Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner / Virus - alles unsichtbar / System32.... (https://www.trojaner-board.de/107018-trojaner-virus-alles-unsichtbar-system32.html)

CDD 27.12.2011 21:02
Trojaner / Virus - alles unsichtbar / System32....
 
Hallo zusammen,
leider schein ich mir auch einen Trojaner / Virus eingefangen zuhaben. Ich hab mal ein bissl hier gesucht und mir ein paar Sachen schon zusammen gesucht.
Hier der Log aus Malwarebytes (alles entfernt) - OTL folgt gleich noch:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122704

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19170

27.12.2011 20:50:17
mbam-log-2011-12-27 (20-50-17).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 193248
Laufzeit: 5 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\bfprwugkavye.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\programdata\igymfmcgiwi4b3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\christina\AppData\Local\Temp\jx5rrmeu1mzrmr.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\christina\AppData\Local\Temp\ptuca33_tmp.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Users\christina\downloads\setupcasino_a8d506.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Users\christina\AppData\Local\Temp\kna0.502980295355559.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.

CDD 27.12.2011 21:19
so hier die Files von OTL:

OTL:
Code:
OTL logfile created on: 27.12.2011 21:09:55 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Christina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 82,84% Memory free
6,13 Gb Paging File | 5,82 Gb Available in Paging File | 94,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 3,17 Gb Free Space | 2,23% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 1,01 Gb Free Space | 0,70% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: Chrissi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_b427739.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (yksvc) -- C:\Windows\System32\ykx32mpcoinst.dll (Marvell)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (accvssvc) -- C:\Programme\Common Files\AccSys\accvssvc.exe (AccSys GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (StMp3Rec) -- C:\Windows\System32\drivers\StMp3Rec.sys (Generic)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.o2online.de/goto/isphome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mytalkpal.com/ffplugin: C:\Program Files\Talkpal\Speech Plugin For EF\npTalkpalPlugin.dll (Shanghai Qitai Tech. Co., Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.09.15 20:32:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.01 11:05:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.21 18:48:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.12.26 16:01:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrissi\AppData\Roaming\mozilla\Extensions
[2011.12.26 16:01:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrissi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.01.01 21:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrissi\AppData\Roaming\mozilla\Firefox\Profiles\bitgvtw5.default\extensions
[2010.01.01 21:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrissi\AppData\Roaming\mozilla\Firefox\Profiles\bitgvtw5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.01 21:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chrissi\AppData\Roaming\mozilla\Firefox\Profiles\bitgvtw5.default\extensions\staged-xpis
[2011.10.01 11:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.01 11:05:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009.09.17 21:38:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.08.24 20:25:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 20:25:19 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009.08.24 20:25:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.08.24 20:25:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.08.24 20:25:19 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mspd] C:\Windows\System32\mspd.exe ()
O4 - HKLM..\Run: [PhilipsDM] C:\Program Files\Philips\Philips Device Manager\Bin\LaunchDM.exe (Koninklijke Philips Electronics N.V.)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DSLCoMan] C:\Program Files\DSL Connection Manager\DSLCoMan.exe (AccSys GmbH)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA461604-7E20-4A02-9B2F-2543D0962C35}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1a285ffc-56f4-11de-bfbf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1a285ffc-56f4-11de-bfbf-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{1a285ffc-56f4-11de-bfbf-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{1a285ffc-56f4-11de-bfbf-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.27 20:42:31 | 000,000,000 | ---D | C] -- C:\Users\Chrissi\AppData\Roaming\Malwarebytes
[2011.12.27 20:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.27 20:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.27 20:42:16 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.27 20:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.26 15:55:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch
[2011.12.21 22:36:57 | 000,000,000 | -H-D | C] -- C:\HP und die Heiligtümer der Todes 1+2
[2011.12.21 22:34:11 | 000,000,000 | -H-D | C] -- C:\Der letzte Tempelritter
[2011.12.14 23:39:27 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwhnt.sys
[2011.12.14 23:39:27 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwh.sys
[2011.12.14 23:39:26 | 000,136,808 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdm.sys
[2011.12.14 23:39:25 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadbus.sys
[2011.12.14 23:39:25 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdfl.sys
[2011.12.14 23:39:25 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcmnt.sys
[2011.12.14 23:39:25 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcm.sys
[2011.12.14 22:54:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32
[2011.12.14 22:49:13 | 000,000,000 | ---D | C] -- C:\Users\Chrissi\AppData\Local\Samsung
[2011.12.14 22:48:12 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2011.12.14 22:47:54 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2011.12.14 22:47:54 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DIFxAPI.dll
[2011.12.14 22:47:54 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2011.12.14 22:45:00 | 000,000,000 | ---D | C] -- C:\Users\Chrissi\AppData\Local\Downloaded Installations
[2011.12.14 22:39:22 | 000,000,000 | ---D | C] -- C:\Users\Chrissi\Documents\Samsung
[2011.12.14 22:32:30 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.14 22:32:29 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 22:32:28 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 22:32:27 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 22:32:23 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 22:32:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.14 22:32:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.14 22:32:12 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.14 22:32:09 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.14 22:32:09 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.12.14 22:32:09 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.14 22:32:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.14 22:32:08 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.12.14 22:32:08 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.12.14 22:32:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.12.14 22:32:08 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.12.14 22:32:08 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.14 22:32:08 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.12.14 22:32:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.12.14 22:32:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.12.14 22:32:08 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.12.14 22:32:08 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.12.14 22:32:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.12.14 22:32:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.12.14 21:22:58 | 000,217,088 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2011.12.14 21:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2011.12.14 21:18:50 | 000,000,000 | ---D | C] -- C:\Users\Chrissi\AppData\Roaming\Samsung
[2011.12.14 21:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2011.12.14 21:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Samsung
[2011.12.02 19:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2011.12.02 19:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2010.01.13 22:04:53 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chrissi\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.27 21:06:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.27 20:42:19 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.26 16:04:13 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 16:04:12 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 16:04:12 | 000,001,940 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.26 15:51:54 | 000,000,320 | -H-- | M] () -- C:\ProgramData\~igYMfmcGIwi4b3
[2011.12.26 15:51:54 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~igYMfmcGIwi4b3r
[2011.12.26 15:33:16 | 000,000,336 | -H-- | M] () -- C:\ProgramData\igYMfmcGIwi4b3
[2011.12.26 15:03:44 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{40DE1D83-A5EF-45FE-9755-2F63FE0CB9B1}.job
[2011.12.22 07:37:49 | 000,732,360 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.22 07:37:49 | 000,681,916 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.22 07:37:49 | 000,170,568 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.22 07:37:49 | 000,138,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.15 07:54:15 | 000,367,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.14 22:48:49 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.12.14 21:16:34 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2011.12.09 19:37:09 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.02 19:45:18 | 000,000,792 | ---- | M] () -- C:\Users\Chrissi\Desktop\DVD Shrink 3.2.lnk
 
========== Files Created - No Company Name ==========
 
[2011.12.27 20:42:19 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.26 15:33:41 | 000,000,320 | -H-- | C] () -- C:\ProgramData\~igYMfmcGIwi4b3
[2011.12.26 15:33:41 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~igYMfmcGIwi4b3r
[2011.12.26 15:33:16 | 000,000,336 | -H-- | C] () -- C:\ProgramData\igYMfmcGIwi4b3
[2011.12.14 22:48:49 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.12.14 21:22:58 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.12.14 21:22:58 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.12.14 21:16:34 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2011.12.02 19:45:18 | 000,000,792 | ---- | C] () -- C:\Users\Chrissi\Desktop\DVD Shrink 3.2.lnk
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.12 16:58:16 | 000,055,351 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.09.23 13:23:44 | 000,001,080 | ---- | C] () -- C:\Windows\System32\NORInfo.ini
[2010.09.23 13:23:44 | 000,000,084 | ---- | C] () -- C:\Windows\System32\USBInfo.ini
[2010.05.30 21:54:03 | 000,158,638 | ---- | C] () -- C:\Windows\hpoins15.dat
[2010.05.30 21:54:03 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat
[2010.04.27 20:25:01 | 000,005,632 | ---- | C] () -- C:\Users\Chrissi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.14 20:23:20 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.01.13 22:04:53 | 000,087,608 | ---- | C] () -- C:\Users\Chrissi\AppData\Roaming\inst.exe
[2010.01.13 22:04:53 | 000,007,887 | ---- | C] () -- C:\Users\Chrissi\AppData\Roaming\pcouffin.cat
[2010.01.13 22:04:53 | 000,001,144 | ---- | C] () -- C:\Users\Chrissi\AppData\Roaming\pcouffin.inf
[2010.01.01 21:46:53 | 000,000,095 | ---- | C] () -- C:\Users\Chrissi\AppData\Local\fusioncache.dat
[2009.10.09 19:54:00 | 000,389,632 | -H-- | C] () -- C:\Windows\System32\mspd.exe
[2009.09.30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nsldap32v60.dll
[2009.09.25 17:10:35 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2009.09.20 17:18:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.20 17:18:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.16 17:19:55 | 001,868,944 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2009.09.16 17:02:58 | 000,069,760 | ---- | C] () -- C:\Users\Chrissi\AppData\Roaming\mdbu.bin
[2009.09.15 20:32:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.09.15 20:14:55 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.06.12 18:42:24 | 000,001,940 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.06.12 04:08:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.06.12 04:05:00 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2009.06.12 03:28:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.06.12 02:58:24 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.06.12 02:58:24 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.06.12 02:53:10 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe
[2009.06.12 02:51:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2009.06.12 02:51:49 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2009.06.12 02:51:34 | 000,003,990 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009.06.11 12:15:20 | 000,732,360 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.06.11 12:15:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.06.11 12:15:20 | 000,170,568 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.06.11 12:15:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.06.11 12:07:03 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.06.11 12:06:50 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.04.23 14:04:54 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.02.18 12:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.03 15:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.10.30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\System32\nsldapssl32v60.dll
[2008.10.30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\System32\nsldappr32v60.dll
[2008.09.11 15:45:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\BtwNamespaceExt2.dll
[2008.02.09 17:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2007.04.16 02:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2007.02.26 08:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\imagine digital freedom.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,367,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,681,916 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,138,294 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2011.10.24 21:50:22 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\DVDVideoSoft
[2011.01.12 11:46:05 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\ICQ
[2010.09.22 19:11:33 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Philips Device Manager
[2009.10.09 21:40:16 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\ProtectDisc
[2011.12.14 22:46:00 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Samsung
[2011.12.26 16:01:52 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Thunderbird
[2011.09.08 18:08:42 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Vso
[2011.12.26 16:04:13 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.26 15:03:44 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{40DE1D83-A5EF-45FE-9755-2F63FE0CB9B1}.job
 
========== Purity Check ==========
 
 

< End of report >
[/B]
Und hier der OTL - Extras Log:
Code:
OTL Extras logfile created on: 27.12.2011 21:09:55 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Christina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 82,84% Memory free
6,13 Gb Paging File | 5,82 Gb Available in Paging File | 94,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 3,17 Gb Free Space | 2,23% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 1,01 Gb Free Space | 0,70% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: Chrissi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2BE5DDE6-3222-4B3E-A4DA-190A2B2F5F37}" = rport=137 | protocol=17 | dir=out | app=system |
"{38D7F6D3-2F0C-4506-AE75-BD6896EEC83E}" = rport=445 | protocol=6 | dir=out | app=system |
"{50204B2F-829B-4B87-85D4-F6B929E93A5A}" = rport=138 | protocol=17 | dir=out | app=system |
"{563F8A80-33DF-4780-80D3-4B3480EFC789}" = rport=139 | protocol=6 | dir=out | app=system |
"{5CE5C468-9641-44D5-804A-040A4B76BD9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{626EEAB6-CD02-4048-8DD1-E6ED902B0E73}" = lport=139 | protocol=6 | dir=in | app=system |
"{6E79A02B-EC88-417B-966D-EC0933A3CC93}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{81780412-7DC7-4E6A-9EE1-21BA93666696}" = lport=445 | protocol=6 | dir=in | app=system |
"{97DEF3C7-7D38-475A-8120-AD15D9090E00}" = lport=138 | protocol=17 | dir=in | app=system |
"{ACBDDD68-2BDD-4188-BADF-A346EEC7F01C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E844359D-952C-4E27-8EB3-1896CE835E37}" = lport=137 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08D4BFA5-352C-4DD6-AC1F-035A35101279}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{10CC88AB-E478-4025-A4E8-982212F18133}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{168006B7-EAB3-4E02-9244-50CC88912498}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{1F0A838E-B539-4D63-AB77-C0F01E508CDE}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{2D2F5C29-9B82-4540-834C-59FD9E2CAB28}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{46CFAE52-71F8-401A-AE15-024145FD01D0}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{5DBF7A14-C9A5-4660-95AA-4BCB8105EF65}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe |
"{65BDDA06-C361-4C73-8A2C-9E3CD8F821AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7154374E-4021-40E4-BD4C-FDD63BAE8888}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{762CD30F-C142-4DDA-B1F8-DC9DE5FE6125}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{8071697D-4D42-4465-BE64-9603B011952A}" = protocol=6 | dir=in | app=c:\users\christina\appdata\local\akamai\netsession_win.exe |
"{9018F952-71B5-44FB-9380-847382A84550}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{AFA4B85E-D2D0-4BF9-931B-5471B3549824}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B87A60B6-B488-4C69-A543-6D46219C35D9}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B8C49885-5C0C-4AE6-9F5B-FB88078BEA24}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BFFCD393-DAF0-4589-90D8-E1AD3A39D51B}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{C27C0178-6FDA-4981-88D4-1DAA3DA406BD}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{C8F6B0F7-0066-4515-9778-29563F34290F}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe |
"{CA96D21F-7E1B-4A8A-9EEB-C5D8D71DE6E1}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{DEE3AD84-FB4D-4F70-AF1C-736535ED42CE}" = protocol=17 | dir=in | app=c:\users\christina\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C1718CF1-BB8A-45BD-AAE1-703518AF305D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{DEE8139B-1D5B-4B9C-99F7-3E14BFF85119}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.5200
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0819B21B-E958-438C-B06C-5A54C98833E9}" = DSL Connection Manager
"{0B3B35C8-5429-4A90-A447-D1B9ED499FE8}" = STEUEReasy 2011
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13D4E8DC-133D-01D1-5B39-1CA0A04A1BAC}" = CCC Help Swedish
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1B74B7FE-F48C-C53A-3DF0-DD645D7C7A98}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2B746817-AE32-1B48-FEBF-8C58EA7CC90D}" = Catalyst Control Center Graphics Light
"{2EABCBCF-BA96-B14E-E599-E5C3B09F199C}" = CCC Help Chinese Standard
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}" = Philips Device Manager
"{39C8DC90-E6D7-102D-45CC-168375A1E1B4}" = Skins
"{3AB5DD1D-CCE2-B414-DF30-EA8B06765DDA}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{47788A72-C22E-93C9-C39F-CD4611F6908B}" = CCC Help Portuguese
"{478AC85C-4005-A432-B226-A5F162CC44CA}" = CCC Help Dutch
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52F791A0-65BC-F6FE-51F4-F4D842046470}" = CCC Help Polish
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5B869C20-69B9-23A1-E26D-F7FE65DC8A5F}" = CCC Help Norwegian
"{5DB307AA-342B-6559-0ABC-66CFF8A0718D}" = ATI Catalyst Install Manager
"{5F6CFC97-FDC7-7508-3F69-9D0A124F90F9}" = CCC Help Korean
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{65f8d71c-5a33-42fd-b68e-592166f64a33}" = Nero 9 Trial
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting
"{6909B21A-53E1-8E2C-48A5-EF51150511A2}" = CCC Help German
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1F72DD-2465-43A2-A137-8A849399B7A8}" = REALTEK Wireless LAN Software
"{6BD427C0-7280-5FEA-DC20-49A1F6B79E99}" = CCC Help Hungarian
"{6BD56B1C-71E3-411E-8B45-8A73EE81C42F}" = DSL Connection Manager
"{6ED6001C-E210-F43C-6B3D-4868D9623958}" = CCC Help Russian
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}" = Media Converter for Philips
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE01AB5-FA68-A244-5C21-FD7E6108A3E9}" = Catalyst Control Center Core Implementation
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93D7CF9C-D5ED-94BE-A8DF-2F1B137E76F6}" = CCC Help Spanish
"{9582ED80-CB4D-4350-BBB9-34CDBA20EED0}" = Steuer-Taxi 2010
"{95906FF5-1334-EE12-3A20-1436232CDBD8}" = Catalyst Control Center Graphics Previews Vista
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9EBAA305-5440-458D-CC44-5C1F63BAD0D3}" = CCC Help Italian
"{9FD62A56-525D-AF10-E1A6-DED280796F87}" = Catalyst Control Center InstallProxy
"{A12D7348-8355-897B-27D2-5E7B77E2159F}" = CCC Help Thai
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AB1E3BDA-49AF-8BA1-5B07-F62DE4406186}" = Catalyst Control Center Graphics Full Existing
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B35E35FE-6765-E26C-CE2D-051980D7884F}" = CCC Help Japanese
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD66A5BE-2005-C284-27CB-5E14E55CE33D}" = CCC Help Czech
"{BDC9AC5A-7AD9-44E3-9B7D-2B14B1E5C418}" = StarMoney 8.0
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C1180B72-5B5A-0369-9818-7DAE5B66F569}" = CCC Help Danish
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C9563A70-8FB7-56D2-7EF2-FE118FB0498D}" = CCC Help Finnish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEAAF141-289E-4E28-85CF-4C07C9FAA3D8}" = SteuerSoftware2009
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2777D85-7E63-402F-A5E7-2AF436C1C9D4}" = Intel(R) PROSet/Wireless WiFi-Software
"{D5678F71-569F-CC39-4021-C7BA85FDBB59}" = Catalyst Control Center Graphics Full New
"{d5d239df-520d-4aa6-8faf-2ccb8edb0087}" = Nero 9
"{D7F4DAAB-601C-3666-F6EC-146286677E51}" = CCC Help English
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E358634B-F124-46FD-8618-C00D0E92B0D3}" = BMWi-Softwarepaket 9.3
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EDABA012-4D89-1F0B-D1AF-64AEBAE7E555}" = ccc-utility
"{EEC5221E-3227-50CF-9F68-20099F922232}" = CCC Help Chinese Traditional
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F12E1200-A966-531D-1728-89B01265455F}" = CCC Help Greek
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F7A5C2BD-DCBC-E537-24A3-FC3175278AE4}" = Catalyst Control Center Localization All
"{FA91548A-169B-2589-951F-E6BCEEC01B50}" = ccc-core-static
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FEC19789-7756-17C3-765B-C532E09322D7}" = Catalyst Control Center InstallProxy
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"dm Digi Foto" = dm Digi Foto
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVD Shrink_is1" = DVD Shrink 3.2
"EF Englishtown Advanced Speech Recognition_is1" = EF Englishtown Advanced Speech Recognition Version 4.3.0.0
"FKC22153088_is1" = fotokasten comfort
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.22.804
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.3.908
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hospital" = Theme Hospital
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"Jumpin’ Jack" = Jumpin’ Jack
"Magic DVD Copier_is1" = Magic DVD Copier Version 5.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mediscript-CD GK1" = Mediscript-CD GK1
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"MPEG2 Video Encoder_is1" = DATA BECKER MPEG2 Video Encoder
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Video-Stream-Recorder_is1" = DATA BECKER Video-Stream-Recorder
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.06.2011 13:13:54 | Computer Name = Home | Source = Windows Search Service | ID = 3013
Description =
 
Error - 15.06.2011 01:08:14 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 15.06.2011 01:08:14 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 15.06.2011 01:09:26 | Computer Name = Home | Source = WinMgmt | ID = 10
Description =
 
Error - 15.06.2011 13:19:46 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 15.06.2011 13:19:46 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 15.06.2011 13:21:04 | Computer Name = Home | Source = WinMgmt | ID = 10
Description =
 
Error - 16.06.2011 02:20:56 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 16.06.2011 02:20:56 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 16.06.2011 02:22:10 | Computer Name = Home | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 20.12.2010 10:36:31 | Computer Name = Home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 522 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 27.12.2011 15:30:56 | Computer Name = Home | Source = DCOM | ID = 10005
Description =
 
Error - 27.12.2011 15:31:03 | Computer Name = Home | Source = DCOM | ID = 10005
Description =
 
Error - 27.12.2011 15:31:43 | Computer Name = Home | Source = Service Control Manager | ID = 7001
Description =
 
Error - 27.12.2011 15:31:43 | Computer Name = Home | Source = Service Control Manager | ID = 7026
Description =
 
Error - 27.12.2011 15:50:29 | Computer Name = Home | Source = DCOM | ID = 10005
Description =
 
Error - 27.12.2011 16:06:55 | Computer Name = Home | Source = DCOM | ID = 10005
Description =
 
Error - 27.12.2011 16:07:02 | Computer Name = Home | Source = DCOM | ID = 10005
Description =
 
Error - 27.12.2011 16:07:10 | Computer Name = Home | Source = DCOM | ID = 10005
Description =
 
Error - 27.12.2011 16:07:42 | Computer Name = Home | Source = Service Control Manager | ID = 7001
Description =
 
Error - 27.12.2011 16:07:42 | Computer Name = Home | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >

Wäre über Hilfe sehr dankbar.... DANKE!

cosinus 10.01.2012 10:39
Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
Bitte Malwarebytes auf Version 1.6.x hochziehen. Anschließend die Datenbank aktualisieren.
Wiederhole dann den Vollscan.

CDD 10.01.2012 20:41
Hier nochmal mit der neuen Version die Logdatei. Nun auch nochmal OTL durchführen?

Zitat:
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Christina :: HOME [limited]

Protection: Disabled

10.01.2012 20:33:23
mbam-log-2012-01-10 (20-33-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 160384
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus 10.01.2012 21:32
Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

Zitat:
Christina :: HOME [limited]
Und Malwarebytes ohne Adminrechte ist ziemlich sinnfrei! Wie brauchen für jedes Tool Adminrechte!

CDD 11.01.2012 22:26
So ich hoffe jetzt passt alles.... Seltsamerweise findet Malwarebytes keine infizierten Dateien, Aviara zeigt mir aber immer Malware an während Malwarebtes läuft, aber bei jedem Lauf andere....

Zitat:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.11.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Chrissi :: HOME [Administrator]

Schutz: Aktiviert

11.01.2012 19:07:10
mbam-log-2012-01-11 (19-07-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 373844
Laufzeit: 2 Stunde(n), 20 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 12.01.2012 16:53
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Alle Zeitangaben in WEZ +1. Es ist jetzt 01:35 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129