Trojaner-Board - Trojan.BHO löschen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Trojan.BHO löschen (https://www.trojaner-board.de/91173-trojan-bho-loeschen.html)

Trojan.BHO löschen

Hallo,

hab mir blöderweise den Trojan.BHO eingefangen.

Malwarebytes zeigte mir drei Einträge (siehe mbam-log-2010-09-26 (08-20-47).txt ). 2 in der Registry und eine infizierte Datei.

In Internet (Forum Avira) gab es den Hinweis, die ICQ Toolbar zu deinstallieren. Das habe ich gemacht.
Die infizierte Datei ist nun weg, die Einträge in der Registry sind leider immer noch da, siehe das log von Malwarebytes (mbam-log-2010-09-26 (18-37-55).txt).

Hat jemand eine Idee, wie ich den Rechner sauber bekommen kann?

Danke!!!!!!

Viele Grüße
Trojanerin

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Hallo Arne,

hier das log:OTL Logfile:

Code:

OTL logfile created on: 9/28/2010 8:22:35 PM - Run 1

OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Marit\Downloads

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,013.00 Mb Total Physical Memory | 131.00 Mb Available Physical Memory | 13.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 105.56 Gb Total Space | 29.77 Gb Free Space | 28.20% Space Free | Partition Type: NTFS

Drive D: | 6.23 Gb Total Space | 2.31 Gb Free Space | 37.03% Space Free | Partition Type: NTFS

Drive E: | 4.21 Gb Total Space | 4.21 Gb Free Space | 100.00% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: MARIT-PC

Current User Name: Administrator_1

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Marit\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)

PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Marit\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.dll File not found

SRV - (Net Driver HPZ12) -- C:\Windows\System32\HPZinw12.dll File not found

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)

SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)

SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)

SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)

SRV - (HRService) -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe ()

SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\DRIVERS\snpstd3.sys File not found

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found

DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)

DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)

DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)

DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)

DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)

DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )

DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)

DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)

DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

DRV - (QCDonner) Labtec WebCam(PID_0840) -- C:\Windows\System32\drivers\lvcd.sys (Labtec)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Notebook | MSN

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP Notebook | MSN

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = go.web.de/homehxxp://start.icq.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="

FF - prefs.js..browser.search.order.1: "GMX Suche"

FF - prefs.js..browser.search.order.2: "1und1 Suche"

FF - prefs.js..browser.search.order.3: "amazon.de"

FF - prefs.js..browser.search.order.4: "WEB.DE Suche"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.web.de"

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}:5.0.16

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5

FF - prefs.js..extensions.enabledItems: {a82d0125-000a-4a57-abbc-5d4b0dbaab54}:1.5

FF - prefs.js..keyword.URL: "hxxp://go.web.de/suchbox/webdesuche?su="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/22 23:58:35 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/10 17:14:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/08 20:09:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2009/06/22 08:04:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Extensions

[2010/01/23 00:00:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions

[2009/11/29 12:24:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2008/04/15 10:17:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009/07/26 21:01:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/01/22 23:59:20 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

[2010/01/22 23:59:19 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}

[2010/01/05 21:29:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Sunbird\Profiles\5shfxuur.default\extensions

[2010/01/23 00:00:18 | 000,005,599 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\1und1-suche.xml

[2010/01/23 00:00:17 | 000,001,381 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\amazonde.xml

[2010/01/23 00:00:17 | 000,010,613 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\gmx-suche.xml

[2008/05/28 08:57:47 | 000,000,950 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-1.xml

[2008/04/15 10:16:19 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-2.xml

[2008/04/15 10:19:43 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-3.xml

[2008/05/28 08:47:38 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-4.xml

[2009/11/29 12:24:45 | 000,000,950 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-5.xml

[2008/03/31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.gif

[2008/03/31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.src

[2009/07/13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.xml

[2009/07/26 21:01:08 | 000,001,632 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\live-search.xml

[2010/01/23 00:00:17 | 000,005,596 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\webde-suche.xml

[2010/09/26 09:39:11 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2007/10/29 11:12:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009/07/26 21:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010/01/22 23:58:30 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

[2010/01/22 23:58:30 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}

[2009/06/22 08:04:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

[2008/08/30 23:10:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2008/08/30 23:10:16 | 000,002,642 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2008/08/30 23:10:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2008/08/30 23:10:16 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2008/08/30 23:10:16 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe File not found

O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe File not found

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)

O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programme\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)

O13 - gopher Prefix: missing

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} Seite nicht gefunden | Facebook (Facebook Photo Uploader 5 Control)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldes-es.cab (MSN Photo Upload Tool)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldes-es.cab (Windows Live Hotmail Photo Upload Tool)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/09/11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010/09/25 21:03:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator_1\AppData\Roaming\Malwarebytes

[2010/09/25 21:01:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/09/25 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/09/25 21:00:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/09/25 20:58:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010/09/25 20:16:19 | 000,000,000 | ---D | C] -- C:\Programme\Trojancheck 6

[2010/09/25 19:59:00 | 000,000,000 | ---D | C] -- C:\Programme\AVG

[2010/09/16 15:08:08 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010/09/28 20:30:20 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/09/28 20:30:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{31F8CAE6-055C-43D5-B8F6-50CBD77521FE}.job

[2010/09/28 20:22:15 | 001,572,864 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat

[2010/09/28 20:21:57 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat{afbd2641-863b-11dd-bcdd-ebf3f1ad6977}.TMContainer00000000000000000002.regtrans-ms

[2010/09/28 20:21:57 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat{afbd2641-863b-11dd-bcdd-ebf3f1ad6977}.TM.blf

[2010/09/28 20:13:01 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2010/09/28 20:11:18 | 000,032,768 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2010/09/28 20:11:07 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/09/28 20:10:43 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/28 20:10:42 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/28 20:10:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/28 20:10:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/28 20:10:22 | 1063,280,640 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/27 13:33:03 | 001,525,290 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/09/27 13:33:03 | 000,663,300 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010/09/27 13:33:03 | 000,624,056 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/09/27 13:33:03 | 000,135,254 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010/09/27 13:33:03 | 000,111,432 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/09/25 18:52:23 | 588,990,017 | ---- | M] () -- C:\Windows\MEMORY.DMP

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010/04/09 22:57:34 | 000,000,607 | ---- | C] () -- C:\Windows\wiso.ini

[2010/01/18 11:12:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/11/29 11:47:14 | 000,015,872 | ---- | C] () -- C:\Windows\System32\vtssm32.dll

[2008/12/23 21:53:22 | 000,000,600 | ---- | C] () -- C:\Users\Administrator_1\AppData\Roaming\winscp.rnd

[2008/12/06 16:23:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

[2008/11/28 19:30:41 | 000,000,680 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\d3d9caps.dat

[2008/09/16 22:15:54 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll

[2008/09/16 22:15:54 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll

[2008/09/16 22:15:53 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll

[2008/08/29 14:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll

[2007/10/28 19:43:53 | 000,004,608 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/10/13 19:32:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\QSwitch.txt

[2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\DSwitch.txt

[2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\AtStart.txt

[2007/07/05 08:08:18 | 000,004,179 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2007/05/31 13:14:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll

[2007/05/31 12:49:06 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007/02/27 22:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/12/14 08:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/12/14 08:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/12/10 15:52:04 | 000,409,600 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC8.dll

[2006/11/04 03:58:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll

[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/10/19 17:37:58 | 000,015,852 | ---- | C] () -- C:\Windows\System32\SETUP.INI

[2006/09/29 15:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll

[2006/09/24 21:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll

[2006/09/24 21:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll

[2006/09/21 13:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll

[2006/09/21 13:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll

[2006/09/21 13:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll

[2005/11/09 12:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll

[2005/11/09 12:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll

[2005/11/09 12:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll

[2001/10/10 09:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll

[2001/10/10 09:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll

[2001/03/07 09:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll

[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

< End of report >

--- --- ---

Viele Grüße
Martin

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found

O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe File not found

O32 - AutoRun File - [2005/09/11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Hallo Arne,

hier das Logfile, das ich bekommen habe, nachdem der Rechner neu gestartet ist:

All processes killed
========== OTL ==========
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\System32\drivers\blbdrive.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NapsterShell deleted successfully.
D:\AUTOMODE moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator_1
->Temp folder emptied: 1182790492 bytes
->Temporary Internet Files folder emptied: 96274306 bytes
->Java cache emptied: 13689524 bytes
->FireFox cache emptied: 5393012 bytes
->Flash cache emptied: 704 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mami
->Temp folder emptied: 2713688 bytes
->Temporary Internet Files folder emptied: 11188384 bytes
->FireFox cache emptied: 91749953 bytes
->Flash cache emptied: 680 bytes

User: Marit
->Temp folder emptied: 892233235 bytes
->Temporary Internet Files folder emptied: 528300447 bytes
->Java cache emptied: 12919479 bytes
->FireFox cache emptied: 47003853 bytes
->Flash cache emptied: 13533701 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 24270 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 703353790 bytes
RecycleBin emptied: 1724656018 bytes

Total Files Cleaned = 5,079.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 09292010_204010

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Gruß
Martin

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hallo Arne,

hier das log von Combofix:

Combofix Logfile:

Code:

ComboFix 10-09-30.01 - Administrator_1 30.09.2010  20:54:40.1.2 - x86

Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.49.1031.18.1013.242 [GMT 2:00]

ausgeführt von:: c:\users\Marit\Desktop\cofi.exe.exe

SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\windows\system32\setup.ini
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-08-28 bis 2010-09-30  ))))))))))))))))))))))))))))))

.
 

2010-09-30 18:37 . 2010-09-30 18:45        --------        d-----w-        c:\program files\CCleaner

2010-09-29 18:40 . 2010-09-29 18:40        --------        d-----w-        C:\_OTL

2010-09-26 05:42 . 2010-09-26 05:42        --------        d-----w-        c:\users\Marit\AppData\Roaming\Malwarebytes

2010-09-25 19:03 . 2010-09-25 19:03        --------        d-----w-        c:\users\Administrator_1\AppData\Roaming\Malwarebytes

2010-09-25 19:01 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-25 19:01 . 2010-09-25 19:01        --------        d-----w-        c:\programdata\Malwarebytes

2010-09-25 19:00 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-09-25 18:58 . 2010-09-25 19:02        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2010-09-25 18:16 . 2010-09-26 07:40        --------        d-----w-        c:\program files\Trojancheck 6

2010-09-25 17:59 . 2010-09-25 17:59        --------        d-----w-        c:\program files\AVG

2010-09-16 13:08 . 2010-04-16 16:10        501760        ----a-w-        c:\windows\system32\usp10.dll

2010-09-16 13:08 . 2010-08-17 13:32        126464        ----a-w-        c:\windows\system32\spoolsv.exe

2010-09-16 13:08 . 2010-04-05 16:08        317952        ----a-w-        c:\windows\system32\MP4SDECD.DLL

2010-09-16 13:08 . 2010-05-27 19:16        738816        ----a-w-        c:\windows\system32\inetcomm.dll

2010-09-08 18:14 . 2010-06-20 02:21        214016        ----a-w-        c:\users\Marit\AppData\Roaming\Thunderbird\Profiles\kr2fu9cv.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-30 18:29 . 2008-07-09 20:09        --------        d-----w-        c:\users\Marit\AppData\Roaming\OpenOffice.org2

2010-09-30 13:34 . 2007-07-05 06:11        --------        d-----w-        c:\program files\Google

2010-09-30 12:28 . 2006-11-02 10:25        51200        ----a-w-        c:\windows\Inf\infpub.dat

2010-09-30 12:28 . 2006-11-02 10:25        143360        ----a-w-        c:\windows\Inf\infstrng.dat

2010-09-27 11:33 . 2006-11-02 15:38        663300        ----a-w-        c:\windows\system32\perfh007.dat

2010-09-27 11:33 . 2006-11-02 15:38        135254        ----a-w-        c:\windows\system32\perfc007.dat

2010-09-26 07:48 . 2008-05-18 17:45        --------        d-----w-        c:\program files\LyX15

2010-09-26 07:46 . 2007-07-05 04:58        --------        d--h--w-        c:\program files\InstallShield Installation Information

2010-09-26 07:46 . 2008-11-27 13:25        --------        d-----w-        c:\program files\Xpress2008A

2010-09-26 07:43 . 2008-11-15 11:14        --------        d-----w-        c:\programdata\Lavasoft

2010-09-25 09:00 . 2008-05-18 17:49        --------        d-----w-        c:\users\Marit\AppData\Roaming\lyx15

2010-09-16 20:00 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail

2010-09-08 18:09 . 2008-12-23 15:17        --------        d-----w-        c:\users\Marit\AppData\Roaming\Thunderbird

2010-09-08 18:09 . 2008-12-23 15:15        --------        d-----w-        c:\program files\Mozilla Thunderbird

2010-09-06 11:28 . 2008-04-15 08:15        --------        d-----w-        c:\program files\Microsoft Silverlight

2010-09-05 21:49 . 2008-01-16 10:12        --------        d-----w-        c:\users\Marit\AppData\Roaming\ICQ

2010-09-05 21:49 . 2010-01-18 08:57        --------        d-----w-        c:\users\Marit\AppData\Roaming\Skype

2010-09-05 20:27 . 2008-01-04 19:58        --------        d-----w-        c:\users\Marit\AppData\Roaming\ChessBase

2010-09-05 14:50 . 2010-01-18 09:11        --------        d-----w-        c:\users\Marit\AppData\Roaming\skypePM

2010-08-30 13:02 . 2010-08-10 15:18        --------        d-----w-        c:\users\Administrator_1\AppData\Roaming\Skype

2010-08-10 15:14 . 2010-03-09 11:11        --------        d-----w-        c:\programdata\NOS

2007-10-27 19:35 . 2007-10-27 19:35        22        --sha-w-        c:\windows\SMINST\HPCD.sys

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-05 149280]

"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-12-04 366592]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"UCam_Menu"="c:\program files\\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
 

c:\users\Marit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2008-12-15 6144]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1623168461-2455287914-1741078707-1000]

"EnableNotifications"=dword:00000001

"EnableNotificationsRef"=dword:00000001
 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 135664]

R3 HRService;Haufe iDesk-Service in c:\program files\Haufe\iDesk\iDeskService\Zope;c:\program files\Haufe\iDesk\iDeskService\iDeskService.exe [2007-09-07 71208]

R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-03-17 30560]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
 
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork        REG_MULTI_SZ           PLA DPS BFE mpssvc

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12
 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 20:23        452136        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners
 

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 09:12]
 

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 09:12]
 

2010-09-30 c:\windows\Tasks\User_Feed_Synchronization-{31F8CAE6-055C-43D5-B8F6-50CBD77521FE}.job

- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = www.web.de

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop

uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s

FF - ProfilePath - c:\users\Administrator_1\AppData\Roaming\Mozilla\Firefox\Profiles\papmkgx9.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - www.web.de

FF - prefs.js: keyword.URL - hxxp://go.web.de/suchbox/webdesuche?su=

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("general.useragent.extra.cck", "(WEB.DE)");

.
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-09-30 21:15

Windows 6.0.6001 Service Pack 1 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 
 

c:\users\ADMINI~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 1
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2010-09-30  21:24:13

ComboFix-quarantined-files.txt  2010-09-30 19:24
 

Vor Suchlauf: 17 Verzeichnis(se), 36.995.567.616 Bytes frei

Nach Suchlauf: 23 Verzeichnis(se), 37.208.956.928 Bytes frei
 

- - End Of File - - 39CBD109B88182CA0DA899A0DC35F584

--- --- ---

Viele Grüße
Martin

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Hallo Arne,

GMER ist abgestürzt.

Hier sind die logs von OSAM als html

HTML-Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <title>Report of OSAM: Autorun Manager v5.0.11926.0</title>
 <style type="text/css">

body

{

    margin                    : 10px 10px 10px 20px;

    color                     : #000000;

    background-color          : #fffbf0;

    font                      : 10pt Tahoma, Verdana, Arial, Helvetica, sans-serif;

    scrollbar-3dlight-color   : #fffbf0;

    scrollbar-arrow-color     : #000000;

    scrollbar-darkshadow-color: #000000;

    scrollbar-face-color      : #fffbf0;

    scrollbar-highlight-color : #000000;

    scrollbar-shadow-color    : #fffbf0;

    scrollbar-track-color     : #fffbf0;

}

a:link

{

    color: #e15616;

}

a:visited 

{

    color: #e15616;

}

a:hover

{

    color: #e4743f;

}

a:active

{

    color: #e4743f;

}

.header1

{

    font-size  : 115%;

    font-weight: bold;

    margin-left: 0px;

}

table

{

    border-collapse: collapse;

    border         : 1px solid #000000;

    cellpadding    : 0;

    cellspacing    : 0;

    width          : 90%;

}

td,th

{

    font-size     : 12px;

    color         : #000000;

    background    : #fffbf0;

    border        : 1px solid #000000;

    text-align    : left;

    vertical-align: top;

    padding       : 2px 4px 2px 4px;

}

.cap

{

    font-weight: bold;

    font-size  : 10pt;

    padding    : 2px 4px 2px 4px;

    border     : 1px solid #000000;

}

.group

{

    font-weight: bold;

    font-size  : 10pt;

    padding    : 2px 4px 2px 4px;

    text-align : center;

}

.reg

{

    font-weight: bold;

    font-size  : 10pt;

    border     : 0px none;

    padding    : 2px 4px 2px 4px;

}

.notfound

{

    background-color: #B3DDFF;

}

.blocked

{

    background-color: #FF96EB;

}

.nodetails

{

    background-color: #FFFF75;

}

.trusted

{

    background-color: #C8FFC8;

}

.rootkit

{

    background-color: #FF8696;

}

td.rs { text-align: center; vertical-align: center; font-family: courier; }

td.rs.rm { background: #F90424; title: "Malware"; }

td.rs.ri { background: #F90424; title: "Infected"; color: #21F411; }

td.rs.rw { background: #F90424; title: "Unwanted"; }

td.rs.rs { background: #F90424; title: "Suspicious"; }

td.rs.rt { background: #21F411; title: "Trusted"; }

td.rs.rc { background: #21F411; title: "Checked"; }

td.rs.ry { background: #21F411; title: "Up-to-You"; }

td.rs.rr { background: #F6EB13; title: "Riskware"; }

td.rs.ru { background: #D4D0C8; title: "Unknown"; }

td.rs.rn { background: #FFFFFF; title: "Not checked"; }
 </style>
 </head>
 <body>
 <p><span class="header1">Report of OSAM: Autorun Manager v5.0.11926.0</span><br>
 <a href="hxxp://www.online-solutions.ru/en/" target="_blank">hxxp://www.online-solutions.ru/en/</a><br>

Saved at 20:48:27 on 01.10.2010</p>
 <b>OS</b>: Windows Vista Home Basic Edition Service Pack 1 (Build 6001), 32-bit<br>
 
 <b>Default Browser</b>: Mozilla Corporation Firefox 3.5.7<br>
 <br><b>Scanner Settings</b><br>
 <input type="checkbox" disabled checked>Rootkits detection (hidden registry)<br>
 <input type="checkbox" disabled checked>Rootkits detection (hidden files)<br>
 <input type="checkbox" disabled checked>Retrieve files information<br>
 <input type="checkbox" disabled checked>Check Microsoft signatures<br>
 <br><b>Filters</b><br>
 <input type="checkbox" disabled>Trusted entries<br>
 
 <input type="checkbox" disabled>Empty entries<br>
 <input type="checkbox" disabled checked>Hidden registry entries (rootkit activity)<br>
 <input type="checkbox" disabled checked>Exclusively opened files<br>
 <input type="checkbox" disabled checked>Not found files<br>
 <input type="checkbox" disabled checked>Files without detailed information<br>
 <input type="checkbox" disabled checked>Existing files<br>
 <input type="checkbox" disabled>Non-startable services<br>
 <input type="checkbox" disabled>Non-startable drivers<br>
 <input type="checkbox" disabled checked>Active entries<br>
 
 <input type="checkbox" disabled checked>Disabled entries<br>
 <br>
 <table border="1" cellpadding="0" cellspacing="0">
 <tr>
 <th class="cap" width="20">&nbsp;</th>
 <th class="cap">Risk</th>
 <th class="cap">Name</th>
 <th class="cap">Publisher</th>
 <th class="cap">Full Path</th>
 <th class="cap">Status</th>
 </tr>
 
 <tr>
 <td class="group" colspan="6">Common</td>
 </tr>
 <tr>
 <td class="reg" colspan="6">%SystemRoot%\Tasks</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>"GoogleUpdateTaskMachineCore.job"</td>
 <td>"Google Inc."</td>
 <td>C:\Program Files\Google\Update\GoogleUpdate.exe</td>
 
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>"GoogleUpdateTaskMachineUA.job"</td>
 <td>"Google Inc."</td>
 <td>C:\Program Files\Google\Update\GoogleUpdate.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 
 <td class="group" colspan="6">Drivers</td>
 </tr>
 <tr>
 <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">"catchme" (catchme)</td>
 <td class="notfound"></td>
 <td class="notfound">C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys</td>
 <td class="notfound">File not found</td>
 
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"Cisco Systems Inc. IPSec Driver" (CVPNDRVA)</td>
 <td>"Cisco Systems, Inc."</td>
 <td>C:\Windows\system32\Drivers\CVPNDRVA.sys</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 
 <td>"FssFltr" (fssfltr)</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Windows\System32\DRIVERS\fssfltr.sys</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">"IP in IP Tunnel Driver" (IpInIp)</td>
 <td class="notfound"></td>
 <td class="notfound">C:\Windows\System32\DRIVERS\ipinip.sys</td>
 
 <td class="notfound">File not found</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">"IPX Traffic Filter Driver" (NwlnkFlt)</td>
 <td class="notfound"></td>
 <td class="notfound">C:\Windows\System32\DRIVERS\nwlnkflt.sys</td>
 <td class="notfound">File not found</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 
 <td class="notfound">"IPX Traffic Forwarder Driver" (NwlnkFwd)</td>
 <td class="notfound"></td>
 <td class="notfound">C:\Windows\System32\DRIVERS\nwlnkfwd.sys</td>
 <td class="notfound">File not found</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"PxHelp20" (PxHelp20)</td>
 <td>"Sonic Solutions"</td>
 <td>C:\Windows\System32\Drivers\PxHelp20.sys</td>
 
 <td>File exists</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">"USB PC Camera (SNPSTD3)" (SNPSTD3)</td>
 <td class="notfound"></td>
 <td class="notfound">C:\Windows\System32\DRIVERS\snpstd3.sys</td>
 <td class="notfound">File not found</td>
 </tr>
 <tr>
 <td class="group" colspan="6">Explorer</td>
 
 </tr>
 <tr>
 <td class="reg" colspan="6">HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Carpetas Web"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL</td>
 <td>File exists</td>
 
 </tr>
 <tr>
 <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel"</td>
 <td>"Hewlett-Packard Company"</td>
 <td>"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"</td>
 <td>File exists</td>
 
 </tr>
 <tr>
 <td class="reg" colspan="6">HKLM\Software\Classes\Folder\shellex\ColumnHandlers</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension"</td>
 <td>"Adobe Systems, Inc."</td>
 <td>C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll</td>
 <td>File exists</td>
 
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class"</td>
 <td>"Tracker Software Products Ltd."</td>
 <td>C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 
 <td>{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"</td>
 <td></td>
 <td>C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td class="reg" colspan="6">HKLM\Software\Classes\Protocols\Handler</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class"</td>
 
 <td>"Skype Technologies"</td>
 <td>C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>{828030A1-22C1-4009-854F-8E305202313F} "livecall"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL</td>
 
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>{828030A1-22C1-4009-854F-8E305202313F} "msnim"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler"</td>
 
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Windows Live\Mail\mailcomm.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"</td>
 <td class="notfound"></td>
 
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 </tr>
 <tr>
 <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files"</td>
 <td class="notfound"></td>
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension"</td>
 <td>"Igor Pavlov"</td>
 <td>C:\Program Files\7-Zip\7-zip.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 
 <td class="notfound">{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder"</td>
 <td class="notfound"></td>
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder"</td>
 <td class="notfound"></td>
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 </tr>
 
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Windows Live\Mail\mailcomm.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder"</td>
 
 <td class="notfound"></td>
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band"</td>
 <td class="notfound"></td>
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 
 <td class="rs rt">||||||</td>
 <td>{0006F045-0000-0000-C000-000000000046} "Extensión de iconos de archivo de Outlook"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist"</td>
 <td class="notfound"></td>
 
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll</td>
 <td>File exists</td>
 </tr>
 
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 
 <td>{00020d75-0000-0000-c000-000000000046} "Microsoft Outlook"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\PROGRA~1\MICROS~3\Office\MLSHEXT.DLL</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler"</td>
 <td></td>
 <td>C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll</td>
 
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler"</td>
 <td></td>
 <td>C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 
 <td class="rs rt">||||||</td>
 <td>{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler"</td>
 <td></td>
 <td>C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer"</td>
 <td></td>
 
 <td>C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider"</td>
 <td>"Tracker Software Products Ltd."</td>
 <td>C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll</td>
 <td>File exists</td>
 
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler"</td>
 <td>"Tracker Software Products Ltd."</td>
 <td>C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 
 <td>{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider"</td>
 <td>"Tracker Software Products Ltd."</td>
 <td>C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder"</td>
 <td class="notfound"></td>
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder"</td>
 <td class="notfound"></td>
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning"</td>
 <td class="notfound"></td>
 
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF"</td>
 <td>"XSS"</td>
 <td>C:\Windows\System32\ShellvRTF.dll</td>
 <td>File exists</td>
 </tr>
 
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 
 <td>{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim"</td>
 <td>"Microsoft Corporation"</td>
 
 <td>C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll</td>
 <td>File exists</td>
 
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 
 <td>{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim"</td>
 <td>"Microsoft Corporation"</td>
 
 <td>C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service"</td>
 <td class="notfound"></td>
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 
 <td class="rs rt">||||||</td>
 <td>{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}"</td>
 <td class="notfound"></td>
 
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 </tr>
 <tr>
 <td class="group" colspan="6">Internet Explorer</td>
 </tr>
 <tr>
 <td class="reg" colspan="6">HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td><binary data> "&Windows Live Toolbar"</td>
 
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Windows Live\Toolbar\wltcore.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound"><binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}"</td>
 <td class="notfound"></td>
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 
 </tr>
 <tr>
 <td class="reg" colspan="6">HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">"{855F3B16-6D32-4fe6-8A56-BBB695989046}"</td>
 <td class="notfound"></td>
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">{855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}"</td>
 <td class="notfound"></td>
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 </tr>
 <tr>
 <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>{0CCA191D-13A6-4E29-B746-314DEE697D83} "Facebook Photo Uploader 5 Control"<br>hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab</td>
 
 <td>"The Facebook"</td>
 <td>C:\Windows\Downloaded Program Files\PhotoUploader5.ocx</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>{8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control"<br>hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab</td>
 <td>"The Facebook"</td>
 <td>C:\Windows\Downloaded Program Files\PhotoUploader55.ocx</td>
 
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab</td>
 <td>"Sun Microsystems, Inc."</td>
 <td>C:\Program Files\Java\jre6\bin\jp2iexp.dll</td>
 <td>File exists</td>
 </tr>
 
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab</td>
 <td>"Sun Microsystems, Inc."</td>
 <td>C:\Program Files\Java\jre6\bin\jp2iexp.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 
 <td>{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab</td>
 <td>"Sun Microsystems, Inc."</td>
 <td>C:\Program Files\Java\jre6\bin\jp2iexp.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab</td>
 
 <td>"Sun Microsystems, Inc."</td>
 <td>C:\Program Files\Java\jre6\bin\jp2iexp.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab</td>
 <td>"Sun Microsystems, Inc."</td>
 <td>C:\Program Files\Java\jre6\bin\npjpi160_17.dll</td>
 
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class"<br>hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll</td>
 <td>File exists</td>
 </tr>
 
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>{4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool"<br>hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldes-es.cab</td>
 <td>"Microsoft® Corporation"</td>
 <td>C:\Windows\Downloaded Program Files\MsnPUpld.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 
 <td>{E77F23EB-E7AB-4502-8F37-247DBAF1A147} "Windows Live Hotmail Photo Upload Tool"<br>hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldes-es.cab</td>
 <td>"Microsoft® Corporation"</td>
 <td>C:\Windows\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}"<br>hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab</td>
 <td class="notfound"></td>
 
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 </tr>
 <tr>
 <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "Agregar entrada"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll</td>
 
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"PDFill PDF Editor"</td>
 <td>"PlotSoft LLC"</td>
 <td>C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 
 <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td><binary data> "&Windows Live Toolbar"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Windows Live\Toolbar\wltcore.dll</td>
 <td>File exists</td>
 
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar"</td>
 <td class="notfound"></td>
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 </tr>
 <tr>
 <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 
 <td class="rs rt">||||||</td>
 <td>{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader"</td>
 <td>"Adobe Systems Incorporated"</td>
 <td>C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper"</td>
 
 <td>"Sun Microsystems, Inc."</td>
 <td>C:\Program Files\Java\jre6\bin\jp2ssv.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rc">||&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td>{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll</td>
 
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} "Windows Live Family Safety Browser Helper Class"</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Windows Live\Family Safety\fssbho.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper"</td>
 
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Windows Live\Toolbar\wltcore.dll</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">{055FD26D-3A88-4e15-963D-DC8493744B1D} "{055FD26D-3A88-4e15-963D-DC8493744B1D}"</td>
 <td class="notfound"></td>
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 </tr>
 
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}"</td>
 <td class="notfound"></td>
 <td class="notfound"></td>
 <td class="notfound">File not found | COM-object registry key not found</td>
 </tr>
 <tr>
 <td class="group" colspan="6">Logon</td>
 </tr>
 <tr>
 <td class="reg" colspan="6">%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup</td>
 
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"desktop.ini"</td>
 <td></td>
 <td>C:\Users\Administrator_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td class="reg" colspan="6">%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup</td>
 </tr>
 
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"desktop.ini"</td>
 <td></td>
 <td>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>"Microsoft Office.lnk"</td>
 
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Microsoft Office\Office\OSA9.EXE</td>
 <td>Shortcut exists | File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"VPN Client.lnk"</td>
 <td>"Cisco Systems, Inc."</td>
 <td>C:\Program Files\Cisco Systems\VPN Client\vpngui.exe</td>
 
 <td>Shortcut exists | File exists</td>
 </tr>
 <tr>
 <td class="reg" colspan="6">HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>"LightScribe Control Panel"</td>
 <td>"Hewlett-Packard Company"</td>
 <td>C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden</td>
 
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>"Skype"</td>
 <td>"Skype Technologies S.A."</td>
 <td>"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized</td>
 <td>File exists</td>
 </tr>
 <tr>
 
 <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">"StartupPrograms"</td>
 <td class="notfound"></td>
 <td class="notfound">rdpclip</td>
 <td class="notfound">File not found</td>
 </tr>
 <tr>
 <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Run</td>
 
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>"Adobe Reader Speed Launcher"</td>
 <td>"Adobe Systems Incorporated"</td>
 <td>"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 
 <td>"FreePDF Assistant"</td>
 <td>"shbox.de"</td>
 <td>C:\Program Files\FreePDF_XP\fpassist.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"fssui"</td>
 <td>"Microsoft Corporation"</td>
 
 <td>"C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>"HP Health Check Scheduler"</td>
 <td>"Hewlett-Packard"</td>
 <td>C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe</td>
 <td>File exists</td>
 
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>"HP Software Update"</td>
 <td>"Hewlett-Packard Co."</td>
 <td>C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 
 <td>"hpWirelessAssistant"</td>
 <td>"Hewlett-Packard Development Company, L.P."</td>
 <td>%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>"LifeCam"</td>
 <td>"Microsoft Corporation"</td>
 
 <td>"C:\Program Files\Microsoft LifeCam\LifeExp.exe"</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>"QPService"</td>
 <td>"CyberLink Corp."</td>
 <td>"C:\Program Files\HP\QuickPlay\QPService.exe"</td>
 <td>File exists</td>
 
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>"SunJavaUpdateSched"</td>
 <td>"Sun Microsystems, Inc."</td>
 <td>"C:\Program Files\Java\jre6\bin\jusched.exe"</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 
 <td>"UCam_Menu"</td>
 <td>"CyberLink Corp."</td>
 <td>"C:\Program Files\\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"WAWifiMessage"</td>
 <td>"Hewlett-Packard Development Company, L.P."</td>
 
 <td>%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rc">||&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td>"Launcher"</td>
 <td>"soft thinks"</td>
 
 <td>%WINDIR%\SMINST\launcher.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td class="group" colspan="6">Print Monitors</td>
 </tr>
 <tr>
 <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 
 <td>"KM Language Monitor"</td>
 <td>"KYOCERA MITA Corporation"</td>
 <td>C:\Windows\system32\KMPJLMN.DLL</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"KM USB Port"</td>
 <td>"KYOCERA MITA"</td>
 
 <td>C:\Windows\system32\KM-PMKN.DLL</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"PDFill Writer Monitor"</td>
 <td>"Windows (R) Codename Longhorn DDK provider"</td>
 <td>C:\Program Files\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll</td>
 <td>File exists</td>
 
 </tr>
 <tr>
 <td class="nodetails"><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td class="nodetails">"Redirected Port"</td>
 <td class="nodetails"></td>
 <td class="nodetails">C:\Windows\system32\redmonnt.dll</td>
 <td class="nodetails">File found, but it contains no detailed information</td>
 </tr>
 <tr>
 <td class="group" colspan="6">Services</td>
 </tr>
 
 <tr>
 <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400)</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe</td>
 <td>File exists</td>
 </tr>
 
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"Cisco Systems, Inc. VPN Service" (CVPND)</td>
 <td>"Cisco Systems, Inc."</td>
 <td>C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 
 <td>"Com4Qlb" (Com4Qlb)</td>
 <td>"Hewlett-Packard Development Company, L.P."</td>
 <td>C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>"Google Software Updater" (gusvc)</td>
 <td>"Google"</td>
 
 <td>C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>"Google Update Service (gupdate)" (gupdate)</td>
 <td>"Google Inc."</td>
 <td>C:\Program Files\Google\Update\GoogleUpdate.exe</td>
 <td>File exists</td>
 
 </tr>
 <tr>
 <td class="nodetails"><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td class="nodetails">"Haufe iDesk-Service in C:\Program Files\Haufe\iDesk\iDeskService\Zope" (HRService)</td>
 <td class="nodetails"></td>
 <td class="nodetails">C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe</td>
 <td class="nodetails">File found, but it contains no detailed information</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 
 <td>"HP Health Check Service" (HP Health Check Service)</td>
 <td>"Hewlett-Packard"</td>
 <td>C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"hpqwmiex" (hpqwmiex)</td>
 <td>"Hewlett-Packard Development Company, L.P."</td>
 
 <td>C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs ry">||||&nbsp;&nbsp;</td>
 <td>"InstallDriver Table Manager" (IDriverT)</td>
 <td>"Macrovision Corporation"</td>
 <td>C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe</td>
 <td>File exists</td>
 
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"LightScribeService Direct Disc Labeling Service" (LightScribeService)</td>
 <td>"Hewlett-Packard Company"</td>
 <td>C:\Program Files\Common Files\LightScribe\LSSrvc.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 
 <td>"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32)</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"MSCamSvc" (MSCamSvc)</td>
 <td>"Microsoft Corporation"</td>
 
 <td>C:\Program Files\Microsoft LifeCam\MSCamS32.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">"Net Driver HPZ12" (Net Driver HPZ12)</td>
 <td class="notfound"></td>
 <td class="notfound">C:\Windows\system32\HPZinw12.dll</td>
 <td class="notfound">File not found</td>
 </tr>
 <tr>
 
 <td class="notfound"><input type="checkbox" disabled checked></td>
 <td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
 <td class="notfound">"Pml Driver HPZ12" (Pml Driver HPZ12)</td>
 <td class="notfound"></td>
 <td class="notfound">C:\Windows\system32\HPZipm12.dll</td>
 <td class="notfound">File not found</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"RoxMediaDB9" (RoxMediaDB9)</td>
 <td>"Sonic Solutions"</td>
 
 <td>C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"SeaPort" (SeaPort)</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe</td>
 <td>File exists</td>
 
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 <td>"Servicio de Windows Live Protección infantil" (fsssvc)</td>
 <td>"Microsoft Corporation"</td>
 <td>C:\Program Files\Windows Live\Family Safety\fsssvc.exe</td>
 <td>File exists</td>
 </tr>
 <tr>
 <td><input type="checkbox" disabled checked></td>
 <td class="rs rt">||||||</td>
 
 <td>"stllssvr" (stllssvr)</td>
 <td>"MicroVision Development, Inc."</td>
 <td>C:\Program Files\Common Files\SureThing Shared\stllssvr.exe</td>
 <td>File exists</td>
 </tr>
 </table>
 <p>If You have questions or want to get some help, You can visit <a href="hxxp://forum.online-solutions.ru" target="_blank">hxxp://forum.online-solutions.ru</a></p>
 </body></html>

und der Output von bootkit remover (Console)

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 1 (build 600
1), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: df1c10548966c4f16c540ebf80ffd180

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

Viele Grüße
Martin

Zusätzlich noch das Log von bootkit remover als zip.

Zitat:

Hier sind die logs von OSAM als html

Wieso als html? In der Anleitung steht doch, Du sollst es als *.log abspeichern! Ich mein ich kann es so auch lesen, aber wieso befolgst Du nicht die Anleitung?

Wie dem auch sei, das OSAM-Log ist ok.

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Hallo Arne,

die Funktion speichern als *.log habe ich nicht gefunden, darum habe ich den html-code gepostet.

Die MBRCheck_<Datum>_<Uhrzeit>.txt-Datei liegt leider auch nicht auf meinem Desktop, irgendetwas scheine ich falsch zu machen :(

Hier der log-Output von der Console, ich hoffe, der hilft Dir weiter:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G7000 Notebook PC
Logical Drives Mask: 0x0000001c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001a`63d9a800 (NTFS)

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: Y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Danke und Gruß
Martin

Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).
Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.

Hallo Arne,

hab ich gemacht.

Malwarebytes zeigt jetzt noch einen infizierten Key an:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4693

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

10/7/2010 10:27:27 PM
mbam-log-2010-10-07 (22-27-27).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 820001
Time elapsed: 1 hour(s), 55 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL sagt folgendes:OTL Logfile:

Code:

OTL logfile created on: 10/7/2010 10:28:44 PM - Run 2

OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Marit\Downloads

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,013.00 Mb Total Physical Memory | 109.00 Mb Available Physical Memory | 11.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 105.56 Gb Total Space | 49.18 Gb Free Space | 46.59% Space Free | Partition Type: NTFS

Drive D: | 6.23 Gb Total Space | 2.31 Gb Free Space | 37.03% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: MARIT-PC

Current User Name: Administrator_1

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Marit\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)

PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Marit\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.dll File not found

SRV - (Net Driver HPZ12) -- C:\Windows\System32\HPZinw12.dll File not found

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)

SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)

SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)

SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)

SRV - (HRService) -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe ()

SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\DRIVERS\snpstd3.sys File not found

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (catchme) -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys File not found

DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)

DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)

DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)

DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)

DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)

DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )

DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)

DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)

DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

DRV - (QCDonner) Labtec WebCam(PID_0840) -- C:\Windows\System32\drivers\lvcd.sys (Labtec)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.web.de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="

FF - prefs.js..browser.search.order.1: "GMX Suche"

FF - prefs.js..browser.search.order.2: "1und1 Suche"

FF - prefs.js..browser.search.order.3: "amazon.de"

FF - prefs.js..browser.search.order.4: "WEB.DE Suche"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.web.de"

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}:5.0.16

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5

FF - prefs.js..extensions.enabledItems: {a82d0125-000a-4a57-abbc-5d4b0dbaab54}:1.5

FF - prefs.js..keyword.URL: "hxxp://go.web.de/suchbox/webdesuche?su="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/22 23:58:35 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/10 17:14:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/08 20:09:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2009/06/22 08:04:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Extensions

[2010/01/23 00:00:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions

[2009/11/29 12:24:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2008/04/15 10:17:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009/07/26 21:01:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/01/22 23:59:20 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

[2010/01/22 23:59:19 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Firefox\Profiles\papmkgx9.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}

[2010/01/05 21:29:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator_1\AppData\Roaming\mozilla\Sunbird\Profiles\5shfxuur.default\extensions

[2010/01/23 00:00:18 | 000,005,599 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\1und1-suche.xml

[2010/01/23 00:00:17 | 000,001,381 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\amazonde.xml

[2010/01/23 00:00:17 | 000,010,613 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\gmx-suche.xml

[2008/05/28 08:57:47 | 000,000,950 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-1.xml

[2008/04/15 10:16:19 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-2.xml

[2008/04/15 10:19:43 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-3.xml

[2008/05/28 08:47:38 | 000,000,949 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-4.xml

[2009/11/29 12:24:45 | 000,000,950 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin-5.xml

[2008/03/31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.gif

[2008/03/31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.src

[2009/07/13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\icqplugin.xml

[2009/07/26 21:01:08 | 000,001,632 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\live-search.xml

[2010/01/23 00:00:17 | 000,005,596 | ---- | M] () -- C:\Users\Administrator_1\AppData\Roaming\Mozilla\FireFox\Profiles\papmkgx9.default\searchplugins\webde-suche.xml

[2010/09/30 20:47:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2007/10/29 11:12:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009/07/26 21:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010/01/22 23:58:30 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

[2010/01/22 23:58:30 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}

[2009/06/22 08:04:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

[2008/08/30 23:10:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2008/08/30 23:10:16 | 000,002,642 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2008/08/30 23:10:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2008/08/30 23:10:16 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2008/08/30 23:10:16 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010/09/30 21:15:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programme\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldes-es.cab (MSN Photo Upload Tool)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldes-es.cab (Windows Live Hotmail Photo Upload Tool)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010/09/30 21:24:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2010/09/30 21:24:16 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2010/09/30 21:24:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator_1\AppData\Local\temp

[2010/09/30 20:48:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/09/30 20:48:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/09/30 20:48:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/09/30 20:48:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/09/30 20:48:47 | 000,000,000 | ---D | C] -- C:\cofi.exe

[2010/09/30 20:47:28 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/09/30 20:46:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/09/30 20:37:45 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2010/09/30 15:06:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/09/29 20:40:10 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/09/25 21:03:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator_1\AppData\Roaming\Malwarebytes

[2010/09/25 21:01:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/09/25 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/09/25 21:00:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/09/25 20:58:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010/09/25 20:16:19 | 000,000,000 | ---D | C] -- C:\Programme\Trojancheck 6

[2010/09/25 19:59:00 | 000,000,000 | ---D | C] -- C:\Programme\AVG

[2010/09/16 15:08:08 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL

 
 ========== Files - Modified Within 30 Days ==========

 

[2010/10/07 22:30:25 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/10/07 22:30:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{31F8CAE6-055C-43D5-B8F6-50CBD77521FE}.job

[2010/10/07 22:28:47 | 001,572,864 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat

[2010/10/07 22:28:30 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat{afbd2641-863b-11dd-bcdd-ebf3f1ad6977}.TMContainer00000000000000000002.regtrans-ms

[2010/10/07 22:28:30 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator_1\ntuser.dat{afbd2641-863b-11dd-bcdd-ebf3f1ad6977}.TM.blf

[2010/10/07 21:49:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/07 21:49:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/07 19:51:32 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2010/10/07 19:50:21 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/10/07 19:49:50 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2010/10/07 19:49:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/10/07 19:49:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/07 19:49:13 | 1061,216,256 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/01 20:48:05 | 000,044,756 | ---- | M] () -- C:\Users\Administrator_1\Desktop\osam.html

[2010/10/01 20:35:02 | 207,754,849 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/09/30 21:27:06 | 002,271,579 | -H-- | M] () -- C:\Users\Administrator_1\AppData\Local\IconCache.db

[2010/09/30 21:15:52 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

[2010/09/30 21:15:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/09/30 20:46:17 | 000,000,512 | ---- | M] () -- C:\Users\Administrator_1\Documents\cc_20100930_204611.reg

[2010/09/30 20:45:15 | 000,000,804 | ---- | M] () -- C:\Users\Administrator_1\Desktop\CCleaner.lnk

[2010/09/30 20:41:28 | 000,211,702 | ---- | M] () -- C:\Users\Administrator_1\Documents\cc_20100930_204112.reg

[2010/09/30 15:35:48 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2010/09/27 13:33:03 | 001,525,290 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/09/27 13:33:03 | 000,663,300 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010/09/27 13:33:03 | 000,624,056 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/09/27 13:33:03 | 000,135,254 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010/09/27 13:33:03 | 000,111,432 | ---- | M] () -- C:\Windows\System32\perfc009.dat

 
 ========== Files Created - No Company Name ==========

 

[2010/10/01 20:46:57 | 000,044,756 | ---- | C] () -- C:\Users\Administrator_1\Desktop\osam.html

[2010/10/01 20:33:51 | 207,754,849 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/09/30 20:48:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2010/09/30 20:48:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/09/30 20:48:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/09/30 20:48:59 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2010/09/30 20:48:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/09/30 20:46:15 | 000,000,512 | ---- | C] () -- C:\Users\Administrator_1\Documents\cc_20100930_204611.reg

[2010/09/30 20:45:15 | 000,000,804 | ---- | C] () -- C:\Users\Administrator_1\Desktop\CCleaner.lnk

[2010/09/30 20:41:18 | 000,211,702 | ---- | C] () -- C:\Users\Administrator_1\Documents\cc_20100930_204112.reg

[2010/09/30 15:35:47 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2010/04/09 22:57:34 | 000,000,607 | ---- | C] () -- C:\Windows\wiso.ini

[2010/01/18 11:12:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/11/29 11:47:14 | 000,015,872 | ---- | C] () -- C:\Windows\System32\vtssm32.dll

[2008/12/23 21:53:22 | 000,000,600 | ---- | C] () -- C:\Users\Administrator_1\AppData\Roaming\winscp.rnd

[2008/12/06 16:23:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

[2008/11/28 19:30:41 | 000,000,680 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\d3d9caps.dat

[2008/09/16 22:15:54 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll

[2008/09/16 22:15:54 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll

[2008/09/16 22:15:53 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll

[2008/08/29 14:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll

[2007/10/28 19:43:53 | 000,004,608 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/10/13 19:32:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\QSwitch.txt

[2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\DSwitch.txt

[2007/10/13 19:22:03 | 000,000,000 | ---- | C] () -- C:\Users\Administrator_1\AppData\Local\AtStart.txt

[2007/07/05 08:08:18 | 000,004,179 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2007/05/31 13:14:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll

[2007/05/31 12:49:06 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007/02/27 22:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/12/14 08:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/12/14 08:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/12/10 15:52:04 | 000,409,600 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC8.dll

[2006/11/04 03:58:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll

[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/09/29 15:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll

[2006/09/24 21:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll

[2006/09/24 21:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll

[2006/09/21 13:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll

[2006/09/21 13:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll

[2006/09/21 13:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll

[2005/11/09 12:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll

[2005/11/09 12:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll

[2005/11/09 12:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll

[2001/10/10 09:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll

[2001/10/10 09:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll

[2001/03/07 09:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll

[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

< End of report >

--- --- ---

Wie geht's nun weiter?

Danke und Gruß
Martin

Nach dem mbr-fix brauch ich eines neues Log von mbrcheck

Hallo Arne,

hier das log von mbrcheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G7000 Notebook PC
Logical Drives Mask: 0x0000001c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001a`63d9a800 (NTFS)

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!
Press ENTER to exit...

Gruß
Martin

Zitat:

Database version: 4693

Du hast Malwarebytes vorhin nicht aktualisiert!
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hallo Arne,

hier sind die Logs der Vollscans mit Update-Stand letzter Sonntag (10.10). Da die Scans entsprechend lang brauchten, konnte ich sie nicht am gleichen Tag laufen lassen. Ich hoffe, das ist ok so.

Malwarebytes:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4788

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

10.10.2010 18:13:53
mbam-log-2010-10-10 (18-13-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 859677
Laufzeit: 3 Stunde(n), 53 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SUPERAntiSpyware:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 10/12/2010 at 03:14 PM

Application Version : 4.44.1000

Core Rules Database Version : 5662
Trace Rules Database Version: 3474

Scan type : Complete Scan
Total Scan Time : 07:29:47

Memory items scanned : 647
Memory threats detected : 0
Registry items scanned : 8867
Registry threats detected : 0
File items scanned : 694063
File threats detected : 269

Adware.Tracking Cookie
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\marit@atdmt[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\marit@serving-sys[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\marit@atdmt[3].txt
C:\Users\Mami\AppData\Roaming\Microsoft\Windows\Cookies\mami@atdmt[2].txt
C:\Users\Mami\AppData\Roaming\Microsoft\Windows\Cookies\mami@doubleclick[1].txt
Free Porn, Porn Tube, Free Porn Videos, Sex Movie, Porn - FreePorn.com [ C:\Users\Marit\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BTHM8CVN ]
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@1215porn[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@a1.xxx-testen[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@a2.adserver01[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@a3.adserver01[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@a3.adserver01[3].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@a6.adserver01[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@a8.xxx-testen[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ad.71i[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ad.adnet[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ad.adtoma[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ad.gesundheit[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ad.hospitalscout[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ad.salebroker[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ad.salebroker[3].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ad.trackbar[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ad.yieldmanager[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ad.yn-ads[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ad1.emediate[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ad2.doublepimp[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adbrite[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adcentriconline[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adfarm1.adition[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adinterax[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adinterax[3].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@admanager.trackset[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adopt.euroclick[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adopt.euroclick[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adrevolver[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adrevolver[3].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads.adgoto[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads.admediate[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads.beleader[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads.crakmedia[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads.dlx[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads.evendi[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads.familymedia[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads.heias[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads.jfmedia[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads.madisonavenue[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads.monster[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads.pointroll[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads.quartermedia[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads.us.e-planning[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads.widgetbucks[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads.wwe[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads2.weblogssl[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads2.wwe[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ads3.grupolatinoderadio[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adserver.71i[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adserver.easyadult[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adserver.easyad[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adserver.easyad[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adserver.hispavista[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adserver.hobbyschneiderin[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adserver.jugendherberge[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adserver.spctl[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adserver.terra[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adserver.terra[3].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adtech[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adultadworld[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adultcomix[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adulttraffsale[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@adulttubetraffic[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@advertising[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@aimfar.solution.weborama[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@allesklarcomag.112.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@apm.emediate[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@apodiscounter[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@arcor.122.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@atwola[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@audiag.112.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@axelspringer.122.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@babyuniverse.112.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@banner.testberichte[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@bfast[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@bizrate[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@bluestreak[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@bluestreak[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@blume2000.122.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@box1.counter-service[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@cetelem.solution.weborama[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@chokertraffic[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@clickbank[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@clicks.adengage[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@count.xhit[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@counter.spd-hamburg[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@counter11.sextracker[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@counter4.sextracker[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@counter8.sextracker[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@cunda.122.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@data.coremetrics[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@dynamic.media.adrevolver[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@eas.apm.emediate[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@easyadservice[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@economista.solution.weborama[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ehg-petitbateau.hitbox[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@euros4click[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@exoclick[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@fastclick[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@files.streamsex[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@findix[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@free-sexy-clips[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@freefuckvidz[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@freesexdoor[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@galleries.adult-empire[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@galleries1.adult-empire[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@germanwings.112.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@groupmtrack[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@hansenet.122.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@hasenet.122.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@heidenheim.findix[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@hentaicounter[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@hitbox[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@hotelesriu.solution.weborama[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@iberiacom.solution.weborama[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@imrworldwide[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@indextools[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@jp-sex[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@komtrack[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@lasmejoresgaleriasporno[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@likecrack[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@linksynergy[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@loadxl.exelator[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@maxis.112.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@maxporn[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@maxporn[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@media.adrevolver[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@media.intelia[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@media.sensis.com[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@mediaplex[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@msnportal.112.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@msnportal.112.2o7[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@myxxxuniforms[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@opodo.122.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@ottogroup.112.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@overture[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@partners.webmasterplan[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@partypoker[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@porn2[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@pornbase[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@pornhub[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@pornobrutal[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@pornoinside[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@pornomovies[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@pornorama[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@pornstardatabase[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@porntele[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@portalporno[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@qksrv[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@realmedia-la[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@revsci[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@richmedia.yahoo[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@roitracking[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@secretxxxvideo[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@sensismediasmart.com[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@servedby.onlinemediadiva[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@server.cpmstar[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@serving-sys[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@sevenoneintermedia.112.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@sex.magicmovies[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@sexblatt[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@sexlist[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@sexocontumovil[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@sexsearchcom[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@sexthe[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@sextracker[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@sexuria[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@sexxxtoob[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@sexyclips[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@siemenscc.112.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@simyo.solution.weborama[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@sixtgmbh.112.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@snapfish.112.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@socialmedia[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@socialmedia[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@softonic.112.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@specificclick[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@spoxgmbh.112.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@stat.onestat[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@statcounter[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@stats.searchtrack[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@statse.webtrendslive[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@streamsex[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@test.coremetrics[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@thepornboom[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@thomascookag.122.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@toplist[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@track.adform[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@track.webtrekk[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@track.webtrekk[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@track.webtrekk[3].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@track.webtrekk[4].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@tracker.argutus[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@tracking.11880[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@tracking.11880[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@tracking.3gnet[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@trackmatics[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@tracknet.twyn[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@tradedoubler[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@tradedoubler[3].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@traffic.mpnrs[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@trafficroup[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@traffictrack[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@traffictrack[3].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@tto2.traffictrack[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@tuporno[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@video.pornorama[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@videoegg.adbureau[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@videospornosalma[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@vitaldent.solution.weborama[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@webmasterplan[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.3dstats[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.adultfilmdatabase[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.burstnet[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.disney-sex[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.elpornoadicto[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.etracker[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.googleadservices[10].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.googleadservices[11].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.googleadservices[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.googleadservices[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.googleadservices[4].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.hornyteensporn[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.lasmejoresgaleriasporno[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.netdebit-counter[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.pornbase[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.pornhub[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.pornobrutal[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.pornorama[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.pornstardatabase[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.pro-advertise[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.sexocontumovil[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.sexsearchcom[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.sextasya[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.sextasya[3].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.sexualhentai[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.sexuria[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.sexyclips[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.sexyclips[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.streamsex[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.thesextubesite[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.traffictrack[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.xxx-testen[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www.zanox-affiliate[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www7.addfreestats[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@www8.addfreestats[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@x.doctoradventuresexmovies[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@xiti[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@yadro[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@yoigo.solution.weborama[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@zanox-affiliate[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@zanox-affiliate[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\Low\marit@zanox[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\marit@ad.yieldmanager[2].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\marit@advertising[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\marit@atwola[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\marit@bs.serving-sys[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\marit@doubleclick[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\marit@doubleclick[3].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\marit@insightexpressai[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\marit@sevenoneintermedia.112.2o7[1].txt
C:\Users\Marit\AppData\Roaming\Microsoft\Windows\Cookies\marit@weborama[2].txt

Gruß
Martin

Sieht ok aus, da wurden nur Cookies und ein Registryüberrest gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Hi Arne,

cool, heisst das, der Rechner wäre wieder sauber?

Vielen, vielen Dank!!

Ist es möglich, den Registry Überrest zu löschen oder soll ich den bis auf Weiteres ignorieren?

Viele Grüße
Martin

Zitat:

Ist es möglich, den Registry Überrest zu löschen oder soll ich den bis auf Weiteres ignorieren?

Was meinst Du da genau? :confused:

Hallo Arne,

ich meinte diesen Key:

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Gibt es ein Risiko, wenn er im System verbleibt und könnte ich ihn einfach löschen?

Gruß
Martin

Den kannste einfach löschen

Hallo Arne,

super und nochmals herzlichen Dank für Deine Unterstützung!

Gruß
Martin

Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.