Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Vista Recovery Scam? (https://www.trojaner-board.de/99597-windows-vista-recovery-scam.html)

taobonn 26.05.2011 15:11
Windows Vista Recovery Scam?
 
Hallo,
Seid heute morgen fährt mein Windows Vista PC nur noch soweit hoch, bis ein Fenster mit Windows Vista Recovery erscheint und mir sagt, das meine Festplatte beschädigt ist und ich das "Advanced Recovery" kaufen muss, um das Problem zu beheben....
Ist das ein Fake? ein Trojaner?
Wie kann ich den entfernen?
Brauche dringend Hilfe, kann den Desktop nicht mehr benutzen....schreibe von einem anderen PC.
Bitte dringend um Hilfe und Erklärung was das vor sich geht.
Vielen Dank im Voraus.

markusg 26.05.2011 16:16
hi, versuch mal bei pc start in den abgesicherten modus mit netzwerk zu kommen, bei pc start meist mit f8
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

taobonn 27.05.2011 15:00
Vielen Dank für die Info.
Die Webseite zum download für OTL ist im Moment nicht erreichbar....

Es ist also ganz klar eine Malware bzw. Trojaner, den ich mir da gefangen habe und nach dem Lesen im Forum bin ich da auch nicht die Einzige, die damit im Moment Probleme hat.
Beim heutigen hochfahren, begrüsste mich eine schware Screen und mein AVIRA beklagte den Fund von: tKBeGFnootVpbn.exe, im Directory TR/DLdr.dapato.bm1
Beim erneuten Scan fand sich: TR/FakeAV.aiy
Needless to say, meine ganzen Dateien in allen Foldern sind versteck, können aber manuell sichtbar gemacht werden, was mir aber nicht weiterhilft. Komme an keine Programmfunktion....
Hilfe.....

markusg 27.05.2011 15:22
hi.
das mit dem nicht laufenden download ligt nicht an der malware.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

taobonn 27.05.2011 18:48
uff, habe es nun doch geschafft OTL runterzuladen und den Scan im infizierten PC laufen zu lassen, von dem ich auch gerade schreibe...

hier kommt der erste Report:OTL Logfile:
Code:
OTL logfile created on: 27.05.2011 18:35:31 - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 47,70% Memory free
6,22 Gb Paging File | 4,65 Gb Available in Paging File | 74,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 15,95 Gb Free Space | 3,58% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,68 Gb Free Space | 53,40% Space Free | Partition Type: FAT32
Drive F: | 1,89 Gb Total Space | 1,11 Gb Free Space | 58,76% Space Free | Partition Type: FAT32
 
Computer Name:  | User Name:  | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Programme\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Programme\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Programme\Common Files\aol\1203071659\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (SafeList) ==========
 
MOD - F:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (Adobe Version Cue CS2) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam Pro 5000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (BrPar) -- C:\Windows\System32\drivers\BrPar.sys (Brother Industries Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=www.tao-yoga.com:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={DE5203E1-558B-5B65-C36D-C9C08CEED7EE}&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.01.14 13:40:52 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.25 12:28:03 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.25 12:27:56 | 000,000,000 | -H-D | M]
 
[2008.12.11 10:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Renu\AppData\Roaming\mozilla\Extensions
[2011.05.22 15:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Renu\AppData\Roaming\mozilla\Firefox\Profiles\qyskswfc.default\extensions
[2011.05.22 15:51:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Renu\AppData\Roaming\mozilla\Firefox\Profiles\qyskswfc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.27 10:03:39 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Renu\AppData\Roaming\mozilla\Firefox\Profiles\qyskswfc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.01.10 10:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Renu\AppData\Roaming\mozilla\Firefox\Profiles\qyskswfc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2008.12.11 10:47:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.12.22 05:57:54 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.12.22 05:57:54 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 10:34:01 | 000,003,700 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fast.png
[2010.01.16 10:34:01 | 000,001,963 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fast.xml
[2009.12.22 05:57:54 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.12.22 05:57:54 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.12.22 05:57:54 | 000,000,801 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.11 08:12:24 | 000,430,929 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.1001-search.info
O1 - Hosts: 127.0.0.1        1001-search.info
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.123topsearch.com
O1 - Hosts: 127.0.0.1        123topsearch.com
O1 - Hosts: 127.0.0.1        www.132.com
O1 - Hosts: 127.0.0.1        132.com
O1 - Hosts: 127.0.0.1        www.136136.net
O1 - Hosts: 14843 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1203071659\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Renu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\QuickCam\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Renu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Renu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Renu\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Renu\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Version Cue CS2 - hkey= - key= - C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - C:\Programme\GoogleEULA\EULALauncher.exe ( )
MsConfig - StartUpReg: TVBroadcast - hkey= - key= - C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {173B3665-EFCE-51D0-B242-E7B6558339A7} - Browser Customizations
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3689DA1F-AFB9-3BB1-2C79-040D649E52BC} - Viewpoint Media Player
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A7B5CF1-E2F4-C40E-6919-0FA6CBF5CAF8} - Viewpoint Media Player
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E53258BD-EE51-8EC4-E849-6712A52C24B9} -
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.26 08:25:54 | 000,000,000 | ---D | C] -- C:\Users\Renu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011.05.23 06:59:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.05.23 06:59:49 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.05.23 06:59:49 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.05.23 06:59:49 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.05.23 06:59:49 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.05.23 06:59:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.05.23 06:59:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.05.23 06:59:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.05.23 06:59:48 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.05.23 06:59:48 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.05.23 06:59:48 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.05.23 06:59:48 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.05.23 06:59:48 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.05.23 06:59:48 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.05.23 06:59:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.05.23 06:59:48 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.05.23 06:59:48 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.05.23 06:59:48 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.05.23 06:59:48 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.05.23 06:59:48 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.05.23 06:59:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.05.23 06:59:47 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.05.23 06:59:47 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.05.23 06:59:47 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.05.23 06:59:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.05.23 06:59:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.05.23 06:59:47 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.05.23 06:59:47 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.05.23 06:59:46 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.05.23 06:59:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.05.23 06:59:46 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.05.23 06:59:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.05.23 06:59:46 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.05.23 06:59:46 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.05.23 06:59:46 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.05.23 06:59:46 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.05.23 06:59:46 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.05.23 06:59:46 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.05.23 06:59:46 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.05.22 16:38:13 | 000,000,000 | ---D | C] -- C:\Users\Renu\Documents\Magnet-therapie
[2011.05.20 07:55:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.05.20 07:54:55 | 000,000,000 | -H-D | C] -- C:\Programme\iPod
[2011.05.20 07:54:50 | 000,000,000 | -H-D | C] -- C:\Programme\iTunes
[2011.05.20 07:52:22 | 000,000,000 | -H-D | C] -- C:\Programme\Bonjour
[2011.05.19 20:59:27 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.05.19 20:59:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.05.19 20:59:24 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.27 18:30:17 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.05.27 18:25:56 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.27 18:25:56 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.27 18:21:00 | 000,001,096 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.27 14:51:43 | 000,001,092 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.27 14:44:00 | 000,352,615 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011.05.27 14:43:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.27 14:43:36 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.26 16:12:52 | 000,052,224 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2011.05.26 15:31:11 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~27778808r
[2011.05.26 15:31:11 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~27778808
[2011.05.26 09:07:40 | 000,196,608 | -H-- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.05.26 08:47:12 | 001,515,704 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.26 08:47:11 | 003,629,384 | -H-- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.26 08:47:11 | 001,085,394 | -H-- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.26 08:47:11 | 000,979,640 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.26 08:40:16 | 000,052,597 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011.05.26 08:40:16 | 000,052,597 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.05.26 08:39:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011.05.26 08:37:44 | 000,000,392 | -H-- | M] () -- C:\ProgramData\27778808
[2011.05.26 08:25:55 | 000,000,599 | ---- | M] () -- C:\Users\Renu\Desktop\Windows Vista Recovery.lnk
[2011.05.24 19:36:23 | 000,062,372 | ---- | M] () -- C:\Users\Renu\Documents\newsletter-5-11.smp
[2011.05.24 19:16:42 | 000,600,058 | ---- | M] () -- C:\Users\Renu\Documents\newsletter-5-11.smr
[2011.05.24 16:38:30 | 000,017,019 | ---- | M] () -- C:\Users\Renu\Documents\newsletter-5-11.bak
[2011.05.24 15:11:36 | 000,001,005 | ---- | M] () -- C:\Users\Renu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2011.05.24 12:21:25 | 000,000,069 | -H-- | M] () -- C:\Windows\NeroDigital.ini
[2011.05.24 12:21:24 | 000,132,608 | ---- | M] () -- C:\Users\Renu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.23 07:52:39 | 000,074,461 | ---- | M] () -- C:\Users\Renu\Documents\NACHWEIS-2006-seite 1.pdf
[2011.05.23 07:52:35 | 000,246,081 | ---- | M] () -- C:\Users\Renu\Documents\Kursnachweis-german.pdf
[2011.05.23 06:59:56 | 000,008,798 | -H-- | M] () -- C:\Windows\System32\icrav03.rat
[2011.05.23 06:59:56 | 000,001,988 | -H-- | M] () -- C:\Windows\System32\ticrf.rat
[2011.05.23 06:59:49 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.05.23 06:59:49 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.05.23 06:59:49 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.05.23 06:59:49 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.05.23 06:59:49 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.05.23 06:59:49 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.05.23 06:59:49 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.05.23 06:59:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.05.23 06:59:48 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.05.23 06:59:48 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.05.23 06:59:48 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.05.23 06:59:48 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.05.23 06:59:48 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.05.23 06:59:48 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.05.23 06:59:48 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.05.23 06:59:48 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.05.23 06:59:48 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.05.23 06:59:48 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.05.23 06:59:48 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.05.23 06:59:48 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.05.23 06:59:48 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.05.23 06:59:47 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.05.23 06:59:47 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.05.23 06:59:47 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.05.23 06:59:47 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.05.23 06:59:47 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.05.23 06:59:47 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.05.23 06:59:47 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.05.23 06:59:47 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.05.23 06:59:46 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.05.23 06:59:46 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.05.23 06:59:46 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.05.23 06:59:46 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.05.23 06:59:46 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.05.23 06:59:46 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.05.23 06:59:46 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.05.23 06:59:46 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.05.23 06:59:46 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.05.23 06:59:46 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.05.23 06:59:46 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011.04.30 17:14:39 | 000,000,454 | -H-- | M] () -- C:\Windows\BRWMARK.INI
[2011.04.30 17:14:39 | 000,000,052 | -H-- | M] () -- C:\Windows\brpp2ka.ini
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.26 15:31:11 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~27778808r
[2011.05.26 15:31:11 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~27778808
[2011.05.26 08:25:55 | 000,000,599 | ---- | C] () -- C:\Users\Renu\Desktop\Windows Vista Recovery.lnk
[2011.05.26 08:25:48 | 000,000,392 | -H-- | C] () -- C:\ProgramData\27778808
[2011.05.24 19:36:23 | 000,017,019 | ---- | C] () -- C:\Users\Renu\Documents\newsletter-5-11.bak
[2011.05.24 16:38:30 | 000,600,058 | ---- | C] () -- C:\Users\Renu\Documents\newsletter-5-11.smr
[2011.05.24 16:38:30 | 000,062,372 | ---- | C] () -- C:\Users\Renu\Documents\newsletter-5-11.smp
[2011.05.24 15:11:36 | 000,001,005 | ---- | C] () -- C:\Users\Renu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2011.05.23 07:51:12 | 000,074,461 | ---- | C] () -- C:\Users\Renu\Documents\NACHWEIS-2006-seite 1.pdf
[2011.05.23 07:45:38 | 000,246,081 | ---- | C] () -- C:\Users\Renu\Documents\Kursnachweis-german.pdf
[2011.05.23 06:59:48 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.05.22 20:26:11 | 000,055,777 | ---- | C] () -- C:\Users\Renu\Documents\PUBÉté2011.pdf
[2011.05.22 11:46:10 | 002,232,320 | ---- | C] () -- C:\Users\Renu\Documents\Poema_de_Victor_Hugo.pps
[2011.05.11 07:19:50 | 000,156,585 | ---- | C] () -- C:\Users\Renu\Documents\Poster-taoyoga-bonn.pdf
[2011.05.04 18:02:06 | 000,978,944 | ---- | C] () -- C:\Users\Renu\Documents\Namens-schild.indd
[2010.10.06 07:07:40 | 000,052,597 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2010.10.06 07:04:24 | 000,052,597 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2010.08.27 13:47:40 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2010.06.14 14:21:56 | 000,000,141 | ---- | C] () -- C:\Users\Renu\AppData\Roaming\default.rss
[2010.06.02 18:30:12 | 000,004,767 | -H-- | C] () -- C:\Windows\Irremote.ini
[2010.01.08 09:56:44 | 000,000,037 | -H-- | C] () -- C:\Windows\cdplayer.ini
[2009.10.11 20:27:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.11 20:27:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.01 19:39:32 | 000,000,454 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2009.07.01 19:39:32 | 000,000,030 | -H-- | C] () -- C:\Windows\System32\brss01a.ini
[2009.07.01 18:29:13 | 000,000,146 | -H-- | C] () -- C:\Windows\BRVIDEO.INI
[2009.07.01 18:29:13 | 000,000,052 | -H-- | C] () -- C:\Windows\brpp2ka.ini
[2009.07.01 18:29:13 | 000,000,040 | -H-- | C] () -- C:\Windows\BRDIAG.INI
[2009.07.01 18:29:13 | 000,000,023 | -H-- | C] () -- C:\Windows\Brownie.ini
[2009.07.01 18:29:13 | 000,000,000 | -H-- | C] () -- C:\Windows\bw5150d.ini
[2009.07.01 18:29:13 | 000,000,000 | -H-- | C] () -- C:\Windows\brmx2001.ini
[2009.07.01 18:29:12 | 000,077,824 | -H-- | C] () -- C:\Windows\System32\BROSNMP.DLL
[2009.07.01 18:29:12 | 000,026,624 | -H-- | C] () -- C:\Windows\System32\BRGSRC32.DLL
[2009.07.01 18:29:12 | 000,015,108 | -H-- | C] () -- C:\Windows\HL-5150D.INI
[2009.07.01 18:29:12 | 000,004,608 | -H-- | C] () -- C:\Windows\System32\BRGSRC16.DLL
[2009.01.10 11:15:56 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008.12.28 12:30:18 | 000,004,096 | ---- | C] () -- C:\Users\Renu\AppData\Local\keyfile3.drm
[2008.11.28 11:15:50 | 011,206,656 | RH-- | C] () -- C:\Windows\System32\zhhp_res.dll
[2008.11.28 11:15:50 | 000,749,568 | RH-- | C] () -- C:\Windows\System32\agissi.dll
[2008.11.28 11:15:50 | 000,348,160 | RH-- | C] () -- C:\Windows\System32\zshp2600.exe
[2008.11.28 11:15:50 | 000,299,008 | RH-- | C] () -- C:\Windows\System32\zhhp2600.exe
[2008.11.19 17:02:43 | 000,037,888 | -H-- | C] () -- C:\Windows\System32\setupnt.dll
[2008.09.13 09:54:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.12 12:43:42 | 000,000,000 | ---- | C] () -- C:\Users\Renu\AppData\Roaming\Default.PLS
[2008.08.12 07:36:08 | 000,002,241 | -H-- | C] () -- C:\Windows\panose.bin
[2008.07.26 08:25:02 | 000,025,624 | -H-- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008.05.26 11:24:14 | 000,039,095 | -H-- | C] () -- C:\Windows\Iccsigs.dat
[2008.05.26 11:24:14 | 000,000,156 | -H-- | C] () -- C:\Windows\KPCMS.INI
[2008.05.26 11:23:52 | 000,210,944 | -H-- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2008.05.26 11:23:51 | 000,042,483 | -H-- | C] () -- C:\Windows\ICCCODES.DAT
[2008.02.22 11:28:36 | 000,000,175 | -H-- | C] () -- C:\Windows\homeDVD-Fotos3.INI
[2008.02.22 10:01:52 | 000,010,240 | -H-- | C] () -- C:\Windows\System32\vidx16.dll
[2008.02.22 10:01:44 | 000,019,968 | -H-- | C] () -- C:\Windows\System32\cpuinf32.dll
[2008.02.22 09:58:27 | 000,000,186 | -H-- | C] () -- C:\Windows\magix.ini
[2008.02.21 09:16:38 | 000,000,032 | -H-- | C] () -- C:\ProgramData\ezsid.dat
[2008.02.19 08:33:34 | 000,446,352 | -H-- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2008.02.16 13:08:53 | 000,016,384 | -H-- | C] () -- C:\Windows\System32\FileOps.exe
[2008.02.15 12:34:12 | 000,000,335 | -H-- | C] () -- C:\Windows\nsreg.dat
[2008.02.15 09:52:05 | 000,132,608 | ---- | C] () -- C:\Users\Renu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.14 18:16:52 | 000,000,400 | -H-- | C] () -- C:\Windows\ODBC.INI
[2008.02.14 15:43:13 | 000,000,305 | -H-- | C] () -- C:\ProgramData\addr_file.html
[2008.02.14 13:14:17 | 000,000,461 | -H-- | C] () -- C:\Windows\SUPERLEX.INI
[2008.02.14 12:23:46 | 000,000,092 | ---- | C] () -- C:\Users\Renu\AppData\Local\fusioncache.dat
[2008.02.14 12:07:33 | 000,003,636 | -H-- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008.01.14 16:31:58 | 000,120,200 | -H-- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.01.14 16:31:57 | 000,000,887 | -H-- | C] () -- C:\Windows\mgxoschk.ini
[2008.01.14 14:02:18 | 000,000,381 | -H-- | C] () -- C:\Windows\WISO.INI
[2008.01.14 13:05:44 | 000,299,008 | -H-- | C] () -- C:\Windows\System32\midas.dll
[2008.01.14 13:05:44 | 000,120,320 | -H-- | C] () -- C:\Windows\System32\UnzDll.dll
[2008.01.14 11:59:00 | 000,009,824 | -H-- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.12.12 17:49:10 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2007.12.12 15:45:55 | 000,127,184 | -H-- | C] () -- C:\Windows\Unwise.exe
[2007.05.11 16:12:54 | 000,057,126 | -H-- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006.11.02 17:33:31 | 003,629,384 | -H-- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 001,085,394 | -H-- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,290,748 | -H-- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,036,916 | -H-- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,413,016 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 001,515,704 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,979,640 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat
[2003.02.20 18:53:42 | 000,005,702 | -H-- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010.11.06 19:28:16 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\DVDVideoSoft
[2010.08.27 10:03:37 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.01.03 13:33:17 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\GHISLER
[2008.08.22 11:02:04 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Leadertech
[2010.07.01 08:44:48 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\mresreg
[2008.02.20 11:35:51 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Opera
[2009.02.09 20:39:44 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Software4u
[2010.10.08 22:23:26 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\SuperMailer
[2011.05.27 14:42:34 | 000,032,558 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.05.27 18:28:13 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Adobe
[2008.02.15 18:40:36 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\AdobeUM
[2009.05.26 17:39:38 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\AOL
[2010.05.25 09:04:39 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Apple Computer
[2010.04.04 17:53:47 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Avira
[2009.07.05 09:03:16 | 000,000,000 | R--D | M] -- C:\Users\Renu\AppData\Roaming\Brother
[2010.08.27 09:48:50 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\CyberLink
[2010.11.06 19:28:16 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\DVDVideoSoft
[2010.08.27 10:03:37 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.01.03 13:33:17 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\GHISLER
[2008.06.03 08:01:37 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Google
[2008.02.14 12:23:31 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Identities
[2008.08.22 11:02:04 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Leadertech
[2010.02.20 18:42:15 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Macromedia
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Media Center Programs
[2010.08.27 13:51:18 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Media Player Classic
[2008.12.26 12:44:30 | 000,000,000 | --SD | M] -- C:\Users\Renu\AppData\Roaming\Microsoft
[2008.12.11 10:47:39 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Mozilla
[2010.07.01 08:44:48 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\mresreg
[2010.06.09 19:00:29 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Nero
[2008.02.20 11:35:51 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Opera
[2010.02.01 11:31:13 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Real
[2011.05.25 08:31:11 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Skype
[2009.06.24 07:12:44 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\skypePM
[2009.02.09 20:39:44 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Software4u
[2010.10.08 22:23:26 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\SuperMailer
[2008.02.25 15:53:00 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Talkback
 
< %APPDATA%\*.exe /s >
[2008.04.01 15:04:46 | 012,458,408 | ---- | M] (Adobe Systems Inc                                          ) -- C:\Users\Renu\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AcrobatUpd708_all_incr.exe
[2008.04.01 15:07:50 | 008,734,056 | ---- | M] (Adobe Systems Inc                                          ) -- C:\Users\Renu\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AcrobatUpd709_all_incr.exe
[2010.02.01 11:31:17 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Renu\AppData\Roaming\Real\Update\setup3.09\setup.exe
[2010.09.15 05:10:22 | 000,456,200 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Renu\AppData\Roaming\Real\Update\setup3.12\setup.exe
[2011.01.27 13:14:23 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\\AppData\Roaming\Real\Update\setup3.13\setup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | -H-- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.09.10 13:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.09.10 13:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.02.16 09:29:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.16 09:29:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.16 09:29:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.02.16 09:29:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 23:30:08 | 000,007,216 | -H-- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Programme\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.12.03 15:58:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.12.03 15:58:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 00:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | -H-- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | -H-- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.10.31 12:23:20 | 000,115,744 | -H-- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\drivers\nvstor32.sys
[2007.10.31 12:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a4ed2674\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.11.14 23:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.11.14 23:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.03.03 16:06:04 | 000,279,440 | -H-- | M] (Check Point Software Technologies LTD) Unable to obtain MD5 -- C:\Windows\System32\drivers\vsdatant.sys
[1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | -H-- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | -H-- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | -H-- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | -H-- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | -H-- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.05.23 06:59:48 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2011.05.23 06:59:48 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
--- --- ---

taobonn 27.05.2011 18:52
und hier kommt der zweite LogOTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 27.05.2011 18:35:31 - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 47,70% Memory free
6,22 Gb Paging File | 4,65 Gb Available in Paging File | 74,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 15,95 Gb Free Space | 3,58% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,68 Gb Free Space | 53,40% Space Free | Partition Type: FAT32
Drive F: | 1,89 Gb Total Space | 1,11 Gb Free Space | 58,76% Space Free | Partition Type: FAT32
 
Computer Name: | User Name:| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3092134922-1924448069-2960334642-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BACFA6-7566-4F39-93ED-43036992CF7F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{066EF2C6-466A-404F-96CB-ADA2439F81A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B0CA4FE-8230-4206-85BA-8769BE78C599}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe |
"{0BE04582-A3D0-4724-B1D1-18F701998C19}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{144FD7C8-1219-496C-B8C4-09CBBF32A868}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17DFA6D6-14EE-4A7C-8091-AD95A878C147}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{239394A7-B72E-44A1-A1BB-4C70EBDA656D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{2AFC0213-E1AC-414F-9C25-FE3AAF2E1A65}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{2B994366-DC4F-4049-B16A-016C64061FA0}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe |
"{2EF95972-5FDA-46DD-8C43-8FB4754D120D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{328629DD-29F2-4ACB-8DCA-0902C70943E4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{34E2EAB9-F061-4B38-A3DE-4D62E6581C58}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38B76EB1-3A41-4862-BF31-AD35EBAF9257}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{3CE6CC7C-016C-4D12-AB6F-38815DDD8286}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{42C4C4AB-ED99-4011-B9A9-0F6C60630F1C}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{4B52AF89-9667-41B0-9937-6B615D4AEE19}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{522F2D4E-37A5-4659-B5AE-0310C39DE637}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57C6E372-07C6-4E25-A547-24EF3ED2C869}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C6B0732-E901-4171-97E5-D1B4F026DDE6}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{5D4F9BFA-493C-47DE-9A1B-2ED2D7A67D4A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1203071659\ee\aolsoftware.exe |
"{63F86C92-B9EF-4F15-B147-8DBC3C714CDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{667020A2-B998-45D2-97B4-1B08D80809DE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67AC8DCC-C60B-4769-B858-F9DADEC05FC5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{707B101B-3D6B-4654-815C-17407FAD69A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7782A756-5764-4D52-ABA5-1BB0A3462FAD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1203071659\ee\aolsoftware.exe |
"{78C1FEDF-4280-4BF9-8A1E-D51D72147366}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C26AC9C-DE82-45E5-9AFE-BB152B69392F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C50C083-1C32-4D34-B0F2-9284F630D4BE}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe |
"{7FCF3FED-1E1C-4F68-B77A-05BD2A687FDC}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{8269A126-3A17-48F4-825A-510CA275DFC2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8369E550-B263-48F6-9AE4-B1E5CA1B0CC7}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe |
"{944ACED2-B5DC-4035-A86A-4A1A2F5FB920}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A744951-A156-4F58-B85D-31037146BB7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3A1AD66-11E4-418C-B80F-FEF56E15DA19}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A6777EA8-8EB6-4825-A79F-88C332734379}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A74C2128-0FB5-48AE-8148-321717C6C8E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B85D93A4-79F4-4902-AF47-2A96947E0545}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9BB4AB3-1E2A-491C-8871-A7320A7D7EA9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BCBB4C4C-9D31-4857-8FB0-54AC9CCCCFBF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{CABC53B4-8414-40DD-8674-D3293E7D3CF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E28C52F0-A482-4B5D-8A93-E344DA8B3FB3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E446091E-5CCC-4352-A7F2-811C635B850D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB7457D8-3631-4C02-A88E-52C0077820C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0BA2FEA-896B-424B-8F43-E66194BD2615}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1101A87-0E34-472D-8164-19D1ADF188E2}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{F1EDE5A5-9B53-44BD-9C23-31C966FE298B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{F5F1B2E2-C6E5-4EAA-8312-E8BC836D47AF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{46548E80-0407-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8 Essentials
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7abfed26-00b3-42c7-9098-3d33f7e4981e}" = Nero 9
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000004}" = Spelling Dictionaries Support For Adobe Reader 8
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"678B5665-C9E7-4853-91C9-05A2FD16B179_is1" = Registry CleanUP 2007 1.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AOL Deinstallation" = AOL Deinstallation
"AOL Installations-Manager" = AOL Installations-Manager
"AOL Toolbar 4.0" =
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Brother HL-5150D" = Brother HL-5150D
"CCleaner" = CCleaner
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Convert to DIVX AVI WMV MP4 MPEG Converter_is1" = Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
"Free Studio_is1" = Free Studio version 4.9.13
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LetsTrade" = LetsTrade Komponenten
"lvdrivers_11.80" = Logitech QuickCam-Treiberpaket
"MAGIX Fotos auf CD & DVD 3.0" = MAGIX Fotos auf CD & DVD 3.0
"MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"NewsletterDesigner_is1" = NewsletterDesigner
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ST6UNST #1" = I Ching V1.6
"SuperMailer" = SuperMailer 5.51
"Totalcmd" = Total Commander (Remove or Repair)
"TrueImage" = Acronis*TrueImage
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinRAR archiver" = WinRAR archiver
"X10Hardware" = X10 Hardware(TM)
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoneAlarm" = ZoneAlarm
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.11.2009 05:25:41 | Computer Name =| Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RunDLL32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul lmpgspl.ax, Version 3.5.0.64, Zeitstempel 0x3bf3f037,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00001652,  Prozess-ID 0x2630, Anwendungsstartzeit
 01ca669ec3e7abd8.
 
Error - 16.11.2009 05:25:44 | Computer Name = | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RunDLL32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul lmpgspl.ax, Version 3.5.0.64, Zeitstempel 0x3bf3f037,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00001652,  Prozess-ID 0x2224, Anwendungsstartzeit
 01ca669ec5ddd688.
 
Error - 16.11.2009 05:25:47 | Computer Name =  | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RunDLL32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul lmpgspl.ax, Version 3.5.0.64, Zeitstempel 0x3bf3f037,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00001652,  Prozess-ID 0x2754, Anwendungsstartzeit
 01ca669ec7b3cf08.
 
Error - 17.11.2009 02:12:35 | Computer Name = | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 17.11.2009 02:12:35 | Computer Name =  | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.11.2009 03:35:28 | Computer Name =  | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.11.2009 03:35:28 | Computer Name =  | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.11.2009 03:47:26 | Computer Name =  | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.11.2009 03:47:26 | Computer Name = | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.11.2009 05:11:51 | Computer Name =  | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.18828 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 1a04  Anfangszeit: 01ca682eaea7b3c4  Zeitpunkt
 der Beendigung: 7
 
[ System Events ]
Error - 27.05.2011 08:38:05 | Computer Name =  | Source = netbt | ID = 4321
Description = Der Name "      :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.22  registriert werden. Der Computer mit IP-Adresse 192.168.178.23
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 27.05.2011 08:38:05 | Computer Name =  | Source = netbt | ID = 4321
Description = Der Name "      :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.22  registriert werden. Der Computer mit IP-Adresse 192.168.178.23
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 27.05.2011 08:38:08 | Computer Name =  | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{748288BB-19A2-4DBA-8EEF-45748456F5C4} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 27.05.2011 08:38:08 | Computer Name = | Source = netbt | ID = 4321
Description = Der Name "      :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.22  registriert werden. Der Computer mit IP-Adresse 192.168.178.23
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 27.05.2011 08:38:11 | Computer Name =  | Source = Service Control Manager | ID = 7002
Description =
 
Error - 27.05.2011 08:43:44 | Computer Name = | Source = netbt | ID = 4321
Description = Der Name "      :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.22  registriert werden. Der Computer mit IP-Adresse 192.168.178.23
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 27.05.2011 08:43:44 | Computer Name = | Source = netbt | ID = 4321
Description = Der Name "      :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.22  registriert werden. Der Computer mit IP-Adresse 192.168.178.23
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 27.05.2011 08:43:47 | Computer Name =  | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{748288BB-19A2-4DBA-8EEF-45748456F5C4} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 27.05.2011 08:43:47 | Computer Name =  | Source = netbt | ID = 4321
Description = Der Name "        :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.22  registriert werden. Der Computer mit IP-Adresse 192.168.178.23
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 27.05.2011 08:43:50 | Computer Name = | Source = Service Control Manager | ID = 7002
Description =
 
 
< End of report >
--- --- ---

taobonn 27.05.2011 19:20
und hier noch der Log von Malware bytes.
Würde mich über weitere Hilfe, wie ich meinen PC wieder in seinen alten Zustand zurück versetzen kann sehr freuen.


Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6694

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

27.05.2011 20:17:19
mbam-log-2011-05-27 (20-17-19).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 157830
Laufzeit: 4 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

markusg 27.05.2011 19:36
1. deinstaliere mal spybot, starte neu.
2. nutze jetzt combofix.

taobonn 27.05.2011 19:46
Übrigens hat "Windows Vista Recovery" sogar ein Icon auf meinem Desktop installiert und ist unter Programme zu finden.... mit einem "De-installier-Button" wie soll und kann ich das löschen?

taobonn 27.05.2011 19:58
Combofix!
was macht dieses Programm und wird mein Rechner dann von dem Trojaner befreit?
Bitte um kurze Erläuterung.....

taobonn 27.05.2011 20:31
Na toll, jetzt habe ich trotz meiner Zweifel dieses Combofix laufen lassen und jetzt funktioniert nix mehr auf meinem Rechner....
Die Programme sind zwar wieder da.....aber kein Programm startet mehr...
z.B. wenn ich den explorer öffnen will kommt: "es wurde versucht einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum löschen markiert wurde"

scheisse, was ist denn jetzt los....
ich schreibe im Moment wieder von einem anderen Rechner, weil beim infizierten nix mehr läuft.....bitte um Hilfe....

markusg 28.05.2011 11:30
ich warte auf combofix.
deine programme gehen nach neustart wieder.

taobonn 28.05.2011 15:25
Hallo Markusg...
wäre froh, wenn Du mir weiter helfen könntest....
gestern abend habe ich dann einfach alles ausgestellt und aufgegeben....
Jetzt wage ich mich wieder dran.

Die Programmleiste ist wieder da aber nicht vollständig. Meine Daten scheinen vollständig erhalten aber unter "Eigenen Dateinen" gibt es keine Einträge...
mehr habe ich noch nicht entdeckt...
Ich bin ziemlich verzweifelt und brauche den Rechner dringend...

markusg 28.05.2011 15:28
poste den inhalt von combofix.txt

taobonn 28.05.2011 15:45
bin im Moment an einem anderen Rechner....muss noch etwas arbeiten und bin später wieder zu Hause beim "infizierten Kerl"...Danke, dass Du Dich wieder mal gemeldet hast....

markusg 28.05.2011 16:01
bis nachher

taobonn 28.05.2011 17:36
Hier nun der ComboFix Log von gestern:

Combofix Logfile:
Code:
comboFix 11-05-26.05 - 27.05.2011  20:57:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3070.1768 [GMT 2:00]
ausgeführt von:: c:\users\Renu\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\Tmp\removesgp0.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\program files\SGPSA\ie3sh.exe
c:\users\Public\RemoveSGP0.exe
c:\windows\system32\midas.dll
c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-27 bis 2011-05-27  ))))))))))))))))))))))))))))))
.
.
2011-05-27 19:06 . 2011-05-27 19:06        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-27 18:51 . 2011-05-27 18:53        --------        d-----w-        C:\32788R22FWJFW
2011-05-27 18:10 . 2011-05-27 18:10        --------        d-----w-        c:\users\???k\AppData\Roaming\Malwarebytes
2011-05-27 18:10 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-27 18:10 . 2011-05-27 18:10        --------        d-----w-        c:\programdata\Malwarebytes
2011-05-27 18:10 . 2011-05-27 18:17        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-05-27 18:10 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-05-26 07:15 . 2011-05-27 18:56        5930        ----a-w-        c:\windows\system32\PerfStringBackup.TMP
2011-05-25 05:06 . 2011-05-09 20:46        6962000        ---ha-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{48483BB3-FBC2-4F44-A17D-A105B2D5CDE5}\mpengine.dll
2011-05-20 05:54 . 2011-05-20 05:54        --------        d--h--w-        c:\program files\iPod
2011-05-20 05:54 . 2011-05-20 05:55        --------        d--h--w-        c:\program files\iTunes
2011-05-20 05:52 . 2011-05-20 05:52        --------        d--h--w-        c:\program files\Bonjour
2011-05-19 18:59 . 2011-04-07 12:01        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-05-19 18:59 . 2011-03-03 15:40        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-05-19 18:59 . 2011-03-03 13:35        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-19 18:59 . 2011-03-12 21:55        876032        ----a-w-        c:\windows\system32\XpsPrint.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 14:20 . 2011-04-06 14:20        91424        ---ha-w-        c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20        107808        ---ha-w-        c:\windows\system32\dns-sd.exe
2011-03-20 16:52 . 2009-07-03 06:30        137656        ---ha-w-        c:\windows\system32\drivers\avipbb.sys
2011-03-10 17:03 . 2011-04-13 07:36        1162240        ----a-w-        c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-13 07:36        1136640        ----a-w-        c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-13 07:36        739328        ----a-w-        c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-05-19 18:59        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-05-19 18:59        458752        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-05-19 18:59        542720        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-05-19 18:59        2159616        ----a-w-        c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-13 07:36        2041856        ----a-w-        c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-13 07:36        86528        ----a-w-        c:\windows\system32\dnsrslvr.dll
2010-08-12 04:23 . 2010-05-25 07:06        119808        ---ha-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]
"HostManager"="c:\program files\Common Files\AOL\1203071659\ee\AOLSoftware.exe" [2006-09-26 50736]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-14 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2005-09-24 05:30        483328        ---ha-w-        c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
2005-04-06 15:53        856064        ---ha-w-        c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 10:48        58656        ---ha-w-        c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-12 04:23        30192        ---ha-w-        c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-26 23:22        421160        ---ha-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 15:11        565008        ---ha-w-        c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 15:15        2407184        ---ha-w-        c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57        153136        ---ha-w-        c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38        421888        ---ha-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11        25623336        ---ha-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-01-14 11:40        185896        ---ha-w-        c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 14:54        16896        ---ha-w-        c:\program files\GoogleEULA\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVBroadcast]
2007-08-07 23:12        797696        ---ha-w-        c:\program files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c990d41b794105;Google Update Service (gupdate1c990d41b794105);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 133104]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-12 30192]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-19 136360]
S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2007-08-16 1681408]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-08 1302368]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-14 09:32]
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 07:42]
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 07:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = ftp=www.tao-yoga.com:80
uInternet Settings,ProxyOverride = *.local
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube Download - c:\users\Renu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Renu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Renu\AppData\Roaming\Mozilla\Firefox\Profiles\qyskswfc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={DE5203E1-558B-5B65-C36D-C9C08CEED7EE}&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{08927369-e6ec-4aba-8ce4-7c0b8d6dd27b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:080015af
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{510f447a-ab22-4c32-81e2-6b20dd5e1306}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c0019db
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{6b4f5137-2c22-4e87-9132-4351d92a7fa2}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a001d92
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{748288bb-19a2-4dba-8eef-45748456f5c4}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001d92
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{98ee453e-f1d7-4391-b3eb-00ea2e43b577}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c0019db
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{bef5722d-b7ae-4c80-8407-c5b7dc5a3bf0}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e0015af
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{c9bb2be3-70d9-4c27-84b4-168378cda71e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d0015af
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{df36c9a0-1b13-4973-ae8f-5dac96bc2c39}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:11020054
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{f166168d-1e0f-4250-aa39-ff8ce1083467}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e0015af
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(11876)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\ZoneLabs\vsmon.exe
c:\windows\system32\brsvc01a.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Medion\MEDIONbox\Program\GCS.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-27  21:17:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-27 19:17
.
Vor Suchlauf: 1 Verzeichnis(se), 17.038.917.632 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 16.975.085.568 Bytes frei
.
- - End Of File - - 0E9F74BC124DC7B1BBD13C4DC851C802
--- --- ---

markusg 28.05.2011 18:13
lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar

taobonn 28.05.2011 18:52
unhide hat mein Startsystem nicht wieder sichtbar gemacht....

Bin ich den Trojaner jetzt eigenlich los oder reaktiviert der sich mit jedem Neustart? Muss ich noch etwas tun, um mich zu schützen?
Frage mich sowieso, wie der in mein System gekommen ist, da ich Firewall, Antivir und Windows im neusten Update habe...
Kann das nur beim surfen im Netz passieren?
Facebook? youtube?

markusg 28.05.2011 19:01
was meinst du mit du siehst dein start system nicht? desktop bild bitte manuell endern.firewalls bringen so gut wie nichts.
du hast doch auch andere programme, adobe flash etc, das muss alles aktuell sein. nicht nur windows.

taobonn 28.05.2011 19:12
Normalerweise sehe ich beim klich auf das Windows-Symbol unten rechts alle Programme mit denen ich gerade gearbeitet habe....

Nur wenn ich auf "alle Programme" klicke sehe ich sie und kann sie nutzen....
Es funktioniert aber es ist anders als vorher...
Im Explorer finde ich ganz viel Links, z.B. "Anwendungsdateien" oder "all users" wo dann ein Fenster aufgeht mit der Nachricht: kann nicht zugegriffen werden - zugriff verweigert.
Es wäre auch schön, wenn Du mir einfach kurz alle meine Fragen beantwortest.
Habe ich den Trojaner noch ja oder nein?

taobonn 28.05.2011 19:15
Was ist mit dem Programm Link auf meinem Desktop "Windows Vista Recovery" soll ich den einfach löschen?

markusg 30.05.2011 11:20
ja das wird wohl nicht mehr klappen, da dies in den temp ordner verschoben wurde und wir den gelöscht haben.
die verknüpfungen sind normal und waren schon immer da, nur versteckt.
die verknüpfungn löschen.

lade den CCleaner standard:
CCleaner - Standard
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

taobonn 30.05.2011 18:10
vielen Dank, dass Du Dich wieder gemeldet hast.
Nur schade, dass Du meine Fragen nicht wirklich beantwortest....

Hier die gewünschte Liste aus dem CC cleaner:

Free Studio version 4.9.13 DVDVideoSoft Limited. 05.11.2010 90,5MB notwendig
Google Desktop Google 12.08.2010 7,92MB 5.9.1005.12335 unnötig
Google Earth Google 19.09.2010 85,4MB 5.2.1.1588 notwendig
Google Toolbar for Internet Explorer Google Inc. 18.05.2011 12,0MB 7.0.1710.2246 notwendig
Google Updater Google Inc. 01.04.2009 3,59MB 2.4.1536.6592 unötig
I Ching V1.6 11.06.2008 1,05MB notwendig
IKEA Home Planner IKEA IT 06.08.2009 146,8MB 2.0.1 unnötig
iTunes Apple Inc. 19.05.2011 144,0MB 10.2.2.14 notwendig
Java(TM) 6 Update 4 Sun Microsystems, Inc. 13.01.2008 170,9MB 1.6.0.40 unbekannt, notwendig?
LetsTrade Komponenten 13.02.2008 19,6MB unbekannt
Logitech QuickCam Logitech Inc. 21.08.2008 26,3MB 11.80.1065 notwendig
Logitech QuickCam-Treiberpaket 21.08.2008 notwendig
Logitech Updater Ihr Firmenname 04.07.2009 1,30MB 1.70 notwendig
Macromedia Dreamweaver MX Macromedia 13.02.2008 120,9MB 6.0 notwendig
Macromedia Extension Manager Macromedia 13.02.2008 0,55MB 1.5 notwendig
MAGIX Fotos auf CD & DVD 3.0 MAGIX AG 21.02.2008 450,9MB unötig
MakeDisc CyberLink Corp. 13.02.2008 101,3MB 3.0.2203 unnötig
Malwarebytes' Anti-Malware Malwarebytes Corporation 26.05.2011 4,81MB immer noch notwendig?
MCE Software Encoder 1.1 CyberLink Corporation 13.02.2008 1,32MB 1.1.0.1918 unbekannt
MediaShow CyberLink Corporation 13.02.2008 33,1MB 3.0.4325 unbekannt
MEDION Fotos auf CD Sued MAGIX AG 13.01.2008 649,7MB 6.0.2.0 unnötig
MEDIONbox Medion 13.01.2008 27,0MB 1.09.0000.00050 unnötig
Microsoft .NET Framework 1.1 13.01.2008 unbekannt
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 21.08.2009 37,4MB unbekannt
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 04.07.2009 37,4MB unbekannt
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.06.2010 120,3MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 24.06.2010 24,5MB 4.0.30319 unbekannt
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 11.12.2007 114,6MB 12.0.6215.1000 notwendig
Microsoft Office Professional Edition 2003 Microsoft Corporation 13.02.2008 248,3MB 11.0.5614.0 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 13.01.2008 2,38MB 8.0.56336 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 02.07.2009 0,58MB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 27.03.2010 0,58MB 9.0.30729.4148 unbekannt
MobileMe Control Panel Apple Inc. 19.05.2011 12,0MB 3.1.6.0 notwendig
Mozilla Firefox (3.5.8) Mozilla 07.10.2010 27,4MB 3.5.8 (de) notwendig
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 12.12.2007 1,27MB 4.20.9848.0 unbekannt
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 08.01.2008 1,27MB 4.20.9849.0 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.11.2008 1,28MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,34MB 4.20.9876.0 unbekannt
Nero 8 Essentials Nero AG 13.01.2008 1.535,8MB 8.2.87 notwendig?
Nero 9 Nero AG 01.06.2010 1.215,8MB notwendig
NewsletterDesigner IN MEDIA KG 30.06.2010 9,71MB Aktuelle Version unnötig
NVIDIA Display Control Panel NVIDIA Corporation 05.10.2010 19,7MB 6.14.11.9745 notwendig
NVIDIA Drivers NVIDIA Corporation 05.10.2010 1.10.59.37 notwendig
PhotoNow! 1.0 CyberLink Corporation 13.02.2008 1,62MB 3.0.4310 unnötig
PowerDirector CyberLink Corp. 08.01.2008 232,8MB 6.5.2209a notwendig
PowerDVD CyberLink Corporation 13.02.2008 87,2MB 7.0.3118.0 notwendig
PowerProducer 13.02.2008 190,2MB notwendig
QuickTime Apple Inc. 24.12.2010 73,7MB 7.69.80.9 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 11.12.2007 15,6MB 6.0.1.5512 notwendig
Registry CleanUP 2007 1.5 S.A.D. GmbH - Ulm 13.02.2008 3,56MB 1.5 unbekannt
RTC Client API v1.2 Microsoft 14.02.2008 0,11MB 1.2.0000 unbekannt
Safari Apple Inc. 19.05.2011 41,3MB 5.33.21.1 notwendig
Sceneo AbsolutTV 13.02.2008 4,80MB unbekannt
Skype web features Skype Technologies S.A. 12.11.2009 5,05MB 1.0.3971 notwendig
Skype™ 4.1 Skype Technologies S.A. 12.11.2009 25,0MB 4.1.179 notwendig
Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 11.12.2007 67,5MB 8.1.0 notwendig
SuperMailer 5.51 28.02.2011 19,2MB notwendig
Total Commander (Remove or Repair) 02.01.2009 3,43MB notwendig
TVsweeper 3 Sonavis 13.01.2008 16,1MB 3.0.3 unbekannt
Ulead PhotoImpact 12 Ulead System 13.02.2008 389,2MB 12.0 unbekannt
Uninstall 1.0.0.1 05.11.2010 65,2MB unbekannt
Viewpoint Media Player 14.02.2008 7,30MB unbekannt
WinRAR archiver 14.03.2008 2,64MB unbekannt
X10 Hardware(TM) 13.02.2008 28,00KB unbekannt
Yahoo! Toolbar mit Pop-Up-Blocker 02.01.2009 1,02MB unnötig
ZoneAlarm Check Point, Inc 26.03.2008 10,6MB 7.1.254.000 notwendig

markusg 30.05.2011 18:12
fängt deine liste wirklich mit f an, da fehlt doch sicher was.
ich werd dir schon bescheid sagen wenn der pc sauber ist.

taobonn 30.05.2011 18:29
uuups,
sorry, da war ich unaufmerksam...

3ivx MPEG-4 5.0.3 (remove only) 3ivx Technologies, Pty. Ltd. 21.12.2009 1,95MB 5.0.3 unnötig
Acronis*TrueImage Acronis 18.11.2008 17,1MB notwendig
Adobe Audition 1.5 Adobe Systems 14.03.2008 39,7MB 1.5 notwendig
Adobe Creative Suite 2 15.02.2008 2.430,4MB notwendig
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 14.04.2011 10.2.153.1 notwendig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 15.01.2010 10.0.42.34 notwendig
Adobe PageMaker 7.0 Adobe Systems, Inc. 25.05.2008 174,2MB 7.0 notwendig
Adobe Reader 8.1.1 - Deutsch Adobe Systems Incorporated 11.12.2007 176,2MB 8.1.1 notwendig
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 17.08.2010 11.5.7.609 notwendig
Adobe SVG Viewer 3.0 Adobe Systems, Inc. 15.02.2008 4,32MB 3.0 notwendig
AOL Deinstallation 14.02.2008 notwendig
AOL Installations-Manager AOL Deutschland 14.02.2008 69,2MB 3.0.0.7 notwendig
Apple Application Support Apple Inc. 19.05.2011 51,0MB 1.5.1 notwendig
Apple Mobile Device Support Apple Inc. 03.03.2011 21,8MB 3.4.0.25 notwendig
Apple Software Update Apple Inc. 25.12.2009 2,16MB 2.1.1.116 notwendig
Avira AntiVir Personal - Free Antivirus Avira GmbH 18.05.2011 143,8MB 10.0.0.648 notwendig
Bonjour Apple Inc. 19.05.2011 0,77MB 2.0.5.0 notwendig
Brother HL-5150D 30.06.2009 4,54MB notwendig
CCleaner Piriform 11.06.2010 3,50MB 2.32 notwendig
Color LaserJet 2600n 27.11.2008 1,68MB notwendig
Compatibility Pack für 2007 Office System Microsoft Corporation 11.12.2007 135,9MB 12.0.6215.1000 notwendig
Firebird SQL Server - MAGIX Edition MAGIX AG 13.01.2008 6,57MB 2.0.1.8 notwendig
FlipShare Flip Video 13.06.2010 226,2MB 5.6.35.0 notwendig
Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8 Xillvideo Software, Inc. 26.08.2010 5,30MB notwendig
Free Studio version 4.9.13 DVDVideoSoft Limited. 05.11.2010 90,5MB notwendig

markusg 30.05.2011 18:36
wenn das mit dem startmenü so stört, ist mir grad aufgefallen, du hast doch true image, hast du kein aktuelles system image? dann währen alle probleme gelöst.

taobonn 30.05.2011 19:54
leider nicht....:stirn:

markusg 30.05.2011 19:56
wofür hast dus dann drauf? sind denn programme unter alle programme zu finden?

taobonn 31.05.2011 09:32
gute Frage....bin einfach noch nicht dazu gekommen es zu benutzen...

anyway, wenn ich unter "alle Programme" klicke sind auch alle da...
nur das Fenster darüber bleibt nach wie vor leer....
kann ich aber mit leben, wenn Du mir sagst, dass der Trojaner wirklich weg ist....

markusg 31.05.2011 09:55
wir bearbeiten erst mal die programm liste, machen updates etc und dann sind wir bald durch.
deinstaliere:
3ivx

Adobe Reader 9
Adobe - Adobe Reader herunterladen - Alle Versionen
ohne mc affe instalieren (haken weg)
öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus,
internet, ebenfalls alle haken raus.
so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden.
unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken.
unter update, auf instalieren stellen.
klicke übernehmen /ok

deinstaliere.
Google Desktop
Google Toolbar toolbarws sind ein sicherheitsrisiko, weg damit.
IKEA
Java(TM) 6 Update 4
Java SE Downloads
klicke hier auf download jre.
deinstaliere:
LetsTrade
MAGIX
MakeDisc
MEDION beide
Mozilla Firefox öffnen hilfe update, version 4 instalieren
Nero 8
NewsletterDesigner
PhotoNow
Registry CleanUP
Sceneo
Skype™ 4.1 öffnen update, version 5.x ist aktuell

Spelling Dictionaries
Ulead
Viewpoint
Yahoo! Toolbar

bereinige mit dem ccleaner.

taobonn 14.06.2011 17:38
Hallo Markus,
Ich bin von meiner Fortbildung zurück. Was muss ich noch machen, um den Rechner zu reinigen?
Grüsse

markusg 14.06.2011 17:39
schon die programme deinstaliert? noch probleme festgestellt?

taobonn 15.06.2011 10:52
Ja, alle benannten Programme wurden von mir deinstalliert.
Unter "Programme" kann ich immer noch nicht alle Programme aufrufen (Ordner leer). Im Explorer finde ich sie dann, ist aber lästig, das hin und her....

taobonn 15.06.2011 10:53
PS: Wie finde ich Deine Antworten schneller? Gestern abend habe ich abgestellt, weil ich nichts gefunden habe....

markusg 15.06.2011 11:07
du kannst im kontroll zentrum ne bemail benachichtigung einstellen.
naja das mit den programmen können wir nur so lösen das du über senden an, startmenü auswählst

taobonn 15.06.2011 12:46
mit "Senden an" kann ich nur einen Link auf dem Desktop erstellen - aber nicht ins Startmenü....

markusg 15.06.2011 12:57
hmm, wenn dich das so stört, müssn wir das system halt neu machen und dann richtig absichern. damit so was in zukunft nicht mehr passiert

taobonn 15.06.2011 13:55
Was meinst Du damit, System neu machen + absichern?
Heisst das, mein System ist jetzt nicht sicher?

markusg 15.06.2011 14:21
naja, dein system ist ja jetzt umständlich zu bedienen. das könnte man mit neu aufsetzen (heißt formatieren nach datensicherung) endern.
dann kann man, einige sicherheitsmaßnamen treffen, die eine neu infektion verhindern
dein system ist im moment noch nicht optimal geschützt.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:18 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131