sys
2011/05/21 00:37:35.0113 3068 s117obex (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\Windows\system32\DRIVERS\s117obex.sys
2011/05/21 00:37:35.0251 3068 s117unic (5c4d1ba23c7511ac880e8ba7baa80dba) C:\Windows\system32\DRIVERS\s117unic.sys
2011/05/21 00:37:35.0472 3068 s816bus (8c156e6b568aa927eb5deadeb870bdd2) C:\Windows\system32\DRIVERS\s816bus.sys
2011/05/21 00:37:35.0693 3068 s816mdfl (d4ed429953a2b8b09c702805813a26c8) C:\Windows\system32\DRIVERS\s816mdfl.sys
2011/05/21 00:37:35.0843 3068 s816mdm (94306f371a6ff8b690bea81157111b3b) C:\Windows\system32\DRIVERS\s816mdm.sys
2011/05/21 00:37:35.0997 3068 s816mgmt (fafdd00abad1b6029bf7f4067764ab41) C:\Windows\system32\DRIVERS\s816mgmt.sys
2011/05/21 00:37:36.0163 3068 s816nd5 (fd0d1e39cb22558d79bff59b66a5874a) C:\Windows\system32\DRIVERS\s816nd5.sys
2011/05/21 00:37:36.0307 3068 s816obex (8eacd5e46764463e75f171d9bf305348) C:\Windows\system32\DRIVERS\s816obex.sys
2011/05/21 00:37:36.0497 3068 s816unic (e2090b041b935430abc8e184b7d6cd75) C:\Windows\system32\DRIVERS\s816unic.sys
2011/05/21 00:37:36.0662 3068 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/21 00:37:36.0829 3068 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/21 00:37:36.0940 3068 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/21 00:37:37.0184 3068 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/05/21 00:37:37.0272 3068 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/21 00:37:37.0364 3068 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/21 00:37:37.0441 3068 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/21 00:37:37.0511 3068 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/21 00:37:37.0591 3068 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/21 00:37:37.0683 3068 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/21 00:37:37.0766 3068 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/21 00:37:37.0892 3068 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/21 00:37:37.0984 3068 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/21 00:37:38.0101 3068 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/21 00:37:38.0346 3068 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/21 00:37:38.0537 3068 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/21 00:37:38.0782 3068 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/21 00:37:38.0898 3068 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/21 00:37:38.0967 3068 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/21 00:37:39.0063 3068 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/21 00:37:39.0224 3068 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/21 00:37:39.0416 3068 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/21 00:37:39.0500 3068 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/21 00:37:39.0561 3068 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/21 00:37:39.0697 3068 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/21 00:37:39.0784 3068 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/21 00:37:39.0932 3068 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/21 00:37:40.0070 3068 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/21 00:37:40.0146 3068 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/21 00:37:40.0221 3068 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/21 00:37:40.0301 3068 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/21 00:37:40.0373 3068 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/21 00:37:40.0458 3068 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/21 00:37:40.0527 3068 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/21 00:37:40.0648 3068 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/21 00:37:40.0748 3068 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/21 00:37:40.0859 3068 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/21 00:37:40.0965 3068 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/21 00:37:41.0148 3068 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/21 00:37:41.0210 3068 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/21 00:37:41.0326 3068 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/21 00:37:41.0433 3068 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/21 00:37:41.0518 3068 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/21 00:37:41.0585 3068 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/21 00:37:41.0702 3068 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/21 00:37:41.0769 3068 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/21 00:37:41.0835 3068 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/21 00:37:41.0935 3068 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/21 00:37:42.0015 3068 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/21 00:37:42.0098 3068 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/21 00:37:42.0141 3068 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/21 00:37:42.0230 3068 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/21 00:37:42.0294 3068 videX32 (f95c0fcfbcbda6d8f202d2df4052f88d) C:\Windows\system32\DRIVERS\videX32.sys
2011/05/21 00:37:42.0597 3068 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/21 00:37:42.0704 3068 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/21 00:37:42.0780 3068 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/21 00:37:42.0856 3068 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/21 00:37:42.0972 3068 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/21 00:37:43.0042 3068 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/21 00:37:43.0092 3068 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/21 00:37:43.0193 3068 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/21 00:37:43.0280 3068 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/21 00:37:43.0526 3068 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/21 00:37:43.0670 3068 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/21 00:37:43.0753 3068 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/21 00:37:43.0891 3068 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/21 00:37:44.0020 3068 X10Hid (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
2011/05/21 00:37:44.0312 3068 xfilt (bec604cdc548a528ebd3d7aa1dd46a89) C:\Windows\system32\DRIVERS\xfilt.sys
2011/05/21 00:37:44.0477 3068 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
2011/05/21 00:37:44.0609 3068 ================================================================================
2011/05/21 00:37:44.0609 3068 Scan finished
2011/05/21 00:37:44.0609 3068 ================================================================================

Alt 21.05.2011, 14:00   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!grb eingefangen - Standard

FakeAlert!grb eingefangen



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.05.2011, 15:32   #9
moitrich
 
FakeAlert!grb eingefangen - Standard

FakeAlert!grb eingefangen



ComboFix 11-05-19.01 - Alex und Ramona 21.05.2011 14:55:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1190 [GMT 2:00]
ausgeführt von:: C:\Users\Alex und Ramona\Desktop\cofi.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\Sony Ericsson PC Software.ico
C:\Users\Alex und Ramona\GoToAssistDownloadHelper.exe


((((((((((((((((((((((( Dateien erstellt von 2011-04-21 bis 2011-05-21 ))))))))))))))))))))))))))))))


2011-05-21 13:14:31 . 2011-05-21 13:15:02 -------- d-----w- C:\Users\Alex und Ramona\AppData\Local\temp
2011-05-21 13:14:31 . 2011-05-21 13:14:31 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-05-20 16:18:04 . 2011-05-20 16:18:04 -------- d-----w- C:\_OTL
2011-05-19 17:51:14 . 2011-05-19 17:51:16 -------- d-----w- C:\Program Files\7-Zip
2011-05-19 17:22:56 . 2011-05-19 17:22:56 -------- d-----w- C:\Users\Alex und Ramona\AppData\Roaming\Malwarebytes
2011-05-19 17:22:45 . 2010-12-20 16:09:00 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-05-19 17:22:43 . 2011-05-19 17:22:43 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-19 17:22:40 . 2010-12-20 16:08:40 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-05-19 17:22:39 . 2011-05-19 17:22:49 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-05-13 09:26:03 . 2011-05-13 09:26:04 404640 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2011-05-12 17:21:51 . 2011-05-12 17:21:51 -------- d-----w- C:\Users\Alex und Ramona\AppData\Local\WinZip
2011-05-11 21:58:09 . 2011-04-07 12:01:52 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-04-28 09:17:17 . 2011-04-28 09:17:17 1186056 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-27 19:37:29 . 2011-04-27 19:37:29 -------- d-----w- C:\Program Files\iPod
2011-04-27 19:33:37 . 2011-04-27 19:33:39 -------- d-----w- C:\Program Files\Bonjour
2011-04-27 00:11:48 . 2011-03-03 15:40:13 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll
2011-04-27 00:11:48 . 2011-03-03 13:35:36 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-04-27 00:11:42 . 2011-03-12 21:55:52 876032 ----a-w- C:\Windows\system32\XpsPrint.dll
2011-04-25 18:36:29 . 2011-04-25 18:36:29 9310 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(13)\TEXTBOX.JS
.


(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-04-14 12:01:38 . 2010-04-13 17:41:16 9344 ----a-w- C:\Windows\system32\drivers\mfeclnk.sys
2011-04-14 12:01:38 . 2010-04-13 17:41:02 95824 ----a-w- C:\Windows\system32\drivers\mfeapfk.sys
2011-04-14 12:01:38 . 2010-04-13 17:41:02 84488 ----a-w- C:\Windows\system32\drivers\mferkdet.sys
2011-04-14 12:01:38 . 2010-04-13 17:41:02 64584 ----a-w- C:\Windows\system32\drivers\mfenlfk.sys
2011-04-14 12:01:38 . 2010-04-13 17:41:02 56064 ----a-w- C:\Windows\system32\drivers\cfwids.sys
2011-04-14 12:01:38 . 2010-04-13 17:41:02 387480 ----a-w- C:\Windows\system32\drivers\mfehidk.sys
2011-04-14 12:01:38 . 2010-04-13 17:41:02 314088 ----a-w- C:\Windows\system32\drivers\mfefirek.sys
2011-04-14 12:01:38 . 2010-04-13 17:41:02 165032 ----a-w- C:\Windows\system32\drivers\mfewfpk.sys
2011-04-14 12:01:38 . 2009-01-09 14:21:45 52320 ----a-w- C:\Windows\system32\drivers\mfebopk.sys
2011-04-14 12:01:38 . 2009-01-09 14:21:45 153280 ----a-w- C:\Windows\system32\drivers\mfeavfk.sys
2011-04-06 14:20:16 . 2011-04-06 14:20:16 91424 ----a-w- C:\Windows\system32\dnssd.dll
2011-04-06 14:20:16 . 2011-04-06 14:20:16 75040 ----a-w- C:\Windows\system32\jdns_sd.dll
2011-04-06 14:20:16 . 2011-04-06 14:20:16 197920 ----a-w- C:\Windows\system32\dnssdX.dll
2011-04-06 14:20:16 . 2011-04-06 14:20:16 107808 ----a-w- C:\Windows\system32\dns-sd.exe
2011-03-10 17:03:51 . 2011-04-13 19:35:50 1162240 ----a-w- C:\Windows\system32\mfc42u.dll
2011-03-10 17:03:51 . 2011-04-13 19:35:50 1136640 ----a-w- C:\Windows\system32\mfc42.dll
2011-03-03 15:42:03 . 2011-04-13 19:35:33 739328 ----a-w- C:\Windows\system32\inetcomm.dll
2011-03-03 15:40:07 . 2011-04-27 00:11:49 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 . 2011-04-27 00:11:49 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 . 2011-04-27 00:11:49 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 . 2011-04-27 00:11:49 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 . 2011-04-13 19:35:36 2041856 ----a-w- C:\Windows\system32\win32k.sys
2011-03-02 15:44:27 . 2011-04-13 19:35:41 86528 ----a-w- C:\Windows\system32\dnsrslvr.dll
2011-02-22 14:13:01 . 2011-03-23 13:29:33 288768 ----a-w- C:\Windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 . 2011-03-23 13:29:33 1068544 ----a-w- C:\Windows\system32\DWrite.dll
2011-02-22 13:33:09 . 2011-03-23 13:29:33 797696 ----a-w- C:\Windows\system32\FntCache.dll
2011-02-22 13:24:10 . 2011-04-13 19:35:56 213504 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
2011-02-22 13:24:02 . 2011-04-13 19:35:55 79360 ----a-w- C:\Windows\system32\drivers\mrxsmb20.sys
2011-02-22 13:23:59 . 2011-04-13 19:35:55 106496 ----a-w- C:\Windows\system32\drivers\mrxsmb.sys
2011-02-22 13:23:55 . 2011-04-13 19:35:55 69632 ----a-w- C:\Windows\system32\drivers\bowser.sys
2009-07-14 00:16:26 . 2009-07-14 00:16:26 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16:26 . 2009-07-14 00:16:26 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
2011-04-14 12:01:38 . 2010-04-13 17:41:16 24376 ----a-w- C:\Program Files\mozilla firefox\components\Scriptff.dll


(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 18:11:16 2872120 ----a-w- C:\Program Files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 18:11:16 2872120 ----a-w- C:\Program Files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 18:11:16 2872120 ----a-w- C:\Program Files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 06:28:03 1233920]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-01-09 21:28:55 32768]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 07:33:09 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 17:05:20 143360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 07:33:39 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVEService"="C:\Program Files\Home Cinema\TV Enhance\TVEService.exe" [2007-02-08 18:13:50 155648]
"TVBroadcast"="C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe" [2007-02-23 13:44:10 779776]
"toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 14:54:28 16896]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 13:49:28 249064]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 12:37:50 4186112]
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2006-11-23 14:10:42 56928]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-29 16:38:18 421888]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-06 19:00:00 86016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-06 19:00:00 81920]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-06 19:00:00 8530464]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40:44 155648]
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2011-04-05 09:50:44 1195408]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 02:12:38 76304]
"InstantOn"="C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" [2007-02-13 15:31:32 94212]
"IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 18:52:00 140640]
"CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 09:18:54 1185112]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 17:50:00 2516296]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2008-04-21 02:22:51 91432]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 10:48:18 58656]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 00:04:34 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-04-14 09:32:28 421160]

C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-1-9 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2009-1-9 805392]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2010-4-5 494920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 11:16:28 130384]
R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-30 15:51:36 136176]
R3 3xHybrid;Philips SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 17:43:40 1136600]
R3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2010-01-11 01:09:18 13224]
R3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-30 15:51:36 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2010-12-20 16:09:00 38224]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys [2011-04-14 12:01:38 84488]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);C:\Windows\system32\DRIVERS\s1029bus.sys [2009-05-25 12:34:56 90280]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 12:34:56 15016]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 12:34:56 122280]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 12:34:54 115880]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);C:\Windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 12:34:54 26024]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s1029obex.sys [2009-05-25 12:34:54 111912]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);C:\Windows\system32\DRIVERS\s1029unic.sys [2009-05-25 12:35:00 116904]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\Windows\system32\DRIVERS\s816bus.sys [2007-06-19 07:51:16 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 07:51:18 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s816mdm.sys [2007-06-19 07:51:20 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 07:51:18 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\Windows\system32\DRIVERS\s816nd5.sys [2007-06-19 07:51:18 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s816obex.sys [2007-06-19 07:51:18 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\Windows\system32\DRIVERS\s816unic.sys [2007-06-19 07:51:18 97704]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 11:16:28 753504]
S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 12:01:38 64584]
S1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys [2011-04-14 12:01:38 165032]
S1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys [2010-04-13 18:10:22 54776]
S2 LBeepKE;LBeepKE;C:\Windows\system32\Drivers\LBeepKE.sys [2006-05-24 23:53:06 3712]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-07-23 16:52:06 206112]
S2 McMPFSvc;McAfee Personal Firewall-Dienst;C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 08:14:44 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 08:14:44 271480]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 12:01:38 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 12:01:38 141792]
S2 MOBKbackup;1%;C:\Program Files\McAfee Online Backup\MOBKbackup.exe [2010-04-13 18:11:14 229688]
S2 srvcPVR;Sceneo PVR Service;C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe [2007-02-23 10:17:50 1509888]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-02-08 18:14:26 299093]
S2 TVESched;TVEnhance Task Scheduler (TTS));C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [2007-02-08 18:14:26 127059]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys [2011-04-14 12:01:38 56064]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys [2011-04-14 12:01:38 314088]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-05-11 15:40:42 329728]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 09:43:28 1131136]
S3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 09:31:04 13976]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

Inhalt des "geplante Tasks" Ordners

2011-05-21 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-30 15:51:55 . 2010-07-30 15:51:36]

2011-05-21 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-30 15:51:55 . 2010-07-30 15:51:36]


------- Zusätzlicher Suchlauf -------

uStart Page = hxxp://www.web.de/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4
Trusted Zone: kba.de\www
Trusted Zone: sachvip-argetp21.de\www
Trusted Zone: tuev-dekra.de\sachvip-rili1
Trusted Zone: tuev-dekra.de\www
Trusted Zone: tuev-sued.de\as-info
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - C:\Users\Alex und Ramona\AppData\Roaming\Mozilla\Firefox\Profiles\167hx8in.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files\McAfee\SiteAdvisor

Alt 21.05.2011, 17:02   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!grb eingefangen - Standard

FakeAlert!grb eingefangen



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.05.2011, 18:03   #11
moitrich
 
FakeAlert!grb eingefangen - Standard

FakeAlert!grb eingefangen



Hallo Arne,

GMER stürzt ab.
OSAM kann ich nicht vollständig entpacken.
Es kommt die Meldung, dass die Datei osam.exe gesperrt ist und nicht entpackt werden kann.
Gleichzeitig meldet McAfee, dass ein Virus entdeckt wurde:

Artemis!678DB4A8L36D
Isoliert von C:\***\Desktop\osam.exe

Alt 21.05.2011, 19:07   #12
moitrich
 
FakeAlert!grb eingefangen - Standard

FakeAlert!grb eingefangen



Hallo Arne,
mir ist ein Fehler unterlaufen.
Zu Beginn des Threads habe ich den 2. Teil des OTL logfiles nicht gepostet.
Das ist mir jetzt erst aufgefallen.
Habe OTL gerade eben nochmal scannen lassen, hier die 2 logfiles:

OTL Teil 1:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.05.2011 18:43:35 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Alex und Ramona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 269,41 Gb Total Space | 78,51 Gb Free Space | 29,14% Space Free | Partition Type: NTFS
Drive D: | 28,67 Gb Total Space | 20,52 Gb Free Space | 71,60% Space Free | Partition Type: FAT32
Drive E: | 596,17 Gb Total Space | 292,30 Gb Free Space | 49,03% Space Free | Partition Type: NTFS
 
Computer Name: MEDION-MD8822 | User Name: Alex und Ramona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Alex und Ramona\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
PRC - C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Programme\Home Cinema\TV Enhance\TVEService.exe (CyberLink Corp.)
PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Alex und Ramona\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\McAfee\SiteAdvisor\sahook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (srvcPVR) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation)
DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation)
DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation)
DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation)
DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation)
DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation)
DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation)
DRV - (s816mdm) -- C:\Windows\System32\drivers\s816mdm.sys (MCCI Corporation)
DRV - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s816mgmt.sys (MCCI Corporation)
DRV - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\System32\drivers\s816unic.sys (MCCI)
DRV - (s816obex) -- C:\Windows\System32\drivers\s816obex.sys (MCCI Corporation)
DRV - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\System32\drivers\s816nd5.sys (MCCI Corporation)
DRV - (s816mdfl) -- C:\Windows\System32\drivers\s816mdfl.sys (MCCI Corporation)
DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\System32\drivers\s816bus.sys (MCCI Corporation)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (xfilt) -- C:\Windows\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\Windows\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (LBeepKE) -- C:\Windows\System32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (LHidKe) -- C:\Windows\System32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\Windows\System32\drivers\LMOUKE.sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.SYS (Logitech, Inc.)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.03.03 13:15:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.12 19:45:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.08 19:15:30 | 000,000,000 | ---D | M]
 
[2009.01.10 04:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex und Ramona\AppData\Roaming\mozilla\Extensions
[2010.01.13 01:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex und Ramona\AppData\Roaming\mozilla\Firefox\Profiles\167hx8in.default\extensions
[2011.02.22 01:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.26 00:06:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.23 17:21:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.08 00:09:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.25 14:04:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.22 01:18:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.03.03 13:15:52 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2009.05.05 20:41:30 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009.01.11 22:05:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.03.27 00:02:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.08.30 18:47:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.10.21 18:11:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.11.17 17:41:18 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.26 00:06:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.23 17:21:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.08 00:09:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.02.27 02:16:06 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.02.27 02:16:06 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.02.27 02:16:06 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.02.27 02:16:06 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.02.27 02:16:06 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.21 15:14:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20110512194549.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [InstantOn] C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [TVEService] C:\Program Files\Home Cinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: kba.de ([www] * in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: sachvip-argetp21.de ([www] * in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: tuev-dekra.de ([sachvip-rili1] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: tuev-dekra.de ([www] * in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: tuev-sued.de ([as-info] https in Vertrauenswürdige Sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.109.123.196 213.191.74.18
O18 - Protocol\Handler\bw+0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw+0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0 {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0s {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {6E0C4909-2D5F-49A4-9E4E-41F09409F5F9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Alex und Ramona\Pictures\Alex\Diverses\IMOT\HD_2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alex und Ramona\Pictures\Alex\Diverses\IMOT\HD_2.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.21 17:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011.05.21 17:47:17 | 000,000,000 | ---D | C] -- C:\Programme\WinZip
[2011.05.21 17:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.05.21 15:26:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.05.21 15:23:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.05.21 15:14:31 | 000,000,000 | ---D | C] -- C:\Users\Alex und Ramona\AppData\Local\temp
[2011.05.21 14:49:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.05.21 14:49:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.05.21 14:49:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.05.21 14:49:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.05.21 14:49:48 | 000,000,000 | ---D | C] -- C:\cofi
[2011.05.21 14:48:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.21 14:48:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.05.20 18:33:10 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alex und Ramona\Desktop\tdsskiller.exe
[2011.05.20 18:18:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.20 18:15:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Alex und Ramona\Desktop\OTL.exe
[2011.05.19 19:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.05.19 19:51:14 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2011.05.19 19:22:56 | 000,000,000 | ---D | C] -- C:\Users\Alex und Ramona\AppData\Roaming\Malwarebytes
[2011.05.19 19:22:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.19 19:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.19 19:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.19 19:22:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.19 19:22:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.18 00:07:28 | 000,000,000 | ---D | C] -- C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011.05.13 11:26:03 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.04.27 21:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.27 21:37:29 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.04.27 21:33:37 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.04.27 02:11:48 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.27 02:11:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.27 02:11:42 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.25 21:42:29 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.25 21:42:28 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.25 21:42:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.25 21:42:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.25 21:42:26 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.25 21:42:26 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.25 21:42:26 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.25 21:42:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.25 21:42:23 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.25 21:42:23 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.25 21:42:23 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.25 21:42:23 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.25 21:42:23 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.25 21:42:22 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.25 21:42:22 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.25 21:42:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.25 21:42:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.25 21:42:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.25 21:42:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.25 21:42:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.25 21:42:21 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.25 21:42:20 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.25 21:42:20 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.25 21:42:20 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.25 21:42:19 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.25 21:42:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.25 21:42:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.25 21:42:16 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.25 21:42:15 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.25 21:42:15 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.25 21:42:14 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.25 21:42:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.25 21:42:13 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.25 21:42:13 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.25 21:42:13 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.25 21:42:13 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.25 21:42:13 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.25 21:42:13 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.25 21:42:12 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.21 18:30:10 | 000,060,099 | ---- | M] () -- C:\Users\Alex und Ramona\Desktop\artemis.pdf
[2011.05.21 18:07:05 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.21 17:47:57 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011.05.21 17:47:57 | 000,001,792 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011.05.21 17:34:44 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.21 17:34:44 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.21 17:34:42 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.21 17:34:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.21 17:34:33 | 2143,821,824 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.21 17:23:37 | 231,610,061 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.05.21 15:47:16 | 000,000,892 | ---- | M] () -- C:\Users\Alex und Ramona\Desktop\MyPhoneExplorer - Verknüpfung.lnk
[2011.05.21 15:44:52 | 000,001,037 | ---- | M] () -- C:\Users\Alex und Ramona\Desktop\AcroRd32 - Verknüpfung.lnk
[2011.05.21 15:14:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.05.20 18:45:23 | 000,302,080 | ---- | M] () -- C:\Users\Alex und Ramona\Desktop\gy4hg8kw.exe
[2011.05.20 18:44:09 | 000,080,384 | ---- | M] () -- C:\Users\Alex und Ramona\Desktop\MBRCheck.exe
[2011.05.20 18:40:19 | 004,352,047 | R--- | M] () -- C:\Users\Alex und Ramona\Desktop\cofi.exe
[2011.05.20 18:36:31 | 000,606,104 | ---- | M] () -- C:\Users\Alex und Ramona\Desktop\unhide.exe
[2011.05.20 18:33:14 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alex und Ramona\Desktop\tdsskiller.exe
[2011.05.20 18:15:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex und Ramona\Desktop\OTL.exe
[2011.05.19 19:22:46 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.18 18:45:23 | 000,665,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.18 18:45:23 | 000,627,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.18 18:45:23 | 000,141,146 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.18 18:45:23 | 000,116,120 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.17 16:33:33 | 000,007,052 | ---- | M] () -- C:\Users\Alex und Ramona\AppData\Local\d3d9caps.dat
[2011.05.13 11:26:04 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.04.27 21:40:04 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011.04.25 21:42:42 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.04.25 21:42:42 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.04.25 21:42:29 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.25 21:42:28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.25 21:42:28 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.25 21:42:26 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.25 21:42:26 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.25 21:42:26 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.25 21:42:26 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.25 21:42:26 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.25 21:42:24 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.25 21:42:23 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.25 21:42:23 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.25 21:42:23 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.25 21:42:23 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.25 21:42:23 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.25 21:42:22 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.25 21:42:22 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.25 21:42:22 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.25 21:42:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.25 21:42:22 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.04.25 21:42:22 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.25 21:42:22 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.25 21:42:21 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.25 21:42:20 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.25 21:42:20 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.25 21:42:20 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.25 21:42:19 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.25 21:42:17 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.25 21:42:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.25 21:42:16 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.25 21:42:15 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.25 21:42:15 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.25 21:42:14 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.25 21:42:14 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.25 21:42:14 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.25 21:42:13 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.25 21:42:13 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.25 21:42:13 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.25 21:42:13 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.25 21:42:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.25 21:42:12 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
 
========== Files Created - No Company Name ==========
 
[2011.05.21 18:30:08 | 000,060,099 | ---- | C] () -- C:\Users\Alex und Ramona\Desktop\artemis.pdf
[2011.05.21 17:47:57 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011.05.21 17:47:57 | 000,001,792 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011.05.21 15:47:16 | 000,000,892 | ---- | C] () -- C:\Users\Alex und Ramona\Desktop\MyPhoneExplorer - Verknüpfung.lnk
[2011.05.21 15:44:52 | 000,001,037 | ---- | C] () -- C:\Users\Alex und Ramona\Desktop\AcroRd32 - Verknüpfung.lnk
[2011.05.21 15:23:39 | 231,610,061 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.05.21 14:49:58 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.21 14:49:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.21 14:49:58 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.21 14:49:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.21 14:49:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.05.20 18:45:22 | 000,302,080 | ---- | C] () -- C:\Users\Alex und Ramona\Desktop\gy4hg8kw.exe
[2011.05.20 18:44:06 | 000,080,384 | ---- | C] () -- C:\Users\Alex und Ramona\Desktop\MBRCheck.exe
[2011.05.20 18:40:18 | 004,352,047 | R--- | C] () -- C:\Users\Alex und Ramona\Desktop\cofi.exe
[2011.05.20 18:36:30 | 000,606,104 | ---- | C] () -- C:\Users\Alex und Ramona\Desktop\unhide.exe
[2011.05.19 19:22:46 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.27 01:17:47 | 000,002,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2011.04.27 01:17:47 | 000,001,837 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011.04.27 01:17:47 | 000,001,161 | ---- | C] () -- C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2011.04.25 21:42:22 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010.05.31 11:33:54 | 000,000,699 | ---- | C] () -- C:\Windows\wiso.ini
[2009.09.24 14:01:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 14:01:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.02.17 23:10:14 | 000,000,116 | ---- | C] () -- C:\Users\Alex und Ramona\AppData\Roaming\wklnhst.dat
[2009.01.18 21:02:33 | 000,000,188 | ---- | C] () -- C:\Users\Alex und Ramona\AppData\Roaming\Default.PLS
[2009.01.09 23:28:57 | 000,118,784 | R--- | C] () -- C:\Windows\bwUnin-7.2.0.137-8876480SL.exe
[2009.01.09 22:27:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.01.09 22:25:42 | 000,126,464 | ---- | C] () -- C:\Users\Alex und Ramona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.09 15:56:41 | 000,007,052 | ---- | C] () -- C:\Users\Alex und Ramona\AppData\Local\d3d9caps.dat
[2007.02.26 18:14:35 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007.02.26 18:14:35 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007.02.10 17:17:37 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.02.09 16:43:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.02.09 15:32:51 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2007.02.09 15:12:31 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2006.12.11 06:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 17:33:31 | 000,665,870 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,141,146 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,406,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,627,296 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,116,120 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.20 08:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini
[2002.03.13 14:15:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\mupkernps11.dll
 
========== LOP Check ==========
 
[2010.05.31 11:42:39 | 000,000,000 | ---D | M] -- C:\Users\Alex und Ramona\AppData\Roaming\Buhl Data Service
[2011.01.04 21:19:45 | 000,000,000 | ---D | M] -- C:\Users\Alex und Ramona\AppData\Roaming\Canon
[2011.02.09 01:13:49 | 000,000,000 | ---D | M] -- C:\Users\Alex und Ramona\AppData\Roaming\MyPhoneExplorer
[2009.05.05 20:46:33 | 000,000,000 | ---D | M] -- C:\Users\Alex und Ramona\AppData\Roaming\OpenOffice.org
[2009.02.17 23:10:16 | 000,000,000 | ---D | M] -- C:\Users\Alex und Ramona\AppData\Roaming\Template
[2011.05.21 17:33:25 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---



OTL Teil 2 (Extras):OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.05.2011 18:43:35 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Alex und Ramona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 269,41 Gb Total Space | 78,51 Gb Free Space | 29,14% Space Free | Partition Type: NTFS
Drive D: | 28,67 Gb Total Space | 20,52 Gb Free Space | 71,60% Space Free | Partition Type: FAT32
Drive E: | 596,17 Gb Total Space | 292,30 Gb Free Space | 49,03% Space Free | Partition Type: NTFS
 
Computer Name: MEDION-MD8822 | User Name: Alex und Ramona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07DCF97B-1FF0-43E1-AEAF-FBE41A391A79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{18AA6342-CDD4-4C0E-A38A-E5C7E3217969}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{50998EC2-47BA-4E2E-B85F-AE7ED7A147A4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5AB2C010-21B5-45C2-A123-B73F27B66E41}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8EED5FF5-7CF1-406B-A638-86707521A224}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9D1FF88E-DDD8-4DAC-A074-48CB1A4D2D58}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B07967FE-81EC-4F79-ABE1-1E90B500AD0D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CED14E76-878E-4BBC-853C-A6CC0C22F0E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D187AB14-3D3C-49C9-B608-557E0756B505}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D8BB41A3-CEF3-4414-A95C-B21C745AE395}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F781325D-CF2E-44F9-91E9-FB41DAF493E8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FAB09BD7-C743-4AB2-91F8-162CAD1F2944}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A1470B-0081-4CEF-BB1A-91715529F713}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{0C77C5C1-FF6C-4565-A0C0-C41FE13878C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{11E99C04-B017-438E-ABA3-D1700862C423}" = dir=in | app=c:\program files\home cinema\makedisc\makedisc.exe | 
"{220E6C77-9FE6-4995-B25A-0DAF74E0CCD2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{27EEA086-99FC-4D4A-A1E2-872DEFA41D16}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{29DA5EAC-E00B-473C-B77F-757E5EF88BBF}" = dir=in | app=c:\program files\home cinema\tv enhance\tveservice.exe | 
"{2C11ACCD-BE42-4F8C-9EE5-E2C7DAC1703E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2F886BC6-0744-4E5E-900D-E8F16DC37340}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4B0FD2ED-57E3-4B86-89B3-9A0948B1F127}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{56709FD9-65B4-444E-9D68-4470A2DED044}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5E25B947-4C77-49A7-B191-79A8FC85EEFA}" = protocol=6 | dir=out | app=system | 
"{6F31C600-719B-48DC-8D2E-AB3F317FECAE}" = dir=in | app=c:\program files\home cinema\tv enhance\tvenhance.exe | 
"{7E0D77C6-98CD-4B7A-8C7A-0DE219AD98FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A0E423DE-FF07-48FB-85E0-73F36E1CCDCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B96FBB34-BAC7-45B8-AA6D-EAB1C8C10B42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BDE34C9C-849D-48A9-A801-7F5B2DFA9B27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C323C801-3B7E-477C-9D6C-134076FE04F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{E21ED7F0-967C-4E27-86B7-DF47E2FD89BD}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{E47017F1-42E3-4590-AF38-8C4954CADE42}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E60777D5-6FAB-46E8-BD41-BC73C41C7270}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E6B10283-692C-4D99-BE92-B242E33DA928}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{E7BDA2E3-0F6D-4D7E-A8CB-76F041266840}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F721F34A-AF78-4C74-930F-FBDF79F17D66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7835762-6E38-4DC1-9CEB-2DCF671A5E3E}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{F8918F12-EE60-4A22-9B8F-CC12A7575C83}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{FDA27CA7-4F98-4FDA-8474-4CAC38952C14}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{FEF642F9-4CF8-4B34-879C-67A7996E8B02}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69F0CEA4-43E2-4CBB-92DF-41860A40A631}" = Formelrechner
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE6E1AF6-6B88-44FE-8101-84AE6A52B393}" = Windows Live Movie Maker-Betaversion
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon MG6100 series Benutzerregistrierung" = Canon MG6100 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dm Fotowelt" = dm Fotowelt
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"GeoGebra" = GeoGebra
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"maxdome - Online Videothek_is1" = maxdome - Online Videothek Version 3.1.0
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MPE" = MyPhoneExplorer
"MSC" = McAfee Total Protection
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"NVIDIA Drivers" = NVIDIA Drivers
"Skype_is1" = eBay.de - Skype 3.0
"Update Service" = Update Service
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Faraday's Electromagnetic Lab" = Faraday's Electromagnetic Lab
"GeoGebra WebStart" = GeoGebra WebStart
"KOMMA" = KOMMA
"Magnet and Compass" = Magnet and Compass
"Magnets and Electromagnets" = Magnets and Electromagnets
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Wave Interference" = Wave Interference
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.09.2010 15:11:51 | Computer Name = MEDION-MD8822 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Word.
 
Error - 02.09.2010 15:11:51 | Computer Name = MEDION-MD8822 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Word.
 
Error - 02.09.2010 15:11:52 | Computer Name = MEDION-MD8822 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Word.
 
Error - 02.09.2010 15:11:52 | Computer Name = MEDION-MD8822 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Word.
 
Error - 02.09.2010 15:13:57 | Computer Name = MEDION-MD8822 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Word.
 
Error - 02.09.2010 15:13:57 | Computer Name = MEDION-MD8822 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Word.
 
Error - 02.09.2010 15:13:58 | Computer Name = MEDION-MD8822 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Word.
 
Error - 02.09.2010 15:14:29 | Computer Name = MEDION-MD8822 | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6541.5000 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1140  Anfangszeit: 01cb4ad2ac5a9caa  Zeitpunkt
 der Beendigung: 13
 
Error - 03.09.2010 00:11:36 | Computer Name = MEDION-MD8822 | Source = VSS | ID = 8194
Description = 
 
Error - 03.09.2010 02:20:25 | Computer Name = MEDION-MD8822 | Source = VSS | ID = 8194
Description = 
 
[ Media Center Events ]
Error - 09.05.2011 05:16:58 | Computer Name = MEDION-MD8822 | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/09/2011 11:16:58
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 12.05.2011 15:10:15 | Computer Name = MEDION-MD8822 | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/12/2011 21:10:14
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 13.05.2011 19:55:11 | Computer Name = MEDION-MD8822 | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/14/2011 01:55:10
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 16.05.2011 06:24:44 | Computer Name = MEDION-MD8822 | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/16/2011 12:24:44
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 17.05.2011 18:50:17 | Computer Name = MEDION-MD8822 | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/18/2011 00:50:17
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 17.05.2011 18:50:19 | Computer Name = MEDION-MD8822 | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/18/2011 00:50:19
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 18.05.2011 12:19:53 | Computer Name = MEDION-MD8822 | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/18/2011 18:19:53
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 19.05.2011 13:15:45 | Computer Name = MEDION-MD8822 | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/19/2011 19:15:45
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 20.05.2011 12:08:01 | Computer Name = MEDION-MD8822 | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/20/2011 18:08:01
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 20.05.2011 12:25:24 | Computer Name = MEDION-MD8822 | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/20/2011 18:25:24
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
[ OSession Events ]
Error - 25.10.2010 12:25:35 | Computer Name = MEDION-MD8822 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.11.2010 15:56:35 | Computer Name = MEDION-MD8822 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 159
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 26.11.2010 12:05:29 | Computer Name = MEDION-MD8822 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.12.2010 16:12:06 | Computer Name = MEDION-MD8822 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 13.12.2010 10:23:23 | Computer Name = MEDION-MD8822 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.02.2011 05:26:11 | Computer Name = MEDION-MD8822 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 09.03.2011 15:46:03 | Computer Name = MEDION-MD8822 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 998 seconds with 660 seconds of active time.  This session ended with a crash.
 
Error - 09.03.2011 15:46:14 | Computer Name = MEDION-MD8822 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.05.2011 08:52:01 | Computer Name = MEDION-MD8822 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.05.2011 11:38:58 | Computer Name = MEDION-MD8822 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 21.05.2011 08:55:02 | Computer Name = MEDION-MD8822 | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 21.05.2011 09:05:19 | Computer Name = MEDION-MD8822 | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 21.05.2011 09:14:54 | Computer Name = MEDION-MD8822 | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 21.05.2011 09:23:46 | Computer Name = MEDION-MD8822 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.05.2011 um 15:21:21 unerwartet heruntergefahren.
 
Error - 21.05.2011 09:25:19 | Computer Name = MEDION-MD8822 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 21.05.2011 11:12:38 | Computer Name = MEDION-MD8822 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.05.2011 um 17:10:36 unerwartet heruntergefahren.
 
Error - 21.05.2011 11:14:18 | Computer Name = MEDION-MD8822 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 21.05.2011 11:23:44 | Computer Name = MEDION-MD8822 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.05.2011 um 17:21:28 unerwartet heruntergefahren.
 
Error - 21.05.2011 11:25:17 | Computer Name = MEDION-MD8822 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 21.05.2011 11:36:23 | Computer Name = MEDION-MD8822 | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

Alt 23.05.2011, 09:26   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!grb eingefangen - Standard

FakeAlert!grb eingefangen



Zitat:
Gleichzeitig meldet McAfee, dass ein Virus entdeckt wurde:
McAfee vorher deaktivieren, das Teil macht immer einen Fehlalarm bei OSAM - OSAM ist aber keine Malware!
Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.05.2011, 22:55   #14
moitrich
 
FakeAlert!grb eingefangen - Standard

FakeAlert!grb eingefangen



Hallo Arne,

hat leider nicht geklappt.
Zuerst habe ich nochmal gestern Abend GMER scannen lassen.
Hat sich nach 4 Stunden in der Nacht aufgehängt, Systemzeit heute Morgen war auf 01:30.
GMER heute Nachmittag nochmal scannen lassen, nach 6 Stunden wieder aufgehängt.
OSAM habe ich mit WinRAR entpackt, OSAM.exe ausgeführt, es startet ein Scan aber bevor dieser zu Ende war, hat sich das Programm geschlossen.
Zur Onlineabfrage kam es erst gar nicht.
Zu dem ist OSAM.exe aus dem Ordner verschwunden.
Habe die Zip-Datei mehrmals erneut entpackt, OSAM.exe ausgeführt aber immer das gleiche Spiel. (McAfee war immer deaktiviert)

Alex

Alt 24.05.2011, 23:03   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!grb eingefangen - Standard

FakeAlert!grb eingefangen



Dann McAfee vorher deinstallieren. Leider macht dieser Virenscanner öfter Probleme bei OSAM.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu FakeAlert!grb eingefangen
adobe, alternate, autorun, bho, bonjour, computer, defender, error, excel.exe, fehlermeldung, festplatte, firefox, format, home, iexplore.exe, install.exe, maßnahme, mozilla, nvlddmkm.sys, object, oldtimer, phishing, realtek, recycle.bin, registry, searchplugins, senden, siteadvisor, software, start menu, trojaner, usb, vista, vista recovery, windows



Ähnliche Themen: FakeAlert!grb eingefangen


  1. Problem mit Fakealert
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (12)
  2. Verschlüsselungstrojaner eingefangen: (Spyware.Zbot)(Trojan.FakeAlert)
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (17)
  3. TR/Fakealert.grb.225 und TR/Alureon.FE.2
    Log-Analyse und Auswertung - 03.07.2012 (20)
  4. HTML/FakeAlert.AP
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (15)
  5. FakeAlert eingefangen - und jetzt
    Plagegeister aller Art und deren Bekämpfung - 05.04.2012 (21)
  6. HTML/FakeAlert.AP
    Log-Analyse und Auswertung - 03.04.2012 (7)
  7. html FakeAlert AP
    Plagegeister aller Art und deren Bekämpfung - 30.03.2012 (3)
  8. tr/fakealert.grb.440
    Log-Analyse und Auswertung - 19.02.2012 (2)
  9. Fakealert.tz eingefangen
    Plagegeister aller Art und deren Bekämpfung - 30.10.2011 (29)
  10. FakeAlert!grb
    Log-Analyse und Auswertung - 29.10.2011 (8)
  11. FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
    Plagegeister aller Art und deren Bekämpfung - 02.09.2011 (45)
  12. FakeAlert!grb eingefangen
    Log-Analyse und Auswertung - 06.08.2011 (11)
  13. FakeAlert!fakealert-REP virus
    Plagegeister aller Art und deren Bekämpfung - 06.06.2011 (22)
  14. FakeAlert!grb - Problem
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (20)
  15. DR/FakeAlert.SE' [dropper] - Wer ist das?
    Plagegeister aller Art und deren Bekämpfung - 23.08.2009 (17)
  16. R/Fakealert.QE aufm pc
    Plagegeister aller Art und deren Bekämpfung - 19.10.2008 (21)
  17. TR/Fakealert.AAF
    Mülltonne - 23.09.2008 (0)

Zum Thema FakeAlert!grb eingefangen - Hallo, ich benötige Eure Hilfe. Habe mir vor 2 Tagen einen Trojaner eingefangen. McAfee sagt: "McAfee hat auf ihrem Computer eine Bedrohung (Trojaner) entdeckt und etfernt. Es sind keine weiteren - FakeAlert!grb eingefangen...
Archiv
Du betrachtest: FakeAlert!grb eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.