|
Your Protection entfernen, klappt nicht ganz! HAllo, bin neu hier und hab mir mal durchgelesen wie ich Your Protection wieder entfernen kann. Habe nach der Anleitung alles gemacht nur beim vollstaändigen Scannen des Pc`s bleibt der Scanner immer hängen und ich merke auch das Your Protection noch drauf ist weil der PC anzeigt das Sicherheitscenter wäre aus aber ich bekomme es nicht an. Was kann ich noch tun? Danke schonmal im vorraus. Gruß Scheider |
Hallo und :hallo: Dann poste mal OTL Logfiles: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
|
OTL logfile created on: 12.04.2010 11:53:34 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Scheid\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,31 Gb Total Space | 126,17 Gb Free Space | 64,60% Space Free | Partition Type: NTFS Drive D: | 93,78 Gb Total Space | 93,67 Gb Free Space | 99,89% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PRIVAT Current User Name: Scheid Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\franz.exe (Malwarebytes Corporation) PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\MAGIX\PC_Check_Tuning_2010\MxTray.exe () PRC - C:\Programme\Norman\Nse\Bin\Nsesvc.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA) PRC - C:\Programme\Norman\Npc\Bin\nuaa.exe (Norman ASA) PRC - C:\Programme\Norman\Npc\Bin\npcsvc32.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\nvoy.exe (Norman ASA) PRC - C:\Programme\Norman\ngs\bin\nprosec.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA) PRC - C:\Programme\Norman\nvc\bin\Nvcoas.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\Njeeves.exe (Norman ASA) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NVCScheduler) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (nsesvc) -- C:\Program Files\Norman\Nse\bin\NSESVC.EXE (Norman ASA) SRV - (Scheduler) -- C:\Program Files\Norman\Npm\Bin\scheduler.exe (Norman ASA) SRV - (NUAA) -- C:\Program Files\Norman\npc\bin\nuaa.exe (Norman ASA) SRV - (NPC) -- C:\Program Files\Norman\npc\bin\npcsvc32.exe (Norman ASA) SRV - (NVOY) -- C:\Program Files\Norman\npm\bin\nvoy.exe (Norman ASA) SRV - (NPROSECSVC) -- C:\Program Files\Norman\Ngs\Bin\Nprosec.exe (Norman ASA) SRV - (eLoggerSvc6) -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe (Norman ASA) SRV - (Norman ZANDA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe (Norman ASA) SRV - (nvcoas) -- C:\Program Files\Norman\Nvc\bin\nvcoas.exe (Norman ASA) SRV - (Norman NJeeves) -- C:\Program Files\Norman\Npm\bin\NJEEVES.EXE (Norman ASA) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (OsdService) -- C:\Programme\C&E\OSD\OsdService\OsdService.exe () SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (cpuz132) -- File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (Ndiskio) -- C:\Programme\Norman\Nse\Bin\Ndiskio.sys (Norman ASA) DRV - (NvcMFlt) -- C:\Windows\System32\drivers\nvcv32mf.sys (Norman ASA) DRV - (NPROSEC) -- C:\Programme\Norman\ngs\bin\nprosec.sys (Norman ASA) DRV - (NGS) -- c:\Programme\Norman\ngs\bin\ngs.sys (Norman ASA) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation) DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation) DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation) DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation) DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation) DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation) DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation) DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.) DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (DiskSec) -- C:\Windows\System32\drivers\disksec.sys (MAGIX) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Corporation) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (CEBFilter) -- C:\Programme\C&E\OSD\OsdService\cebuffer.sys (Windows (R) Codename Longhorn DDK provider) DRV - (CEIO) -- C:\Programme\C&E\OSD\OsdService\ceio.sys (Windows (R) Codename Longhorn DDK provider) DRV - (cKBFilter) -- C:\Programme\C&E\OSD\OsdService\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider) DRV - (SCR3xx USB Smart Card Reader) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (STC2DFU) -- C:\Windows\System32\drivers\Stc2Dfu.sys (SCM Microsystems Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = go.gmx.net/homehxxp://www.gmx.net/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.gmx.net IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 92 4B A1 4B 7B CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "GMX Suche" FF - prefs.js..browser.search.order.1: "GMX Suche" FF - prefs.js..browser.search.order.2: "WEB.DE Suche" FF - prefs.js..browser.search.order.3: "1und1 Suche" FF - prefs.js..browser.search.order.4: "amazon.de" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.gmx.net" FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/suchbox/gmxsuche?su=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.06 14:42:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.09 16:06:59 | 000,000,000 | ---D | M] [2010.01.20 15:26:47 | 000,000,000 | ---D | M] -- C:\Users\Scheid\AppData\Roaming\mozilla\Extensions [2010.04.12 10:27:41 | 000,000,000 | ---D | M] -- C:\Users\Scheid\AppData\Roaming\mozilla\Firefox\Profiles\9tar9nvm.default\extensions [2010.01.20 15:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Scheid\AppData\Roaming\mozilla\Firefox\Profiles\9tar9nvm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.02.09 10:13:43 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Scheid\AppData\Roaming\mozilla\Firefox\Profiles\9tar9nvm.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.02.09 11:45:21 | 000,000,000 | ---D | M] (GMX Firefox Addon) -- C:\Users\Scheid\AppData\Roaming\mozilla\Firefox\Profiles\9tar9nvm.default\extensions\{C473DC2B-895F-4E11-B8BF-FF28DFD62829} [2010.02.12 13:09:13 | 000,005,591 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\9tar9nvm.default\searchplugins\1und1-suche.xml [2010.02.12 13:09:13 | 000,001,371 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\9tar9nvm.default\searchplugins\amazonde.xml [2010.02.12 13:09:13 | 000,010,605 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\9tar9nvm.default\searchplugins\gmx-suche.xml [2010.02.12 13:09:13 | 000,005,588 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\9tar9nvm.default\searchplugins\webde-suche.xml [2010.02.16 17:05:20 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.02.09 10:13:23 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.02.09 10:13:23 | 000,000,000 | ---D | M] (GMX Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{C473DC2B-895F-4E11-B8BF-FF28DFD62829} [2009.12.22 05:57:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.12.22 05:57:54 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.12.22 05:57:54 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.12.22 05:57:54 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.12.22 05:57:54 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{70dcab92-ebe7-11de-991d-00030d987e70}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.12 11:52:20 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Scheid\Desktop\OTL.exe [2010.04.12 11:40:26 | 121,175,904 | ---- | C] (AVG Technologies) -- C:\Users\Scheid\Desktop\avg_ipw_stf_all_90_800a2779.exe [2010.04.12 09:48:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.12 09:48:07 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.12 09:46:25 | 000,217,032 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2010.04.12 09:46:25 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2010.04.12 09:46:20 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2010.04.12 09:46:15 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Doctor [2010.04.12 09:46:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\PC Tools [2010.04.12 09:46:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools [2010.04.12 09:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010.04.12 09:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.04.12 09:27:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.04.12 09:26:57 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.04.12 09:26:57 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.04.12 09:26:57 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.04.12 09:26:57 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.04.12 09:26:53 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.04.12 09:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.04.12 09:24:43 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.04.09 16:06:49 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2010.04.09 09:07:17 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.04.09 09:07:15 | 000,000,000 | ---D | C] -- C:\rsit [2010.04.08 16:03:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2010.04.08 16:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.08 15:57:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.08 15:45:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.04.08 15:44:36 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2010.04.08 15:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.04.08 14:58:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live [2010.04.08 14:52:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.04.08 14:49:55 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Your Protection [2010.04.08 09:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate [2010.04.08 09:58:16 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\docXConverter logs [2010.04.06 10:58:20 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\KK Verträge [2010.04.06 09:11:14 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010.04.01 08:59:54 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.04.01 08:59:54 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.04.01 08:59:54 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.04.01 08:59:54 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.04.01 08:59:53 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.04.01 08:59:53 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.04.01 08:59:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.04.01 08:59:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.04.01 08:59:53 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.04.01 08:59:53 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.04.01 08:59:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.04.01 08:59:53 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.04.01 08:59:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.04.01 08:59:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.04.01 08:59:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.03.30 09:36:47 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Meisterbafög [2010.03.29 17:50:20 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Sanikonzept [2010.03.26 18:56:18 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\DVDVideoSoft [2010.03.26 18:56:06 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2010.03.26 18:56:06 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft [2010.03.26 13:09:00 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Wochenspiegel [2010.03.23 11:05:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Nero [2010.03.17 15:29:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\S2 [2010.03.17 15:29:45 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\S2 [2010.03.17 15:25:55 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll [2010.03.17 15:25:54 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll [2010.03.17 15:25:54 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll [2010.03.17 15:25:45 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll [2010.03.17 15:25:45 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll [2010.03.17 15:25:44 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll [2010.03.17 15:25:43 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll [2010.03.17 15:25:43 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll [2010.03.17 15:25:42 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll [2010.03.17 15:25:42 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll [2010.03.17 15:23:48 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft [2010.03.15 09:59:28 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2010.02.12 15:17:01 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe13BE.dll [2010.02.01 11:20:06 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\IMPLODE.DLL [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.12 11:53:00 | 001,572,864 | ---- | M] () -- C:\Users\****\NTUSER.DAT [2010.04.12 11:52:24 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\****Desktop\OTL.exe [2010.04.12 11:43:24 | 121,175,904 | ---- | M] (AVG Technologies) -- C:\Users\****\Desktop\avg_ipw_stf_all_90_800a2779.exe [2010.04.12 10:15:58 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\PCCT - MAGIX AG.job [2010.04.12 10:10:02 | 001,478,112 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.12 10:10:02 | 000,644,304 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.12 10:10:02 | 000,600,640 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.12 10:10:02 | 000,132,540 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.12 10:10:02 | 000,109,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.12 10:09:23 | 058,823,525 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010.04.12 10:05:40 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.12 10:05:40 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.12 10:05:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.12 10:05:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.12 10:05:33 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2010.04.12 10:04:34 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{558a828b-e74d-11de-b2b0-00030d987e70}.TMContainer00000000000000000001.regtrans-ms [2010.04.12 10:04:34 | 000,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{558a828b-e74d-11de-b2b0-00030d987e70}.TM.blf [2010.04.12 10:04:33 | 003,663,774 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db [2010.04.12 09:48:12 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Franz.lnk [2010.04.12 09:32:42 | 276,200,447 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.04.12 08:54:17 | 000,001,887 | ---- | M] () -- C:\Users\****\Adobe Reader 9.lnk [2010.04.09 16:25:09 | 000,538,624 | ---- | M] () -- C:\Users\****\Desktop\********.XLS [2010.04.08 10:02:17 | 000,010,584 | ---- | M] () -- C:\Users\****\AppData\Roaming\docXConverter (3).ini [2010.04.08 09:59:01 | 000,000,134 | -H-- | M] () -- C:\Users\****\AppData\Roaming\lakerda1967.sys [2010.04.07 09:31:17 | 000,010,560 | ---- | M] () -- C:\Users\****\Documents\Barmer GEK wg ********.docx [2010.03.31 11:02:16 | 000,010,340 | ---- | M] () -- C:\Users\****\Documents\Reps Schuhaus German.xlsx [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.03.26 18:20:18 | 000,010,882 | ---- | M] () -- C:\Users\****\Documents\***********.docx [2010.03.18 15:06:41 | 000,021,956 | ---- | M] () -- C:\Users\****\****.jpg [2010.03.15 09:59:30 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2010.03.15 09:59:28 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2010.03.15 09:59:28 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2010.03.15 09:59:11 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.12 09:48:12 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Franz.lnk [2010.04.12 09:46:25 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat [2010.04.12 09:46:25 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat [2010.04.12 09:46:20 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat [2010.04.12 09:28:48 | 276,200,447 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.04.12 08:54:17 | 000,001,887 | ---- | C] () -- C:\Users\*****\Adobe Reader 9.lnk [2010.04.08 09:58:16 | 000,000,134 | -H-- | C] () -- C:\Users\****\AppData\Roaming\lakerda1967.sys [2010.04.08 09:58:00 | 000,010,584 | ---- | C] () -- C:\Users\****\AppData\Roaming\docXConverter (3).ini [2010.04.07 09:29:38 | 000,010,560 | ---- | C] () -- C:\Users\****\Documents\Barmer GEK wg Friedrich.docx [2010.03.31 10:59:24 | 000,010,340 | ---- | C] () -- C:\Users\****\Documents\Reps Schuhaus German.xlsx [2010.03.26 18:20:18 | 000,010,882 | ---- | C] () -- C:\Users\*****\Documents\Schreiben Dr. Steinke.docx [2010.03.18 15:06:09 | 000,021,956 | ---- | C] () -- C:\Users\****\Firma.jpg [2010.02.12 15:17:01 | 000,001,993 | ---- | C] () -- C:\Users\****\Sony Ericsson PC Suite 6.0.lnk [2010.02.08 18:21:15 | 000,017,089 | ---- | C] () -- C:\Users\*****\AppData\Roaming\UserTile.png [2010.02.01 11:20:17 | 000,245,830 | ---- | C] () -- C:\Windows\System32\PAEDUS.DLL [2010.02.01 11:20:08 | 000,122,880 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL [2010.02.01 11:20:07 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll [2010.02.01 11:20:05 | 000,079,360 | ---- | C] () -- C:\Windows\System32\Sockdlls.dll [2010.02.01 11:20:05 | 000,063,488 | ---- | C] () -- C:\Windows\System32\EZTW32.DLL [2010.02.01 11:20:02 | 000,303,616 | ---- | C] () -- C:\Windows\System32\TX32.DLL [2010.02.01 11:20:02 | 000,000,150 | ---- | C] () -- C:\Windows\System32\IC32.INI [2010.01.25 17:23:45 | 000,003,584 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.20 15:41:12 | 000,000,455 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2010.01.20 15:33:19 | 000,000,104 | ---- | C] () -- C:\Users\*****\Systemsteuerung - Verknüpfung.lnk [2010.01.15 11:46:13 | 000,010,763 | ---- | C] () -- C:\Users\*****\AppData\Roaming\SmarThruOptions.xml [2010.01.15 11:45:48 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll [2010.01.15 11:45:47 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SamFaxPort.dll [2010.01.15 11:45:36 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini [2010.01.15 11:45:29 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll [2010.01.06 12:38:19 | 000,000,094 | ---- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat [2009.12.12 20:55:57 | 000,000,046 | ---- | C] () -- C:\Windows\PCCT.INI [2009.12.12 20:48:30 | 000,524,288 | -HS- | C] () -- C:\Users\*****\NTUSER.DAT{558a828b-e74d-11de-b2b0-00030d987e70}.TMContainer00000000000000000002.regtrans-ms [2009.12.12 20:48:30 | 000,524,288 | -HS- | C] () -- C:\Users\****\NTUSER.DAT{558a828b-e74d-11de-b2b0-00030d987e70}.TMContainer00000000000000000001.regtrans-ms [2009.12.12 20:48:30 | 000,065,536 | -HS- | C] () -- C:\Users\****\NTUSER.DAT{558a828b-e74d-11de-b2b0-00030d987e70}.TM.blf [2009.12.12 20:47:05 | 000,262,144 | -H-- | C] () -- C:\Users\****\NTUSER.DAT.efr.LOG1 [2009.12.12 20:47:05 | 000,000,000 | -H-- | C] () -- C:\Users\*****\NTUSER.DAT.efr.LOG2 [2009.12.12 20:18:50 | 000,000,111 | ---- | C] () -- C:\Windows\installation.ini [2009.12.12 20:16:53 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.12.12 19:23:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.12.12 18:15:20 | 000,027,430 | ---- | C] () -- C:\Users\*****\AppData\Roaming\nvModes.001 [2009.12.12 16:28:01 | 000,027,430 | ---- | C] () -- C:\Users\*****\AppData\Roaming\nvModes.dat [2009.12.12 15:35:29 | 000,000,680 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat [2009.12.12 15:35:28 | 001,572,864 | ---- | C] () -- C:\Users\*****\NTUSER.DAT [2009.12.12 15:35:28 | 000,786,432 | -HS- | C] () -- C:\Users\*****\NTUSER.DAT.bak [2009.12.12 15:35:28 | 000,524,288 | -HS- | C] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2009.12.12 15:35:28 | 000,524,288 | -HS- | C] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.12.12 15:35:28 | 000,262,144 | -H-- | C] () -- C:\Users\*****\ntuser.dat.LOG1 [2009.12.12 15:35:28 | 000,065,536 | -HS- | C] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009.12.12 15:35:28 | 000,000,020 | -HS- | C] () -- C:\Users\*****\ntuser.ini [2009.12.12 15:35:28 | 000,000,000 | -H-- | C] () -- C:\Users\*****\ntuser.dat.LOG2 [2009.05.11 02:00:00 | 000,011,264 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll [2009.05.11 01:59:58 | 000,147,456 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll [2009.05.11 01:59:58 | 000,027,136 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll [2009.05.11 01:59:56 | 000,010,752 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll [2009.03.05 07:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2008.01.15 04:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini [2007.06.21 11:49:24 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2007.03.20 15:08:54 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sst1cl3.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.07.22 22:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2003.07.25 14:32:18 | 000,030,793 | ---- | C] () -- C:\Windows\System32\crtslv.dll [2002.03.13 17:46:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll [1998.05.04 12:02:44 | 000,028,160 | ---- | C] () -- C:\Windows\System32\PEADUTIL.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > |
OTL Extras logfile created on: 12.04.2010 11:53:34 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\****\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,31 Gb Total Space | 126,17 Gb Free Space | 64,60% Space Free | Partition Type: NTFS Drive D: | 93,78 Gb Total Space | 93,67 Gb Free Space | 99,89% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PRIVAT Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C3DAA32-1EB4-4319-A5F3-96479AA9ED03}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{21AFBACC-9340-4171-B8BD-E07E6891A569}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{2B3AAF7E-A272-4AF8-B2ED-2EAA6005EFCB}" = lport=139 | protocol=6 | dir=in | app=system | "{3468DF5C-552B-4ACD-A7C1-47711A22F0B5}" = lport=137 | protocol=17 | dir=in | app=system | "{67D8C11B-EA4E-45AE-B1F3-37CA810FB5F7}" = rport=139 | protocol=6 | dir=out | app=system | "{6CC60400-826A-4E9F-8C96-0E099C84DAE7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8D18B5CD-23BA-428F-B7C7-64FB5DFE5CDD}" = rport=137 | protocol=17 | dir=out | app=system | "{99666E66-595C-41F0-A143-6DAD1855D07D}" = lport=138 | protocol=17 | dir=in | app=system | "{A64A6D79-092D-4774-9318-14191850DA96}" = rport=445 | protocol=6 | dir=out | app=system | "{D79C5782-EEF8-43F5-B88A-BABAEC6B3C75}" = rport=138 | protocol=17 | dir=out | app=system | "{FEDD0447-78E5-4424-A4B0-D2E2CA62FDF4}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{090743C5-5F0C-4D03-85D9-9A55E3425034}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{09374934-88A7-4263-9C15-D5187856827F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{145C938C-8AAF-456F-A030-03EC87412BC4}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe | "{2F04C8E7-6280-4EEE-AF4D-59A8726E1AAA}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe | "{3895FDFA-DAE7-466A-9AE6-46BB314566C1}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe | "{4B14727E-510E-4C50-A509-A81620A7E532}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{60FDF2C5-71DA-425B-821C-1295C664C0E5}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | "{6B091F0F-DC05-4189-A82A-9544AAD21371}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6C8DB00C-204C-43AF-9C0D-4B67FBC83DF1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{74AA2C84-1AEA-41DD-8407-FA502486E38E}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe | "{7DA96566-E645-4D56-880A-EED9A9A0F89C}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe | "{A9B87B1D-6D4A-443E-8DBA-6D7F2FE7CFA8}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe | "{BFFFBE37-FEA4-43DF-B684-AC88A5C59B48}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | "{D077C360-F956-47AD-82D0-93043FB5E32D}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe | "{D6F26E8F-0829-44FD-B567-874927F1F885}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E607366D-574B-41F0-8005-8C47273A7377}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe | "{E70CB343-5743-4417-B0C6-9C50D2B4D5A7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{F4417A7D-EC1A-4CC6-9EBC-5EA8A75D4FA4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "TCP Query User{73B582BA-0716-4B06-AE4D-E1CAB96086A8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{7866ABB5-D25E-4031-B43B-262FAD9AB622}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{25614CFD-4E49-4EFF-B44E-3C6D3D9DFC5F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{F44CD691-7349-4DA5-8BBF-D7E1B50D0AFD}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0DE6C47F-57C9-43FB-930B-2094428BEBB3}_is1" = TTDPatch 2.5 beta 9 "{0F5C38CB-DCA7-44E0-A654-26121331557A}" = GMX Update "{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10 "{1C1DF401-0A3E-49C8-85AD-EB3C9F82A275}" = 3531-W-I32-D SATARAID5 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00 "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook "{36C89170-50E2-4F76-B4EA-F4450D85781F}" = PAEDUS 10.0 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5AF27589-0FA3-4BB0-8609-8F0135B1D9F6}" = Firefox 3.6 GMX Edition "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7EABFCD9-9F26-4E2C-A762-73ABE2C54E95}" = SCR3xx USB Smart Card Reader "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4 "{96AFCF8B-3C53-49A2-8456-E637021B1031}" = Nero 8 Essentials "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A36B158D-8E9D-4BD3-8BDA-4B5EDC9C2E8C}" = Norman Security Suite "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch "{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{DF204E20-C29C-4434-BCFE-D9BAF76CEF8D}" = Sun ODF Plugin for Microsoft Office 3.1 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EB863CFD-6889-47B0-9D79-492DE0D07EE7}" = OSDInstall "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FF748561-FFFE-11D3-A06B-00E02939A7B3}" = dakota.le "Ad-Aware" = Ad-Aware "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AVG9Uninstall" = AVG Free 9.0 "CCleaner" = CCleaner "EADM" = EA Download Manager "ENTERPRISE" = Microsoft Office Enterprise 2007 "Firefox 3.6 GMX Edition" = Firefox 3.6 GMX Edition "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10 "GMX Update" = GMX Update "MAGIX PC Check & Tuning 2010 D" = MAGIX PC Check & Tuning 2010 5.0.22.687 (D) "MAGIX Screenshare D" = MAGIX Screenshare "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "NVIDIA Drivers" = NVIDIA Drivers "OpenTTD" = OpenTTD 0.6.1 "S2TNG" = Die Siedler II - Die nächste Generation "Samsung CLX-3170 Series" = Samsung CLX-3170 Series "SmarThru PC Fax" = SmarThru PC Fax "SMSERIAL" = Motorola SM56 Speakerphone Modem "Spyware Doctor" = Spyware Doctor 7.0 "ST6UNST #1" = T&T medilogic 4.6 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.3 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.04.2010 05:45:19 | Computer Name = privat | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/04/12 11:45:19] -------------------------------------------------------- Application: NVC On-access Scanner Node address: 192.168.2.101 -------------------------------------------------------- Warning message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll File quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM' on host 'PRIVAT'. Error - 12.04.2010 05:46:17 | Computer Name = privat | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/04/12 11:46:17] -------------------------------------------------------- Application: NVC On-access Scanner Node address: 192.168.2.101 -------------------------------------------------------- Warning message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll File quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM' on host 'PRIVAT'. Error - 12.04.2010 05:47:18 | Computer Name = privat | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/04/12 11:47:18] -------------------------------------------------------- Application: NVC On-access Scanner Node address: 192.168.2.101 -------------------------------------------------------- Warning message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll File quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM' on host 'PRIVAT'. Error - 12.04.2010 05:49:18 | Computer Name = privat | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/04/12 11:49:18] -------------------------------------------------------- Application: NVC On-access Scanner Node address: 192.168.2.101 -------------------------------------------------------- Warning message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll File quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM' on host 'PRIVAT'. Error - 12.04.2010 05:50:19 | Computer Name = privat | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/04/12 11:50:19] -------------------------------------------------------- Application: NVC On-access Scanner Node address: 192.168.2.101 -------------------------------------------------------- Warning message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll File quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM' on host 'PRIVAT'. Error - 12.04.2010 05:51:17 | Computer Name = privat | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/04/12 11:51:17] -------------------------------------------------------- Application: NVC On-access Scanner Node address: 192.168.2.101 -------------------------------------------------------- Warning message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll File quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM' on host 'PRIVAT'. Error - 12.04.2010 05:52:18 | Computer Name = privat | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/04/12 11:52:18] -------------------------------------------------------- Application: NVC On-access Scanner Node address: 192.168.2.101 -------------------------------------------------------- Warning message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll File quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM' on host 'PRIVAT'. Error - 12.04.2010 05:54:18 | Computer Name = privat | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/04/12 11:54:18] -------------------------------------------------------- Application: NVC On-access Scanner Node address: 192.168.2.101 -------------------------------------------------------- Warning message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll File quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM' on host 'PRIVAT'. Error - 12.04.2010 05:55:19 | Computer Name = privat | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/04/12 11:55:19] -------------------------------------------------------- Application: NVC On-access Scanner Node address: 192.168.2.101 -------------------------------------------------------- Warning message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll File quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM' on host 'PRIVAT'. Error - 12.04.2010 05:56:17 | Computer Name = privat | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/04/12 11:56:17] -------------------------------------------------------- Application: NVC On-access Scanner Node address: 192.168.2.101 -------------------------------------------------------- Warning message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll File quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM' on host 'PRIVAT'. [ System Events ] Error - 08.03.2010 02:41:35 | Computer Name = privat | Source = Service Control Manager | ID = 7034 Description = Error - 08.03.2010 02:41:42 | Computer Name = privat | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 08.03.2010 09:16:16 | Computer Name = privat | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 08.03.2010 09:16:29 | Computer Name = privat | Source = Service Control Manager | ID = 7000 Description = Error - 08.03.2010 09:16:29 | Computer Name = privat | Source = Service Control Manager | ID = 7000 Description = Error - 08.03.2010 09:16:29 | Computer Name = privat | Source = Service Control Manager | ID = 7034 Description = Error - 09.03.2010 04:02:58 | Computer Name = privat | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 09.03.2010 04:04:12 | Computer Name = privat | Source = Service Control Manager | ID = 7000 Description = Error - 09.03.2010 04:04:12 | Computer Name = privat | Source = Service Control Manager | ID = 7000 Description = Error - 09.03.2010 04:04:12 | Computer Name = privat | Source = Service Control Manager | ID = 7034 Description = < End of report > |
Zitat:
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten. |
Hier das Ergebnis von Virustotal |
a-squared 4.5.0.50 2010.04.12 - AhnLab-V3 5.0.0.2 2010.04.10 - AntiVir 7.10.6.62 2010.04.12 - Antiy-AVL 2.0.3.7 2010.04.12 - Authentium 5.2.0.5 2010.04.12 - Avast 4.8.1351.0 2010.04.12 - Avast5 5.0.332.0 2010.04.12 - AVG 9.0.0.787 2010.04.12 - BitDefender 7.2 2010.04.12 - CAT-QuickHeal 10.00 2010.04.12 - ClamAV 0.96.0.3-git 2010.04.12 - Comodo 4575 2010.04.12 - DrWeb 5.0.2.03300 2010.04.12 - eSafe 7.0.17.0 2010.04.11 - eTrust-Vet 35.2.7420 2010.04.12 - F-Prot 4.5.1.85 2010.04.12 - F-Secure 9.0.15370.0 2010.04.12 - Fortinet 4.0.14.0 2010.04.12 - GData 19 2010.04.12 - Ikarus T3.1.1.80.0 2010.04.12 - Jiangmin 13.0.900 2010.04.12 - Kaspersky 7.0.0.125 2010.04.12 - McAfee-GW-Edition 6.8.5 2010.04.12 - Microsoft 1.5605 2010.04.12 - NOD32 5020 2010.04.12 - Norman 6.04.11 2010.04.12 - nProtect 2009.1.8.0 2010.04.06 - Panda 10.0.2.2 2010.04.11 - PCTools 7.0.3.5 2010.04.12 - Prevx 3.0 2010.04.12 - Rising 22.43.00.04 2010.04.12 - Sophos 4.52.0 2010.04.12 - Sunbelt 6166 2010.04.12 - Symantec 20091.2.0.41 2010.04.12 - TheHacker 6.5.2.0.259 2010.04.12 - TrendMicro 9.120.0.1004 2010.04.12 - VBA32 3.12.12.4 2010.04.09 - ViRobot 2010.4.12.2272 2010.04.12 - VirusBuster 5.0.27.0 2010.04.12 - weitere Informationen File size: 134 bytes MD5...: 981e00043c35548945a20bd4bf07e39f SHA1..: e53f65b3812e9f8ba2bf276d8f6c6978a5556826 SHA256: 21aca2eef6234a7a579f2153b47308606123580b818cb148fadf2ca94ee1039e ssdeep: 3:cl2UoSUC7qA2akQ5OlPIqGqw7rYlyIWc6igpCusJ7BdhBn:eoQT5OwTrHIWc6F Cus1rhBn PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - pdfid.: - trid..: Unknown! |
Ich wollte den Link haben. Bitte lad die Datei mal bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html |
Hab mal versucht antivir 10 zu installieren schmiert aber jedes mal ab ( Blue screen) Was soll ich noch machen? |
Hab den Link geschickt. |
Mach nen Durchgang mit CF, das nimmt uns Arbeit ab: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
http://saved.im/mtm0nzyzmzd5/cofi.jpg
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! |
ComboFix 10-04-11.06 - Scheid 12.04.2010 16:20:08.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1783 [GMT 2:00] ausgeführt von:: C:\Users\Scheid\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Im Speicher befindliches AV aktiv. . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\hpe13BE.dll C:\Users\Scheid\FAVORI~1\_favdata.dat C:\Users\Scheid\Favorites\_favdata.dat C:\Windows\_VOIDcdsmyprbqw C:\Windows\system32\_VOIDbloxiigpuh.dll C:\Windows\system32\_VOIDbpwfvinixo.dll C:\Windows\system32\_VOIDhwqmnmpdep.dat C:\Windows\system32\_VOIDiwtutmsxir.dll C:\Windows\system32\_VOIDnjbjuijtqx.dat C:\Windows\system32\_VOIDnosnqbvqrf.dat C:\Windows\system32\_VOIDqciecxyaqp.dat C:\Windows\system32\_VOIDrckcnvpnop.dat C:\Windows\system32\_VOIDtjpwgqfdkj.dll C:\Windows\system32\_VOIDtlmwprnbdk.dll C:\Windows\system32\_VOIDxdahsddqbu.dll C:\Windows\system32\SHELLLNK.TLB . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy__VOIDCDSMYPRBQW -------\Legacy__VOIDd.sys -------\Service__VOIDcdsmyprbqw -------\Service__VOIDd.sys ((((((((((((((((((((((( Dateien erstellt von 2010-03-12 bis 2010-04-12 )))))))))))))))))))))))))))))) . 2010-04-12 14:26:48 . 2010-04-12 14:26:48 -------- d-----w- C:\Users\Default\AppData\Local\temp 2010-04-12 14:26:47 . 2010-04-12 14:29:50 -------- d-----w- C:\Users\Scheid\AppData\Local\temp 2010-04-12 13:41:50 . 2010-04-12 13:41:53 -------- d-----w- C:\sh4ldr 2010-04-12 13:41:50 . 2010-04-12 13:41:50 -------- d-----w- C:\Program Files\Enigma Software Group 2010-04-12 13:40:21 . 2010-04-12 13:41:56 -------- d-----w- C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP 2010-04-12 07:48:09 . 2010-03-29 13:24:58 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-04-12 07:48:07 . 2010-03-29 13:24:46 20824 ----a-w- C:\Windows\system32\drivers\mbam.sys 2010-04-12 07:46:25 . 2010-03-10 09:36:36 217032 ----a-w- C:\Windows\system32\drivers\PCTCore.sys 2010-04-12 07:46:25 . 2009-11-23 11:54:20 88040 ----a-w- C:\Windows\system32\drivers\PCTAppEvent.sys 2010-04-12 07:46:20 . 2010-02-05 07:25:38 70408 ----a-w- C:\Windows\system32\drivers\pctplsg.sys 2010-04-12 07:46:15 . 2010-04-12 07:46:24 -------- d-----w- C:\Program Files\Spyware Doctor 2010-04-12 07:46:15 . 2010-04-12 07:46:21 -------- d-----w- C:\Program Files\Common Files\PC Tools 2010-04-12 07:46:15 . 2010-04-12 07:46:15 -------- d-----w- C:\Users\Scheid\AppData\Roaming\PC Tools 2010-04-12 07:46:15 . 2010-04-12 07:46:15 -------- d-----w- C:\ProgramData\PC Tools 2010-04-12 07:26:57 . 2010-03-01 07:05:19 124784 ----a-w- C:\Windows\system32\drivers\avipbb.sys 2010-04-12 07:26:57 . 2010-02-16 11:24:01 60936 ----a-w- C:\Windows\system32\drivers\avgntflt.sys 2010-04-12 07:26:57 . 2009-05-11 09:49:28 51992 ----a-w- C:\Windows\system32\drivers\avgntdd.sys 2010-04-12 07:26:57 . 2009-05-11 09:49:28 17016 ----a-w- C:\Windows\system32\drivers\avgntmgr.sys 2010-04-12 07:26:53 . 2010-04-12 07:26:53 -------- d-----w- C:\ProgramData\Avira 2010-04-12 07:26:53 . 2010-04-12 07:26:53 -------- d-----w- C:\Program Files\Avira 2010-04-12 07:24:43 . 2010-04-12 07:24:45 -------- d-----w- C:\Program Files\CCleaner 2010-04-09 07:07:17 . 2010-04-09 07:08:14 -------- d-----w- C:\Program Files\trend micro 2010-04-09 07:07:15 . 2010-04-09 07:08:16 -------- d-----w- C:\rsit 2010-04-08 14:03:44 . 2010-04-08 14:03:44 -------- d-----w- C:\Users\Scheid\AppData\Roaming\Malwarebytes 2010-04-08 14:01:35 . 2010-04-08 14:01:35 -------- d-----w- C:\ProgramData\Malwarebytes 2010-04-08 13:57:27 . 2010-04-12 07:54:36 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2010-04-08 13:45:27 . 2010-04-08 13:45:27 -------- dc-h--w- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-04-08 13:44:36 . 2010-04-08 13:45:32 -------- d-----w- C:\Program Files\Lavasoft 2010-04-08 13:44:36 . 2010-04-08 13:44:36 -------- d-----w- C:\ProgramData\Lavasoft 2010-04-08 12:58:00 . 2010-04-08 12:58:00 -------- d-----w- C:\Program Files\Common Files\Windows Live 2010-04-08 12:49:55 . 2010-04-09 08:20:13 -------- d-----w- C:\Users\Scheid\AppData\Roaming\Your Protection 2010-04-08 07:58:16 . 2010-04-08 07:58:16 -------- d-----w- C:\ProgramData\eSellerate 2010-04-06 07:11:14 . 2010-02-12 10:32:56 293376 ----a-w- C:\Windows\system32\browserchoice.exe 2010-03-26 16:56:06 . 2010-03-26 16:56:18 -------- d-----w- C:\Program Files\Common Files\DVDVideoSoft 2010-03-26 16:56:06 . 2010-03-26 16:56:13 -------- d-----w- C:\Program Files\DVDVideoSoft 2010-03-23 09:05:27 . 2010-03-23 09:05:27 -------- d-----w- C:\Users\Scheid\AppData\Roaming\Nero 2010-03-17 13:29:50 . 2010-03-17 16:50:35 -------- d-----w- C:\Users\Scheid\AppData\Local\S2 2010-03-17 13:25:43 . 2005-05-26 14:34:52 2297552 ----a-w- C:\Windows\system32\d3dx9_26.dll 2010-03-17 13:23:48 . 2010-03-17 13:23:48 -------- d-----w- C:\Program Files\Ubisoft 2010-03-15 07:59:28 . 2010-03-15 07:59:28 12464 ----a-w- C:\Windows\system32\avgrsstx.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-12 14:28:31 . 2009-12-18 10:42:17 -------- d-----w- C:\Program Files\Norman 2010-04-12 13:55:21 . 2009-12-12 22:22:58 644304 ----a-w- C:\Windows\system32\perfh007.dat 2010-04-12 13:55:21 . 2009-12-12 22:22:58 132540 ----a-w- C:\Windows\system32\perfc007.dat 2010-04-12 13:48:41 . 2009-12-12 14:43:11 -------- d-----w- C:\ProgramData\avg9 2010-04-12 13:41:54 . 2010-04-12 13:41:54 110080 ----a-r- C:\Users\Scheid\AppData\Roaming\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconF7A21AF7.exe 2010-04-12 13:41:54 . 2010-04-12 13:41:54 110080 ----a-r- C:\Users\Scheid\AppData\Roaming\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconD7F16134.exe 2010-04-12 13:40:13 . 2009-12-12 17:25:38 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard 2010-04-09 14:06:55 . 2009-12-12 19:39:41 -------- d-----w- C:\Program Files\Common Files\Adobe 2010-04-08 13:07:30 . 2009-12-12 14:43:17 -------- d-----w- C:\ProgramData\AVG Security Toolbar 2010-04-08 12:59:20 . 2010-04-08 12:59:20 53248 ----a-w- C:\Users\Scheid\AppData\Roaming\Your Protection\Uninstall.exe 2010-04-08 12:59:20 . 2010-04-08 12:59:20 40960 ----a-w- C:\Users\Scheid\AppData\Roaming\Your Protection\urpext.dll 2010-04-08 12:59:20 . 2010-04-08 12:59:20 21504 ----a-w- C:\Users\Scheid\AppData\Roaming\Your Protection\urphook.dll 2010-04-08 07:59:01 . 2010-04-08 07:58:16 134 ---ha-w- C:\Users\Scheid\AppData\Roaming\lakerda1967.sys 2010-04-08 07:59:01 . 2010-04-08 07:58:16 134 ---ha-w- C:\Users\Scheid\AppData\Roaming\lakerda1967.sys 2010-04-08 07:58:16 . 2010-04-08 07:58:16 360580 ----a-w- C:\ProgramData\eSellerate\eSellerateEngine.dll 2010-04-08 07:58:16 . 2010-04-08 07:58:16 279172 ----a-w- C:\ProgramData\eSellerate\eWebClient.dll 2010-04-07 09:47:43 . 2010-01-19 15:27:17 -------- d-----w- C:\Program Files\medilogic 2010-03-15 07:59:30 . 2009-12-12 14:43:24 242696 ----a-w- C:\Windows\system32\drivers\avgtdix.sys 2010-03-15 07:59:28 . 2009-12-12 14:43:20 29512 ----a-w- C:\Windows\system32\drivers\avgmfx86.sys 2010-03-15 07:59:11 . 2009-12-12 14:43:21 216200 ----a-w- C:\Windows\system32\drivers\avgldx86.sys 2010-03-11 08:19:09 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail 2010-03-11 08:03:59 . 2010-02-05 16:14:39 -------- d-----w- C:\ProgramData\Microsoft Help 2010-03-01 12:58:32 . 2009-12-12 13:36:17 105824 ----a-w- C:\Users\Scheid\AppData\Local\GDIPFONTCACHEV1.DAT 2010-03-01 11:23:28 . 2010-02-26 15:29:10 -------- d-----w- C:\Program Files\Microsoft Works 2010-03-01 11:03:17 . 2010-03-01 11:03:17 -------- d-----w- C:\Users\Scheid\AppData\Roaming\SunODFPluginforMicrosoftOffice 2010-03-01 10:51:55 . 2010-03-01 10:51:55 -------- d-----w- C:\Program Files\Sun 2010-03-01 10:45:20 . 2010-03-01 10:45:20 -------- d-----w- C:\Users\Scheid\AppData\Roaming\Softplicity 2010-03-01 09:53:45 . 2010-02-16 15:05:43 -------- d-----w- C:\Program Files\OpenOffice.org 3 2010-02-26 16:14:56 . 2010-02-16 15:15:46 1 ----a-w- C:\Users\Scheid\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-02-26 15:28:39 . 2006-11-02 12:37:34 -------- d-----w- C:\Program Files\MSBuild 2010-02-26 15:27:19 . 2010-02-26 15:27:19 -------- d-----w- C:\Program Files\Microsoft.NET 2010-02-26 15:23:22 . 2010-02-26 15:23:21 -------- d-----w- C:\Program Files\Microsoft Visual Studio 8 2010-02-25 16:14:21 . 2010-02-25 16:14:21 0 ---ha-w- C:\Windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-02-23 06:39:13 . 2010-04-01 06:59:54 916480 ----a-w- C:\Windows\system32\wininet.dll 2010-02-23 06:33:45 . 2010-04-01 06:59:53 71680 ----a-w- C:\Windows\system32\iesetup.dll 2010-02-23 06:33:45 . 2010-04-01 06:59:53 109056 ----a-w- C:\Windows\system32\iesysprep.dll 2010-02-23 04:55:36 . 2010-04-01 06:59:53 133632 ----a-w- C:\Windows\system32\ieUnatt.exe 2010-02-22 15:56:58 . 2010-02-22 15:56:58 -------- d-----w- C:\ProgramData\WindowsSearch 2010-02-22 09:39:37 . 2010-02-22 09:39:34 -------- d-----w- C:\Program Files\OpenTTD 2010-02-22 09:37:24 . 2010-02-22 09:37:05 -------- d-----w- C:\ProgramData\WinZip 2010-02-20 23:06:41 . 2010-03-11 08:00:15 24064 ----a-w- C:\Windows\system32\nshhttp.dll 2010-02-20 23:05:14 . 2010-03-11 08:00:14 30720 ----a-w- C:\Windows\system32\httpapi.dll 2010-02-20 20:53:34 . 2010-03-11 08:00:14 411648 ----a-w- C:\Windows\system32\drivers\http.sys 2010-02-16 15:24:12 . 2010-01-15 14:59:32 -------- d-----w- C:\Users\Scheid\AppData\Roaming\SoftGrid Client 2010-02-16 15:15:42 . 2010-02-16 15:15:42 -------- d-----w- C:\Users\Scheid\AppData\Roaming\OpenOffice.org 2010-02-16 15:05:26 . 2010-02-16 15:05:26 -------- d-----w- C:\Program Files\Common Files\Java 2010-02-16 15:04:48 . 2010-02-16 15:05:09 411368 ----a-w- C:\Windows\system32\deploytk.dll 2010-02-16 15:04:45 . 2010-02-16 15:04:45 -------- d-----w- C:\Program Files\Java 2010-02-12 13:21:34 . 2010-02-12 13:21:34 0 ---ha-w- C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-02-12 13:20:26 . 2010-02-12 13:20:26 -------- d-----w- C:\ProgramData\Avanquest Bluetooth SDK 2010-02-12 13:20:10 . 2010-02-12 13:20:10 -------- d-----w- C:\ProgramData\BVRP Software 2010-02-12 13:16:39 . 2010-02-12 13:16:39 -------- d-----w- C:\ProgramData\Sony Ericsson 2010-02-12 13:16:39 . 2010-02-12 13:16:39 -------- d-----w- C:\Program Files\Sony Ericsson 2010-02-12 13:16:39 . 2009-12-12 14:06:54 -------- d--h--w- C:\Program Files\InstallShield Installation Information 2010-02-04 15:53:47 . 2010-04-08 13:45:27 2954656 -c--a-w- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-01-26 10:32:53 . 2010-02-09 08:12:37 2739773 -c--a-w- C:\ProgramData\{B8D53BEA-6377-4E04-8901-F6960C01E454}\Firefox-3.6-GMX-Edition.exe 2010-01-25 12:00:35 . 2010-02-24 08:01:17 471552 ----a-w- C:\Windows\system32\secproc_isv.dll 2010-01-25 12:00:35 . 2010-02-24 08:01:11 152576 ----a-w- C:\Windows\system32\secproc_ssp_isv.dll 2010-01-25 12:00:35 . 2010-02-24 08:01:11 152064 ----a-w- C:\Windows\system32\secproc_ssp.dll 2010-01-25 12:00:22 . 2010-02-24 08:01:16 471552 ----a-w- C:\Windows\system32\secproc.dll 2010-01-25 11:58:52 . 2010-02-24 08:01:11 332288 ----a-w- C:\Windows\system32\msdrm.dll 2010-01-25 08:21:20 . 2010-02-24 08:01:12 526336 ----a-w- C:\Windows\system32\RMActivate_isv.exe 2010-01-25 08:21:20 . 2010-02-24 08:01:11 346624 ----a-w- C:\Windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:21:18 . 2010-02-24 08:01:11 518144 ----a-w- C:\Windows\system32\RMActivate.exe 2010-01-25 08:21:18 . 2010-02-24 08:01:11 347136 ----a-w- C:\Windows\system32\RMActivate_ssp.exe 2010-01-23 09:26:13 . 2010-02-24 08:01:31 2048 ----a-w- C:\Windows\system32\tzres.dll 2010-01-19 15:26:06 . 2010-01-19 15:26:06 74752 ----a-w- C:\Windows\ST6UNST.EXE 2010-01-14 08:09:51 . 2010-01-06 10:29:10 73728 ----a-w- C:\ProgramData\T-Home\MeineSoftware\updater\nfs.corestorage.dll 2010-01-14 08:09:51 . 2010-01-06 10:29:09 171152 ----a-w- C:\ProgramData\T-Home\MeineSoftware\updater\meinesoftwareupdate.exe 2008-10-31 07:59:52 . 2008-10-31 07:59:52 8192 --sha-w- C:\Windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 12:01:54 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 12:01:54 1230080 ----a-w- C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 12:01:54 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 12:01:54 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2009-04-10 22:28:04 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 02:23:32 1008184] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 12:37:58 174872] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 14:21:52 246504] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 10:44:34 31072] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 23:57:28 35760] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 13:57:56 948672] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2010-03-09 07:40:26 1286608] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Scheid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk] path=C:\Users\Scheid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk backup=C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3170 Scan2PC] 2009-06-11 23:10:18 503808 ----a-w- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 13:57:56 948672 ----a-r- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-21 23:57:28 35760 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] 2009-09-03 21:17:14 3342336 ----a-w- C:\Program Files\Electronic Arts\EADM\Core.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GMX Update] 2009-10-16 13:16:35 2229632 ----a-w- C:\Program Files\GMX\LiveUpdate\m2LUTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57:24 153136 ----a-w- C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA] 2009-10-07 12:39:07 189824 ----a-w- C:\Program Files\Norman\Npm\Bin\Zlh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPCTray] 2009-10-07 13:16:43 128328 ----a-w- C:\Program Files\Norman\Npc\Bin\npc_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr] 2009-12-09 14:49:38 606208 ----a-w- C:\Windows\Samsung\PanelMgr\SSMMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2009-11-20 09:17:12 434176 ----a-w- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):b2,29,8a,c7,52,7b,ca,01 R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 07:28:01 135336] R2 OsdService;OsdService;C:\Program Files\C&E\OSD\OsdService\OsdService.exe [2007-09-03 16:01:50 53248] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE [x] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\system32\DRIVERS\s1018bus.sys [2009-03-25 15:48:00 86824] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15:48:00 15016] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 15:48:00 114728] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 15:48:00 106208] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 15:48:00 26024] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s1018obex.sys [2009-03-25 15:48:00 104744] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\system32\DRIVERS\s1018unic.sys [2009-03-25 15:48:00 109864] R3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;C:\Windows\system32\DRIVERS\SCR3XX2K.sys [2006-11-07 03:35:00 47488] R3 STC2DFU;STCII DFU Adapter;C:\Windows\system32\DRIVERS\Stc2Dfu.SYS [2004-10-24 23:04:00 7796] S0 DiskSec;Magix Volume Filter Driver; [x] S0 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\DRIVERS\Si3531.sys [2009-02-05 17:38:24 212520] S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\System32\Drivers\avgldx86.sys [2010-03-15 07:59:11 216200] S1 AvgTdiX;AVG Free Network Redirector;C:\Windows\System32\Drivers\avgtdix.sys [2010-03-15 07:59:30 242696] S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2009-10-07 14:01:32 25032] S1 NPROSEC;Norman Security driver;C:\Program Files\Norman\Ngs\Bin\nprosec.sys [2009-10-07 14:02:26 56136] S2 avg9emc;AVG Free E-mail Scanner;C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-15 07:59:12 916760] S2 avg9wd;AVG Free WatchDog;C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-15 07:59:15 308064] S2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2009-10-13 10:24:28 24168] S2 NPROSECSVC;Norman Security service;C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [2009-10-07 13:02:03 124232] S2 NVOY;Norman Resource Provider;C:\Program Files\Norman\npm\bin\nvoy.exe [2009-10-07 13:04:02 128328] S2 OMSI download service;Sony Ericsson OMSI download service;C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 10:23:26 90112] S2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2007-08-13 19:51:12 5120] S3 CEBFilter;CEBFilter;C:\Program Files\C&E\OSD\OsdService\cebuffer.sys [2007-09-04 15:20:00 5120] S3 CEIO;CEIO;C:\Program Files\C&E\OSD\OsdService\ceio.sys [2007-08-31 15:18:06 4608] S3 cKBFilter;cKBFilter;C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys [2007-08-31 13:22:26 7168] S3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-01-08 12:38:30 46592] S3 NPC;Norman Parental Control;C:\Program Files\Norman\npc\bin\npcsvc32.exe [2009-10-07 13:16:27 419200] S3 nsesvc;Norman Scanner Engine Service;C:\Program Files\Norman\Nse\bin\NSESVC.EXE [2009-11-23 13:47:18 283976] S3 NUAA;Norman User Activity Agent;C:\Program Files\Norman\npc\bin\nuaa.exe [2009-10-07 13:54:30 124232] S3 NvcMFlt;NvcMFlt;C:\Windows\system32\DRIVERS\nvcv32mf.sys [2009-10-09 12:06:44 23392] S3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2009-10-07 12:19:07 197960] S3 Scheduler;Norman Scheduler Service;C:\Program Files\Norman\Npm\Bin\scheduler.exe [2009-10-07 13:59:27 132424] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners 2010-04-12 C:\Windows\Tasks\PCCT - MAGIX AG.job - C:\PROGRA~1\MAGIX\PC_CHE~1\MxTray.exe [2009-12-12 18:17:18 . 2010-02-16 11:02:56] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = www.gmx.net uSearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: SmarThru4 Als HTML speichern - C:\Program Files\SmarThru 4\WebCapture.dll1.htm IE: SmarThru4 Auswahl erfassen - C:\Program Files\SmarThru 4\WebCapture.dll2.htm IE: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm IE: SmarThru4 Markierten Text speichern - C:\Program Files\SmarThru 4\WebCapture.dll.htm IE: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm IE: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm IE: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll LSP: C:\Program Files\Norman\npc\bin\nlf.dll FF - ProfilePath - C:\Users\Scheid\AppData\Roaming\Mozilla\Firefox\Profiles\9tar9nvm.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.gmx.net FF - prefs.js: keyword.URL - hxxp://go.gmx.net/suchbox/gmxsuche?su= FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com"); C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("general.useragent.extra.cck", "(GMX)"); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . |
Ähm, das Log ist nicht vollständig! Bitte komplett nachreichen!! Du kannst aber schonmal das hier machen: 1.) Lade Dir von hier Avenger: Swandog46's Public Anti-Malware Tools (Download, linksseitig) 2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen: http://mitglied.lycos.de/efunction/tb123/avenger.png 3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld: Code: Folders to delete:5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein. 6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso. 7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier. 8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken |
Doch das ist alle was in der Combofix.txt drin ist. Den Rest probiere ich jetzt aus. |
Wirklich nichts übersehen? :confused: Das Log hört irgendwie so abrupt auf! :dummguck: |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 01:44 Uhr. |
Copyright ©2000-2024, Trojaner-Board