Fix für Malware ziew.exe
 

Hallo allerseits,

ich brauche mal wieder eure Hilfe! Seit heute früh beschäftigt mich ein Trojaner, Virus oder was auch immer das ist.

CCleaner ist schon gelaufen, alles clean und alle Fehler behoben.

Malware hat einiges gefunden, aber alles in Quarantäne verschoben:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8046

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

30.10.2011 08:24:21
mbam-log-2011-10-30 (08-24-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 156629
Laufzeit: 4 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4Y3Y0C3AVF7W1E6WAMLNXP (Trojan.Spyeyes) -> Value: 4Y3Y0C3AVF7W1E6WAMLNXP -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\corina\AppData\Local\temp\wpbt0.dll (Exploit.Drop) -> Quarantined and deleted successfully.
c:\Recycle.Bin\b6232f3aa43.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\Recycle.Bin\f17ef6f4afa6b8b (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Avira hat einiges gefunden, auch alles verschoben:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 30. Oktober 2011 09:25

Es wird nach 3456272 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Abgesicherter Modus
Benutzername : corina
Computername : MYO-NOTEBOOK

Versionsinformationen:
BUILD.DAT : 12.0.0.855 41827 Bytes 12.10.2011 16:36:00
AVSCAN.EXE : 12.1.0.17 490448 Bytes 11.10.2011 12:59:38
AVSCAN.DLL : 12.1.0.17 65744 Bytes 11.10.2011 12:59:58
LUKE.DLL : 12.1.0.17 68304 Bytes 11.10.2011 12:59:47
AVSCPLR.DLL : 12.1.0.19 99536 Bytes 11.10.2011 12:59:38
AVREG.DLL : 12.1.0.22 226512 Bytes 29.10.2011 20:08:06
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 15:08:51
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 10:00:55
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 10:18:22
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 12:12:53
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 07:26:09
VBASE007.VDF : 7.11.15.106 2389504 Bytes 05.10.2011 12:59:54
VBASE008.VDF : 7.11.15.107 2048 Bytes 05.10.2011 12:59:54
VBASE009.VDF : 7.11.15.108 2048 Bytes 05.10.2011 12:59:54
VBASE010.VDF : 7.11.15.109 2048 Bytes 05.10.2011 12:59:54
VBASE011.VDF : 7.11.15.110 2048 Bytes 05.10.2011 12:59:54
VBASE012.VDF : 7.11.15.111 2048 Bytes 05.10.2011 12:59:54
VBASE013.VDF : 7.11.15.144 161792 Bytes 07.10.2011 12:59:54
VBASE014.VDF : 7.11.15.177 130048 Bytes 10.10.2011 12:59:54
VBASE015.VDF : 7.11.15.213 113664 Bytes 11.10.2011 13:35:57
VBASE016.VDF : 7.11.16.1 163328 Bytes 14.10.2011 20:07:53
VBASE017.VDF : 7.11.16.34 187904 Bytes 18.10.2011 20:07:54
VBASE018.VDF : 7.11.16.77 139264 Bytes 20.10.2011 20:07:54
VBASE019.VDF : 7.11.16.112 162816 Bytes 24.10.2011 20:07:55
VBASE020.VDF : 7.11.16.150 167424 Bytes 26.10.2011 20:07:55
VBASE021.VDF : 7.11.16.187 171520 Bytes 28.10.2011 20:07:56
VBASE022.VDF : 7.11.16.188 2048 Bytes 28.10.2011 20:07:56
VBASE023.VDF : 7.11.16.189 2048 Bytes 28.10.2011 20:07:56
VBASE024.VDF : 7.11.16.190 2048 Bytes 28.10.2011 20:07:56
VBASE025.VDF : 7.11.16.191 2048 Bytes 28.10.2011 20:07:56
VBASE026.VDF : 7.11.16.192 2048 Bytes 28.10.2011 20:07:56
VBASE027.VDF : 7.11.16.193 2048 Bytes 28.10.2011 20:07:56
VBASE028.VDF : 7.11.16.194 2048 Bytes 28.10.2011 20:07:56
VBASE029.VDF : 7.11.16.195 2048 Bytes 28.10.2011 20:07:57
VBASE030.VDF : 7.11.16.196 2048 Bytes 28.10.2011 20:07:57
VBASE031.VDF : 7.11.16.201 101376 Bytes 28.10.2011 20:07:59
Engineversion : 8.2.6.100
AEVDF.DLL : 8.1.2.2 106868 Bytes 29.10.2011 20:08:06
AESCRIPT.DLL : 8.1.3.84 467324 Bytes 29.10.2011 20:08:06
AESCN.DLL : 8.1.7.2 127349 Bytes 01.09.2011 21:46:02
AESBX.DLL : 8.2.1.34 323957 Bytes 01.09.2011 21:46:02
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.13.3 684407 Bytes 29.10.2011 20:08:05
AEOFFICE.DLL : 8.1.2.18 201084 Bytes 29.10.2011 20:08:04
AEHEUR.DLL : 8.1.2.186 3789177 Bytes 29.10.2011 20:08:04
AEHELP.DLL : 8.1.18.0 254327 Bytes 29.10.2011 20:08:00
AEGEN.DLL : 8.1.5.11 401781 Bytes 29.10.2011 20:08:00
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.24.0 196983 Bytes 29.10.2011 20:07:59
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 12:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 12:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 12:59:38
AVARKT.DLL : 12.1.0.17 223184 Bytes 11.10.2011 12:59:36
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 12:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 12:59:51
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 12:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 12:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 13:00:00
RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 13:00:00

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Schnelle Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\quicksysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Sonntag, 30. Oktober 2011 09:25

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3047' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\corina'
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\604dc30b-20da99e6
[0] Archivtyp: ZIP
--> json/Parser.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.BH
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\afb22cf-2e4bcb58
[0] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Stutter.X
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\2d9edcd3-39f16431
[0] Archivtyp: ZIP
--> json/Parser.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.BH
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ccf05e7-1c9fe43d
[0] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Stutter.X
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\16ce36aa-2851938a
[0] Archivtyp: ZIP
--> report/Generator.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.CD
--> report/SmartyPointer.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.EL
--> report/StorageSave.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.T
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\760580c7-3583d085
[0] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Stutter.X
Beginne mit der Suche in 'C:\Windows'
Beginne mit der Suche in 'C:\Users\'
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\604dc30b-20da99e6
[0] Archivtyp: ZIP
--> json/Parser.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.BH
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\afb22cf-2e4bcb58
[0] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Stutter.X
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\2d9edcd3-39f16431
[0] Archivtyp: ZIP
--> json/Parser.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.BH
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ccf05e7-1c9fe43d
[0] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Stutter.X
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\16ce36aa-2851938a
[0] Archivtyp: ZIP
--> report/Generator.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.CD
--> report/SmartyPointer.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.EL
--> report/StorageSave.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.T
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\760580c7-3583d085
[0] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Stutter.X
Beginne mit der Suche in 'C:\Program Files'

Beginne mit der Desinfektion:
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\760580c7-3583d085
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Stutter.X
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4bf2b7ee.qua' verschoben!
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\16ce36aa-2851938a
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.T
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52a89849.qua' verschoben!
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ccf05e7-1c9fe43d
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Stutter.X
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '00f7c296.qua' verschoben!
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\2d9edcd3-39f16431
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.BH
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '67368d55.qua' verschoben!
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\afb22cf-2e4bcb58
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Stutter.X
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '235ba06d.qua' verschoben!
C:\Users\corina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\604dc30b-20da99e6
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.BH
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5dae9246.qua' verschoben!


Ende des Suchlaufs: Sonntag, 30. Oktober 2011 10:19
Benötigte Zeit: 53:45 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

21027 Verzeichnisse wurden überprüft
608789 Dateien wurden geprüft
16 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
6 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
608773 Dateien ohne Befall
4007 Archive wurden durchsucht
0 Warnungen
6 Hinweise

ESET Online Scanner:

C:\Users\corina\AppData\Local\temp\plugtmp-1\plugin-2ddfp.php JS/Exploit.Pdfka.PEV trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Spy.Zbot.ZR trojan

Hier die Logfiles:

HIjackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:41, on 30.10.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0309&m=easynote_mh36
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\corina\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ziew.exe] C:\Users\corina\AppData\Roaming\Yxluuh\ziew.exe
O8 - Extra context menu item: Free YouTube Download - C:\Users\corina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\corina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

--
End of file - 6520 bytes



und OTL:

OTL logfile created on: 30.10.2011 15:07:52 - Run 8
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\corina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 179,93 Gb Free Space | 63,12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYO-NOTEBOOK
Current User Name: corina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Users\corina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Packard Bell\Packard Bell Recovery Management\NotificationCenter\Framework.NotificationCenter.exe (acer)
PRC - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe ()
PRC - C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()


========== Modules (SafeList) ==========

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Users\corina\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ETService) -- C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\corina\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0309&m=easynote_mh36
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-750737402-67410550-764865697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-750737402-67410550-764865697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-750737402-67410550-764865697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-750737402-67410550-764865697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-750737402-67410550-764865697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-750737402-67410550-764865697-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "GMX Suche"
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..keyword.URL: "hxxp://suche.gmx.net/search/?origin=tb_keyword_ff&su="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.03.10 21:28:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.23 21:39:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.09 17:56:50 | 000,000,000 | ---D | M]

[2009.07.06 12:58:17 | 000,000,000 | ---D | M] -- C:\Users\corina\AppData\Roaming\mozilla\Extensions
[2011.10.14 17:53:54 | 000,000,000 | ---D | M] -- C:\Users\corina\AppData\Roaming\mozilla\Firefox\Profiles\ergynj2a.default\extensions
[2010.07.20 17:56:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\corina\AppData\Roaming\mozilla\Firefox\Profiles\ergynj2a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.14 17:53:54 | 000,000,000 | ---D | M] (Softonic Deutsch FF Community Toolbar) -- C:\Users\corina\AppData\Roaming\mozilla\Firefox\Profiles\ergynj2a.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2011.05.31 19:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\corina\AppData\Roaming\mozilla\Firefox\Profiles\ergynj2a.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.14 20:46:49 | 000,000,000 | ---D | M] -- C:\Users\corina\AppData\Roaming\mozilla\Firefox\Profiles\ergynj2a.default\extensions\engine@conduit.com
[2011.10.30 14:25:17 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2011.01.26 21:20:48 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.10.23 21:39:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.26 16:51:22 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.23 21:39:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.23 21:39:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.23 21:39:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.23 21:39:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.23 21:39:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.23 21:39:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.07.13 14:21:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-750737402-67410550-764865697-1000\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-750737402-67410550-764865697-1000..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKU\S-1-5-21-750737402-67410550-764865697-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-750737402-67410550-764865697-1000..\Run: [ziew.exe] C:\Users\corina\AppData\Roaming\Yxluuh\ziew.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-750737402-67410550-764865697-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-750737402-67410550-764865697-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\corina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\corina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.109.123.196 213.191.74.18
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\corina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\corina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.10.30 14:38:43 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.10.30 12:38:45 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.10.30 12:38:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.10.30 12:38:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.10.30 12:38:43 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.10.30 12:38:43 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.10.30 12:38:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.10.30 12:38:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.10.30 12:38:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.10.30 12:38:42 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.10.30 12:38:42 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.10.30 12:38:42 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.10.30 12:38:42 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.10.30 12:38:41 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.10.30 12:38:41 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.10.30 12:38:41 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.10.30 12:38:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.10.30 12:38:41 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.10.30 12:38:41 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.10.30 12:38:41 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.10.30 12:38:41 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.10.30 12:38:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.10.30 12:38:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.10.30 12:38:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.10.30 12:38:40 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.10.30 12:38:40 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.10.30 12:38:40 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.10.30 12:38:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.10.30 12:38:39 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.10.30 12:38:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.10.30 12:38:39 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.10.30 12:38:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.10.30 12:38:39 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.10.30 12:38:39 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.10.30 12:38:39 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.10.30 12:38:39 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.10.30 12:38:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.10.30 12:38:39 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.10.30 12:38:39 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.10.30 12:38:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.10.30 12:37:36 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.10.30 12:37:36 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.10.30 12:37:36 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.10.30 12:37:36 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.10.30 12:37:36 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.10.30 12:37:36 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.10.30 12:37:35 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.10.30 12:37:32 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.10.30 12:37:32 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.10.30 12:37:32 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.10.30 12:37:32 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.10.30 12:37:32 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.10.30 12:37:31 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.10.30 12:37:31 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.10.30 12:37:31 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.10.30 12:37:31 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.10.30 12:37:31 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.10.30 12:37:31 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.10.30 12:37:31 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.10.30 12:37:30 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.10.30 12:37:30 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.10.30 12:37:30 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.10.30 12:37:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.10.30 12:37:30 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.10.30 12:37:29 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.10.30 11:43:53 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.10.30 11:43:51 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.10.30 11:43:50 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.10.30 11:43:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.10.30 11:42:54 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011.10.30 11:42:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011.10.30 11:42:43 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.10.30 11:42:43 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.10.30 11:42:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.10.30 11:42:16 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.10.30 11:42:09 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.10.30 11:42:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.10.30 11:42:04 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.10.30 11:42:01 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.10.30 11:42:01 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.10.30 11:42:01 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011.10.30 11:42:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011.10.30 07:58:42 | 000,000,000 | ---D | C] -- C:\serverg.Bin
[2011.10.29 21:06:29 | 000,000,000 | ---D | C] -- C:\Users\corina\AppData\Roaming\Avira
[2011.10.29 21:05:38 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.10.29 21:05:37 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.29 21:05:37 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.29 21:05:37 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.29 21:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.29 21:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.10.14 16:49:31 | 000,000,000 | ---D | C] -- C:\Users\corina\AppData\Roaming\Yxluuh

========== Files - Modified Within 30 Days ==========

[2011.10.30 15:09:45 | 008,126,464 | -HS- | M] () -- C:\Users\corina\NTUSER.DAT
[2011.10.30 14:41:44 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.30 14:41:44 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.30 14:41:44 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.30 14:41:44 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.30 14:41:43 | 001,468,726 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011.10.30 14:29:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.30 14:29:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.30 14:28:47 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.10.30 14:28:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011.10.30 14:28:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.30 14:27:45 | 3117,314,048 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.30 14:26:05 | 000,524,288 | -HS- | M] () -- C:\Users\corina\NTUSER.DAT{95d851d8-467e-11e0-adc8-0017c46bd756}.TMContainer00000000000000000001.regtrans-ms
[2011.10.30 14:26:05 | 000,065,536 | -HS- | M] () -- C:\Users\corina\NTUSER.DAT{95d851d8-467e-11e0-adc8-0017c46bd756}.TM.blf
[2011.10.30 14:26:02 | 002,866,025 | -H-- | M] () -- C:\Users\corina\AppData\Local\IconCache.db
[2011.10.30 14:23:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-750737402-67410550-764865697-1000UA.job
[2011.10.30 12:38:57 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.10.30 12:38:57 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.10.30 12:38:45 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.10.30 12:38:45 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.10.30 12:38:43 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.10.30 12:38:43 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.10.30 12:38:43 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.10.30 12:38:43 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.10.30 12:38:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.10.30 12:38:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.10.30 12:38:42 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.10.30 12:38:42 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.10.30 12:38:42 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.10.30 12:38:42 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.10.30 12:38:41 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.10.30 12:38:41 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.10.30 12:38:41 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.10.30 12:38:41 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.10.30 12:38:41 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.10.30 12:38:41 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.10.30 12:38:41 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.10.30 12:38:41 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.10.30 12:38:41 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.10.30 12:38:41 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.10.30 12:38:41 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.10.30 12:38:40 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.10.30 12:38:40 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.10.30 12:38:40 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.10.30 12:38:40 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.10.30 12:38:40 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.10.30 12:38:39 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.10.30 12:38:39 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.10.30 12:38:39 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.10.30 12:38:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.10.30 12:38:39 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.10.30 12:38:39 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.10.30 12:38:39 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.10.30 12:38:39 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.10.30 12:38:39 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.10.30 12:38:39 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.10.30 12:38:39 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.10.30 12:38:39 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.10.30 12:37:36 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.10.30 12:37:36 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.10.30 12:37:36 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.10.30 12:37:36 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.10.30 12:37:36 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.10.30 12:37:36 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.10.30 12:37:35 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.10.30 12:37:32 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.10.30 12:37:32 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.10.30 12:37:32 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.10.30 12:37:32 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.10.30 12:37:32 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.10.30 12:37:31 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.10.30 12:37:31 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.10.30 12:37:31 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.10.30 12:37:31 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.10.30 12:37:31 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.10.30 12:37:31 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.10.30 12:37:31 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.10.30 12:37:30 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.10.30 12:37:30 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.10.30 12:37:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.10.30 12:37:30 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.10.30 12:37:30 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.10.30 12:37:29 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.10.30 12:36:00 | 000,001,522 | ---- | M] () -- C:\Users\corina\Documents\cc_20111030_123555.reg
[2011.10.30 12:23:50 | 000,330,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.29 21:05:54 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.29 20:45:50 | 000,000,736 | ---- | M] () -- C:\Users\corina\Documents\cc_20111029_214545.reg
[2011.10.29 18:29:37 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-750737402-67410550-764865697-1000Core.job
[2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.09 23:02:06 | 000,565,501 | ---- | M] () -- C:\Users\corina\Desktop\tüv.pdf
[2011.10.02 19:04:31 | 000,215,414 | ---- | M] () -- C:\Users\corina\AppData\Roaming\mdbu.bin

========== Files Created - No Company Name ==========

[2011.10.30 12:38:41 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.10.30 12:35:58 | 000,001,522 | ---- | C] () -- C:\Users\corina\Documents\cc_20111030_123555.reg
[2011.10.30 11:26:00 | 3117,314,048 | -HS- | C] () -- C:\hiberfil.sys
[2011.10.29 21:05:54 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.29 20:45:47 | 000,000,736 | ---- | C] () -- C:\Users\corina\Documents\cc_20111029_214545.reg
[2011.10.09 21:03:29 | 000,565,501 | ---- | C] () -- C:\Users\corina\Desktop\tüv.pdf
[2011.07.26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.07.26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.07.26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.07.26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.04.17 09:02:55 | 000,000,121 | ---- | C] () -- C:\Windows\BHPrintHelper.INI
[2010.10.14 13:19:32 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2010.10.14 13:18:40 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2010.10.14 13:17:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2010.10.14 13:16:40 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2010.07.13 17:34:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.06.01 10:08:51 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.03.04 04:21:45 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009.01.09 01:05:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.01.09 01:05:13 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2011.06.12 23:45:22 | 000,000,000 | ---D | M] -- C:\Users\corina\AppData\Roaming\Audacity
[2011.06.05 10:22:56 | 000,000,000 | ---D | M] -- C:\Users\corina\AppData\Roaming\DVDVideoSoft
[2011.06.05 10:22:32 | 000,000,000 | ---D | M] -- C:\Users\corina\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.21 13:22:58 | 000,000,000 | ---D | M] -- C:\Users\corina\AppData\Roaming\elsterformular
[2011.06.14 20:36:53 | 000,000,000 | ---D | M] -- C:\Users\corina\AppData\Roaming\FreeFLVConverter
[2011.04.16 17:45:42 | 000,000,000 | ---D | M] -- C:\Users\corina\AppData\Roaming\Lexware
[2009.11.23 10:43:57 | 000,000,000 | ---D | M] -- C:\Users\corina\AppData\Roaming\OpenOffice.org
[2009.05.30 23:04:47 | 000,000,000 | ---D | M] -- C:\Users\corina\AppData\Roaming\Packard Bell
[2011.08.21 21:38:50 | 000,000,000 | ---D | M] -- C:\Users\corina\AppData\Roaming\Samsung
[2011.01.19 20:27:32 | 000,000,000 | ---D | M] -- C:\Users\corina\AppData\Roaming\Spotify
[2009.07.05 14:46:08 | 000,000,000 | ---D | M] -- C:\Users\corina\AppData\Roaming\Template
[2011.10.30 12:40:50 | 000,000,000 | ---D | M] -- C:\Users\corina\AppData\Roaming\uTorrent
[2011.10.14 16:49:31 | 000,000,000 | ---D | M] -- C:\Users\corina\AppData\Roaming\Yxluuh
[2011.10.30 14:26:47 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >



OTL Extras:

OTL Extras logfile created on: 30.10.2011 15:07:52 - Run 8
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\corina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 179,93 Gb Free Space | 63,12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYO-NOTEBOOK
Current User Name: corina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-750737402-67410550-764865697-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27A758CF-A062-4046-9004-328D2ECBEB11}" = rport=137 | protocol=17 | dir=out | app=system |
"{284BBE44-2157-4AB5-9BAE-E08E9C0A158C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3D016BF5-4BAE-4BAB-A680-87255A721AAB}" = lport=137 | protocol=17 | dir=in | app=system |
"{4A34A0F3-6FB1-4767-9854-A9D7AA019AFA}" = rport=138 | protocol=17 | dir=out | app=system |
"{5B075222-91AA-4827-9253-747777B2FF45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{811FBA15-F247-4D8F-A42C-A7C3D5557252}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{944BA16B-7576-47ED-A5A0-44B245820ECF}" = rport=139 | protocol=6 | dir=out | app=system |
"{9DC60C84-B2E6-4060-ADD5-2D9162EDF805}" = lport=445 | protocol=6 | dir=in | app=system |
"{D4544942-6B54-4D9C-8652-4C8BEA39A80E}" = rport=445 | protocol=6 | dir=out | app=system |
"{D64A3BC2-788F-42AB-94F2-F3ABE0AC0227}" = lport=139 | protocol=6 | dir=in | app=system |
"{EC71C001-E3F7-424A-A994-92E28F5A285B}" = lport=138 | protocol=17 | dir=in | app=system |
"{FCEBB98E-10D5-473D-A7A4-D1A51388D165}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F1718A4-1623-499B-BA35-0E4190986AE6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{237F50D6-2B82-4D82-BED6-51A21961F59E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3446D887-ABA6-410F-B5B2-05EE57F800C7}" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"{3670B0B9-333E-4E75-81BF-6AA04E30E580}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4683A320-8C27-4AA2-AA92-B46936015FF6}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{55C57AA7-2225-427E-AF2C-BD5B3843B169}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5A536C3D-B589-4CB2-8E8B-9D23874E5482}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{6B433173-C049-4A2B-B898-A9B19BEA07B3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6EE7FF55-F5D8-44CB-B59C-F1346C2D5900}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{72E69A89-2601-48AE-9164-EB08A50DFE89}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{77619B8D-1C2E-4D9C-931F-E7B431909E69}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{7A7185E9-CD4D-4066-9858-B733C4D32049}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A4453181-710B-413F-8E4A-00438FD33423}" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"{A8E01974-6C50-4F1D-B010-D96084C097CF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AA0C1D23-A309-4956-9161-FD58BF6FD571}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AA8837A5-21E2-46BB-9E0E-56C0881138FD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B1CD29B1-C99B-4158-B366-6D6F5EC7921B}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{CC2D0907-374B-40B4-AC5B-A7BDA3E74D33}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"TCP Query User{1F9BC9D2-917C-4368-AAE6-AFA35E9F44C6}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{443569BA-59AE-4EE8-99B6-32C1EF28698A}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{4ECA6F1C-15E0-4A98-8753-99C52AB14F1D}C:\program files\java\j2re1.4.2_02\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\j2re1.4.2_02\bin\java.exe |
"TCP Query User{F8502011-24EA-4047-9A27-17C2EF7B6652}C:\program files\java\j2re1.4.2_02\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\j2re1.4.2_02\bin\java.exe |
"UDP Query User{0B37119D-B4EC-4A6D-A76F-D407A53F4D44}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{BB4FB7AB-AAED-48E1-A0C8-50084B0157F0}C:\program files\java\j2re1.4.2_02\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\j2re1.4.2_02\bin\java.exe |
"UDP Query User{C57D15EB-83CC-4063-B76D-D7F0C4DBD738}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E56CD5C7-06E0-4C79-8B56-649884A7BF02}C:\program files\java\j2re1.4.2_02\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\j2re1.4.2_02\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B443CC6-7EBE-43FF-91A8-6AC3B5A085FD}" = Lexware buchhalter 2011
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C8E00BC8-D619-4081-813A-6B5BCC846534}" = Lexware Elster
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular für Privatanwender
"ESET Online Scanner" = ESET Online Scanner v3
"FKC22153088_is1" = fotokasten comfort
"FormatFactory" = FormatFactory 2.60
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.15.602
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.21.524
"Free YouTube Download_is1" = Free YouTube Download version 3.0.0.602
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.38.517
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Office2007" = Microsoft Office Home and Student
"RealPlayer 12.0" = RealPlayer
"Softonic_Deutsch_FF Toolbar" = Softonic Deutsch FF Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOPSIM - General Management II Participant" = TOPSIM - General Management II Participant
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Works9se" = Microsoft Works 9.0 SE

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-750737402-67410550-764865697-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTrader 4.11.30_b1" = ActiveTrader 4.11.30_b1
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16.07.2011 13:27:42 | Computer Name = MYO-Notebook | Source = Windows Search Service | ID = 3013
Description =

Error - 16.07.2011 13:27:43 | Computer Name = MYO-Notebook | Source = Windows Search Service | ID = 3013
Description =

Error - 16.07.2011 13:27:43 | Computer Name = MYO-Notebook | Source = Windows Search Service | ID = 3013
Description =

Error - 06.08.2011 07:19:30 | Computer Name = MYO-Notebook | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06.08.2011 07:19:30 | Computer Name = MYO-Notebook | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06.08.2011 07:20:26 | Computer Name = MYO-Notebook | Source = WinMgmt | ID = 10
Description =

Error - 21.08.2011 07:40:07 | Computer Name = MYO-Notebook | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 21.08.2011 07:40:07 | Computer Name = MYO-Notebook | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 21.08.2011 07:40:44 | Computer Name = MYO-Notebook | Source = WinMgmt | ID = 10
Description =

Error - 21.08.2011 10:41:40 | Computer Name = MYO-Notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung pica.exe, Version 0.0.0.0, Zeitstempel 0x4e2006c2,
fehlerhaftes Modul QtCore4.dll, Version 4.7.2.0, Zeitstempel 0x4db68ca8, Ausnahmecode
0xc0000005, Fehleroffset 0x000cfc93, Prozess-ID 0x1584, Anwendungsstartzeit 01cc5ffd0af74521.

[ Media Center Events ]
Error - 20.10.2009 05:34:50 | Computer Name = MYO-Notebook | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme:
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.

[ System Events ]
Error - 30.10.2011 03:32:47 | Computer Name = MYO-Notebook | Source = Service Control Manager | ID = 7001
Description =

Error - 30.10.2011 03:32:47 | Computer Name = MYO-Notebook | Source = Service Control Manager | ID = 7001
Description =

Error - 30.10.2011 03:32:47 | Computer Name = MYO-Notebook | Source = Service Control Manager | ID = 7001
Description =

Error - 30.10.2011 04:24:13 | Computer Name = MYO-Notebook | Source = Service Control Manager | ID = 7001
Description =

Error - 30.10.2011 04:43:06 | Computer Name = MYO-Notebook | Source = Service Control Manager | ID = 7001
Description =

Error - 30.10.2011 04:43:06 | Computer Name = MYO-Notebook | Source = Service Control Manager | ID = 7001
Description =

Error - 30.10.2011 06:27:44 | Computer Name = MYO-Notebook | Source = Service Control Manager | ID = 7000
Description =

Error - 30.10.2011 07:21:05 | Computer Name = MYO-Notebook | Source = DCOM | ID = 10010
Description =

Error - 30.10.2011 07:24:24 | Computer Name = MYO-Notebook | Source = Service Control Manager | ID = 7000
Description =

Error - 30.10.2011 09:29:27 | Computer Name = MYO-Notebook | Source = Service Control Manager | ID = 7000
Description =


< End of report >




Mich beunruhigt diese Datei ziew.exe, Hijackthis kann sie nicht fixen und andere finden sie nicht (Malware und Avira finden gar nichts mehr).

Vielleicht kann mir jemand den Fix für OTL sagen, damit kenne ich mich leider nicht aus...

Vielen vielen Dank und viele Grüße :)

Machst du Onlinebanking oder ähnliche kritische Dinge mit diesem PC unter dieser verseuchten Windows-Installation?

Isses so schlimm???

hier noch der Gmer Scan

GMER Logfile:
--- --- ---

Kannst du meine Frage nun beantworten oder nicht?

Sorry, wusste nicht dass sie ernst gemeint war. Ich dachte, das sollte ein sarkastischer Kommentar sein...
Hin und wieder mache ich Onlinebanking, ist aber schon länger her und unter diesen Umständen werde ich es wohl auch erst mal lassen!

Wieso? Hilft das der Problembehebung?

Bei Onlinebanking solltest du generell sehr vorsichtig sein und überlegen ob du den riskanten Kompromiss einer Bereinigung wirklich eingehen willst.
Normalerweise empfiehlt man bei sowas eine Neuinstallation von Windows und anschließend das Ändern sämtlicher Passwörter!

OK, also würdest du von einer Bereinigung abraten?

Ja, soll ich alles 2x schreiben? Steht doch eindeutig da, dass du bei SpyEyes unbedingt neu aufsetzen solltest, v.a. wenn du weiterhin sicher Onlinebanken willst.
Und hinterher alle Passwörter ändern.
Beachte ganz genau deine Kontobewegungen. Wenn du sicher gehen willst kannst du auch Onlinebanking erstmal sperren lassen, damit kein Unfug da betrieben wird.

Ok, sorry fürs Nachfragen, kenne mich halt nicht aus.

Trotzdem vielen Dank für deine Hilfe.

Ich hätte jetzt doch noch ein paar Fragen:

- Ich habe nun eine externe Festplatte, auf der ich alle Daten speichern will. Kann ich meine Daten ohne Probleme kopieren oder laufe ich dann Gefahr, dass ich irgendwo den Trojaner mitkopiere?

- Ich habe meine Passwörter von einem anderen Rechner geändert, damit sollte ich wieder sicher sein oder?

- Was muss ich tun um Windows neu aufzusetzen? Was muss ich beachten, z.b. welche windowsrelevanten Files muss ich auf die externe Platte kopieren?

Weiterhin tausend Dank für deine Hilfe, ihr seid echt super hier :)

100% Sicherheit gibt es nicht.
Beschränke dich auf persönliche Dateien, Musik, Bilder, Videos, Dokumente, etc aber KEINE Programme/Spiele/Setups oder Bestandteile davon.

Ja, wenn der sauber ist ist das ok
Folge dem Artikel zur Neuinstallation von Windows

Auf meinem Laptop gibt es das Packard Bell Recovery Management Programm.
Wenn ich damit das System auf Werksvorgabe zurücksetzen lasse, ist der Rechner dann so, wie ich ihn bekommen habe?
Dabei wird doch alles formatiert, dh. dann müsste der Rechner doch auch sauber sein, oder?

Ansonsten habe ich noch 3 CDs, auf denen aber nichts drauf steht. Sind das die Recovery CDs? Eine CD mit Vista und Lizenzschlüssel habe ich nämlich nicht..

Woher soll ich das wissen, wenn ich die Dinger noch nie gesehen geschweige denn in der Hand hatte? :confused:
Probiers aus. Einfach von der ersten CD booten.

Yo! Die Antwort hab ich mir fast gedacht :)

Jut, ich probiers..

Vielen Dank nochmal!