Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   habe auch das problem mit TR/Kazy.mekml.1 (https://www.trojaner-board.de/97708-habe-problem-tr-kazy-mekml-1-a.html)

bibamus 19.04.2011 17:19
habe auch das problem mit TR/Kazy.mekml.1
 
Hallo, habe auch das Problem mit dem Trojaner,TR/Kazy.mekml.1
habe leider wenig ahnung von dem ganzen kram hier, und hoffe jemand von euch kann mir schritt für schritt helfen.unhide hat schon ganze arbeit geleistet, aber irgendwie glaube ich der rechner ist noch nicht ganz sauber.
Im Voraus bereits vielen dank.

markusg 19.04.2011 17:23
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

bibamus 19.04.2011 17:41
so der scan läuft, melde mich gleich wieder...danke dass du mir hilfst.

bibamus 19.04.2011 17:49
habe auch noch ein weiters problem, meine benutzeroberflächer der START funktion von vista ist völlig verändert und sieht veraltet aus, liegt das am trojaner oder hab ich da was verstellt??

markusg 19.04.2011 18:09
es liegt am trojaner.
bitte unterlasse solche posts wie "ich bin gleich fertig" poste einfach wenn du so weit bist, dann muss ich nicht dein thema öffnen und damit zeit verschwenden solche posts zu lesen die uns nicht weiter bringen :-)

bibamus 19.04.2011 18:12
so, hier erst mal der otl editorOTL Logfile:
Code:
OTL logfile created on: 19.04.2011 18:40:55 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Mario Kronz\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,30 Gb Total Space | 99,71 Gb Free Space | 45,05% Space Free | Partition Type: NTFS
Drive D: | 11,58 Gb Total Space | 2,18 Gb Free Space | 18,86% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT | User Name: Mario Kronz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Mario Kronz\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\CheckPoint\SSL Network Extender\slimsvc.exe (Check Point Software Technologies)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Mario Kronz\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (cpextender) -- C:\Programme\CheckPoint\SSL Network Extender\slimsvc.exe (Check Point Software Technologies)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (acedrv06) -- C:\Windows\System32\drivers\acedrv06.sys (Protect Software GmbH)
DRV - (acedrv05) -- C:\Windows\System32\drivers\acedrv05.sys (Protect Software GmbH)
DRV - (acedrv04) -- C:\Windows\System32\drivers\acedrv04.sys (Protect Software GmbH)
DRV - (acedrv03) -- C:\Windows\System32\drivers\acedrv03.sys (ACE GmbH)
DRV - (acedrv02) -- C:\Windows\System32\drivers\acedrv02.sys (ACE GmbH)
DRV - (acedrv01) -- C:\Windows\System32\drivers\acedrv01.sys (ACE GmbH)
DRV - (ACEDRV08) -- C:\Windows\System32\drivers\ACEDRV08.sys (Protect Software GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (acedrv09) -- C:\Windows\System32\drivers\acedrv09.sys (Protect Software GmbH)
DRV - (VNA) -- C:\Windows\System32\drivers\vna.sys (Check Point Software Technologies)
DRV - (acehlp09) -- C:\Windows\System32\drivers\acehlp09.sys (Protect Software GmbH)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3518476700-3390028175-3913548786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-3518476700-3390028175-3913548786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3518476700-3390028175-3913548786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 53 CC E1 B8 79 FA CB 01  [binary data]
IE - HKU\S-1-5-21-3518476700-3390028175-3913548786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3518476700-3390028175-3913548786-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3518476700-3390028175-3913548786-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3518476700-3390028175-3913548786-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.04.11 19:40:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.04.19 17:46:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.27 20:39:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.19 18:08:22 | 000,000,000 | ---D | M]
 
[2009.05.17 17:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario Kronz\AppData\Roaming\mozilla\Extensions
[2011.03.17 23:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario Kronz\AppData\Roaming\mozilla\Firefox\Profiles\zwysk8tw.default\extensions
[2010.07.13 20:53:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mario Kronz\AppData\Roaming\mozilla\Firefox\Profiles\zwysk8tw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.20 18:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.28 21:33:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.12.04 22:00:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.20 18:06:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.04.28 21:33:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.12.04 22:00:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.20 18:06:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.04.11 19:40:05 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2010.10.12 17:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\CCMSDK.dll
[2010.10.12 17:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\CgpCore.dll
[2010.10.12 17:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\confmgr.dll
[2010.10.12 17:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\ctxlogging.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.12 19:16:54 | 000,484,768 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npicaN.dll
[2010.10.12 17:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\TcpPServ.dll
[2010.07.14 02:05:12 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.14 02:05:12 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.14 02:05:12 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.14 02:05:13 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.14 02:05:13 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1            localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3518476700-3390028175-3913548786-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched]  File not found
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync]  File not found
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync]  File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3518476700-3390028175-3913548786-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O4 - HKU\S-1-5-21-3518476700-3390028175-3913548786-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: &Wikipedia - C:\Programme\QPedia\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3518476700-3390028175-3913548786-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.97 83.169.184.97
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\System32\Adobe
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\Programme\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp -  File not found
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - serwvdrv.dll (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.19 18:05:59 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2011.04.19 18:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011.04.19 18:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011.04.19 18:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011.04.19 18:01:13 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan
[2011.04.19 18:00:42 | 000,000,000 | ---D | C] -- C:\Programme\NOS
[2011.04.19 18:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2011.04.18 00:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.04.17 23:49:26 | 000,000,000 | ---D | C] -- C:\Users\Mario Kronz\Documents\Simply Super Software
[2011.04.17 23:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011.04.17 23:49:14 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2011.04.17 23:48:59 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2011.04.17 23:48:59 | 000,000,000 | ---D | C] -- C:\Users\Mario Kronz\AppData\Roaming\Simply Super Software
[2011.04.17 23:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011.04.17 22:09:10 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.17 22:09:09 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.17 22:09:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.17 22:09:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.17 22:09:08 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.17 22:09:08 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.17 22:09:08 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.17 22:09:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.17 22:09:07 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.17 22:09:07 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.17 22:09:07 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.17 22:09:07 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.17 22:09:07 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.17 22:09:06 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.17 22:09:06 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.17 22:09:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.17 22:09:06 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.17 22:09:06 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.17 22:09:06 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.17 22:09:05 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.17 22:09:05 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.17 22:09:05 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.17 22:09:05 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.17 22:09:05 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.17 22:09:05 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.17 22:09:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.17 22:09:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.17 22:09:03 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.17 22:09:03 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.17 22:09:03 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.17 22:09:03 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.17 22:09:02 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.17 22:09:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.17 22:09:02 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.17 22:09:02 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.17 22:09:01 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.04.17 22:09:01 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.17 22:09:01 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.17 22:09:01 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.17 21:37:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.17 20:22:05 | 000,000,000 | ---D | C] -- C:\Users\Mario Kronz\AppData\Roaming\Malwarebytes
[2011.04.17 20:21:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.17 20:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.17 20:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.17 20:21:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.17 20:21:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.17 17:05:51 | 000,000,000 | ---D | C] -- C:\Users\Mario Kronz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.13 17:54:27 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.13 17:54:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.13 17:54:08 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.13 17:54:07 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.13 17:54:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.13 17:54:00 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.03 20:27:18 | 000,000,000 | ---D | C] -- C:\292169e594b55255652a
[2011.03.25 04:03:52 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011.03.23 09:28:42 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.23 09:28:39 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.03.21 19:00:41 | 000,000,000 | ---D | C] -- C:\Users\Mario Kronz\Desktop\Bewerbung Sebastian
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.19 18:37:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.19 18:23:48 | 000,006,148 | ---- | M] () -- C:\Users\Mario Kronz\Documents\Favorisiertes Design.theme
[2011.04.19 18:08:23 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.04.19 18:01:16 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.04.19 18:01:15 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011.04.19 17:34:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.19 17:34:40 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.19 17:34:40 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.19 10:24:14 | 000,000,486 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Mario Kronz.job
[2011.04.19 06:47:57 | 000,001,764 | ---- | M] () -- C:\Users\Mario Kronz\Documents\Default.rdp
[2011.04.19 06:37:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.18 00:19:48 | 000,061,349 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.04.18 00:17:58 | 2143,789,056 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.17 23:49:21 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.04.17 22:33:11 | 000,000,680 | ---- | M] () -- C:\Users\Mario Kronz\AppData\Local\d3d9caps.dat
[2011.04.17 22:09:41 | 000,504,657 | ---- | M] () -- C:\Users\Mario Kronz\Desktop\unhide.exe
[2011.04.17 22:09:35 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.04.17 22:09:35 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.04.17 22:09:10 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.17 22:09:09 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.17 22:09:09 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.17 22:09:08 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.17 22:09:08 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.17 22:09:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.17 22:09:08 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.17 22:09:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.17 22:09:07 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.17 22:09:07 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.17 22:09:07 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.17 22:09:07 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.17 22:09:07 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.17 22:09:06 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.17 22:09:06 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.17 22:09:06 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.17 22:09:06 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.17 22:09:06 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.17 22:09:06 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.04.17 22:09:06 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.17 22:09:05 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.17 22:09:05 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.17 22:09:05 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.17 22:09:05 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.17 22:09:05 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.17 22:09:05 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.17 22:09:04 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.17 22:09:04 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.17 22:09:03 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.17 22:09:03 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.17 22:09:03 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.17 22:09:03 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.17 22:09:02 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.17 22:09:02 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.17 22:09:02 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.17 22:09:02 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.17 22:09:01 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.04.17 22:09:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.17 22:09:01 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.17 22:09:01 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.17 21:50:03 | 000,326,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.17 20:21:50 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.17 17:42:46 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.17 17:42:46 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.17 17:42:46 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.17 17:42:46 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.17 17:35:03 | 000,061,349 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.17 17:11:24 | 000,000,384 | ---- | M] () -- C:\ProgramData\40886024
[2011.04.17 17:05:54 | 000,000,160 | ---- | M] () -- C:\ProgramData\~40886024r
[2011.04.17 17:05:54 | 000,000,120 | ---- | M] () -- C:\ProgramData\~40886024
[2011.04.15 17:24:03 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.04.13 18:37:46 | 000,001,683 | ---- | M] () -- C:\Users\Mario Kronz\Desktop\ALNO AG  Küchenplaner.lnk
[2011.03.24 22:38:32 | 000,016,906 | ---- | M] () -- C:\Users\Mario Kronz\Desktop\bescheindgc.pdf
 
========== Files Created - No Company Name ==========
 
[2011.04.19 18:08:23 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.04.19 18:08:22 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.04.19 18:01:16 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.04.19 18:01:15 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011.04.17 23:49:21 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.04.17 23:49:14 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011.04.17 23:49:14 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011.04.17 23:49:14 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2011.04.17 23:49:13 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2011.04.17 23:39:56 | 000,006,148 | ---- | C] () -- C:\Users\Mario Kronz\Documents\Favorisiertes Design.theme
[2011.04.17 22:09:06 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.04.17 22:07:39 | 000,504,657 | ---- | C] () -- C:\Users\Mario Kronz\Desktop\unhide.exe
[2011.04.17 20:21:50 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.17 17:31:10 | 2143,789,056 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.17 17:05:54 | 000,000,160 | ---- | C] () -- C:\ProgramData\~40886024r
[2011.04.17 17:05:53 | 000,000,120 | ---- | C] () -- C:\ProgramData\~40886024
[2011.04.17 17:05:30 | 000,000,384 | ---- | C] () -- C:\ProgramData\40886024
[2011.03.24 22:38:32 | 000,016,906 | ---- | C] () -- C:\Users\Mario Kronz\Desktop\bescheindgc.pdf
[2010.04.18 22:34:35 | 000,000,012 | ---- | C] () -- C:\Users\Mario Kronz\AppData\Roaming\kcmdte.dat
[2009.08.11 20:45:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.11 20:45:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.10 00:17:25 | 000,000,760 | ---- | C] () -- C:\Users\Mario Kronz\AppData\Roaming\setup_ldm.iss
[2009.05.06 00:31:07 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.10.14 21:15:22 | 000,061,349 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.10.14 21:15:22 | 000,061,349 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.07.28 06:21:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.03.23 17:06:53 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.04 14:50:06 | 000,962,560 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2008.02.06 18:41:18 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2008.02.05 16:05:44 | 000,000,680 | ---- | C] () -- C:\Users\Mario Kronz\AppData\Local\d3d9caps.dat
[2008.01.24 04:00:47 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.24 03:33:49 | 000,027,905 | ---- | C] () -- C:\Users\Mario Kronz\AppData\Roaming\nvModes.001
[2008.01.24 03:20:50 | 000,027,905 | ---- | C] () -- C:\Users\Mario Kronz\AppData\Roaming\nvModes.dat
[2008.01.23 21:26:20 | 000,000,000 | ---- | C] () -- C:\Users\Mario Kronz\AppData\Roaming\wklnhst.dat
[2008.01.23 21:23:14 | 000,025,600 | ---- | C] () -- C:\Users\Mario Kronz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.04 16:42:11 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008.01.04 16:42:11 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008.01.04 16:41:36 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.11.27 08:06:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.11.27 08:06:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.11.27 08:06:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.11.27 08:06:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,326,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.10 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2010.05.01 16:46:22 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\AquaCalculator
[2008.01.24 01:52:39 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\DataLayer
[2009.01.22 22:47:31 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Glory of the Roman Empire
[2011.03.23 09:13:04 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\ICAClient
[2010.04.22 21:30:57 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\ICQ
[2008.01.24 12:34:20 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\ICQ Toolbar
[2009.12.28 23:04:43 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Marine Aquarium 3
[2008.10.03 04:02:54 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Nokia
[2008.10.12 11:38:00 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\PC Suite
[2008.03.19 17:14:40 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\PlayFirst
[2011.04.17 23:48:59 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Simply Super Software
[2010.03.22 17:50:29 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\TeamViewer
[2008.01.23 21:26:22 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Template
[2008.03.23 16:56:31 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\TuneUp Software
[2008.02.06 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Ulead Systems
[2008.03.19 17:13:55 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\WildTangent
[2011.04.15 17:24:03 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.04.18 00:05:17 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.15 19:50:00 | 000,000,430 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7A39246F-50F8-4164-AE91-05374F3DC096}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.06.23 01:30:22 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Adobe
[2010.09.17 00:05:05 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Apple Computer
[2010.05.01 16:46:22 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\AquaCalculator
[2010.04.14 23:20:29 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Avira
[2008.12.01 13:47:52 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\AVS4YOU
[2008.01.24 12:05:42 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\CyberLink
[2008.01.24 01:52:39 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\DataLayer
[2009.07.26 13:54:28 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\DivX
[2009.01.22 22:47:31 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Glory of the Roman Empire
[2008.01.24 12:58:12 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Google
[2009.10.22 22:12:23 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\GTek
[2010.12.04 10:46:52 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Hewlett-Packard
[2008.01.24 04:21:44 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\HP
[2011.03.23 09:13:04 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\ICAClient
[2010.04.22 21:30:57 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\ICQ
[2008.01.24 12:34:20 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\ICQ Toolbar
[2008.01.23 21:20:46 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Identities
[2008.01.24 02:49:30 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\InstallShield
[2008.06.11 16:39:22 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Intel
[2008.02.14 15:32:52 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Logitech
[2008.03.19 17:14:40 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Macromedia
[2011.04.17 20:22:05 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Malwarebytes
[2009.12.28 23:04:43 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Marine Aquarium 3
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Media Center Programs
[2010.04.14 14:57:30 | 000,000,000 | --SD | M] -- C:\Users\Mario Kronz\AppData\Roaming\Microsoft
[2009.05.17 17:58:14 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Mozilla
[2008.10.03 04:02:54 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Nokia
[2008.10.12 11:38:00 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\PC Suite
[2008.03.19 17:14:40 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\PlayFirst
[2011.04.17 23:48:59 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Simply Super Software
[2011.03.23 21:19:24 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\skypePM
[2008.01.23 21:21:33 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Symantec
[2010.03.22 17:50:29 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\TeamViewer
[2008.01.23 21:26:22 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Template
[2008.03.23 16:56:31 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\TuneUp Software
[2008.02.06 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\Ulead Systems
[2008.03.19 17:13:55 | 000,000,000 | ---D | M] -- C:\Users\Mario Kronz\AppData\Roaming\WildTangent
 
< %APPDATA%\*.exe /s >
[2011.01.16 15:28:04 | 000,010,134 | R--- | M] () -- C:\Users\Mario Kronz\AppData\Roaming\Microsoft\Installer\{A2C60BF1-82E3-493C-911D-14AD50471F2F}\ARPPRODUCTICON.exe
[2010.11.20 18:26:50 | 000,010,134 | R--- | M] () -- C:\Users\Mario Kronz\AppData\Roaming\Microsoft\Installer\{B96DB037-DBEA-4186-9081-9CBD537F82E8}\ARPPRODUCTICON.exe
[2010.04.14 14:57:30 | 000,004,710 | R--- | M] () -- C:\Users\Mario Kronz\AppData\Roaming\Microsoft\Installer\{ce68ca3b-2fc4-4104-9986-d4900ca651f0}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.12.27 23:24:08 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.11.27 01:26:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007.11.27 01:26:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007.11.27 01:26:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.14 13:50:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 13:50:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 13:50:37 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Programme\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.01.24 03:35:35 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.01.24 03:35:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.02.11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\iastor.sys
[2007.07.13 06:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\SWSETUP\Drivers\ITM\Winall\Driver\iastor.sys
[2007.07.13 06:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\iastor.sys
[2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
[2007.07.13 06:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\SWSETUP\Drivers\ITM\Winall\Driver64\iastor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.11.26 23:51:56 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.11.26 23:51:56 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.04.17 22:09:07 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2011.04.17 22:09:07 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2011.04.17 22:09:05 | 000,580,608 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msfeeds.dll

< End of report >
--- --- ---

bibamus 19.04.2011 18:15
und nun der restOTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 19.04.2011 18:40:56 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Mario Kronz\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,30 Gb Total Space | 99,71 Gb Free Space | 45,05% Space Free | Partition Type: NTFS
Drive D: | 11,58 Gb Total Space | 2,18 Gb Free Space | 18,86% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT | User Name: Mario Kronz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3518476700-3390028175-3913548786-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" [2009.05.06 00:15:11 | 000,000,000 | ---D | M]
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021E9321-D04B-4EEA-89A1-59FB52808A41}" = lport=444 | protocol=17 | dir=in | name=mutterhaus |
"{0A0C6AE6-B575-44C3-8685-53C4494D18F6}" = lport=80 | protocol=6 | dir=in | name=@wsmres.dll,-50 |
"{0ADF3551-B493-45C4-9B80-DBA3C917B09D}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{14B5111B-1553-40EA-989D-86AAA77FB2EB}" = lport=445 | protocol=6 | dir=in | app=system |
"{2089D96A-6C8A-481F-BBE0-CCD88DBAFA20}" = rport=1701 | protocol=17 | dir=out | app=system |
"{2BB5B5AF-9CA7-4B79-BFCD-A6A0C066AA27}" = lport=444 | protocol=6 | dir=in | name=ssl network extender |
"{31746B24-6D73-409D-8A28-1216670D3554}" = lport=445 | protocol=6 | dir=in | app=system |
"{3A8A0C2F-971B-4247-93AA-A5CA814E34C9}" = lport=5985 | protocol=6 | dir=in | app=system |
"{3D598C0B-265B-455F-87E2-C0F806C18C87}" = lport=445 | protocol=6 | dir=in | app=system |
"{459ADF91-8FC3-4503-92EF-B96997E31E7E}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe |
"{4A2785E5-8289-4A58-9B80-7A1511358CF2}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{5EF6E4B0-E716-43D4-A19E-84D282EE385B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{60D99075-C38E-467A-BFE3-4FD64BD268A1}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{619CA1FB-2F2A-4EFC-B245-5E48AA1FF911}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |
"{61F5E66E-E391-44F3-9694-CDEF77263680}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{697E29AD-DAAD-4670-9FC5-42A7E0303054}" = lport=1723 | protocol=6 | dir=in | app=system |
"{765E7400-B95B-4907-920F-AFEAF66303F9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{83BFF601-DB91-4A39-A27F-6AB01CAB1789}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{8622AF69-F551-4E74-BBF6-5FC0ADA78C32}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{961AD9AA-4137-4E05-9133-5DE0FC7BA7ED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{A2E6129B-ED15-4C09-A687-B559EFBC192A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A47200D5-DE8D-4E18-9CE8-E9CABE335D4F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A5B06297-6039-44C4-B9A3-95AFE9926CF8}" = lport=1701 | protocol=17 | dir=in | app=system |
"{B878B2F9-98FB-472F-84AB-31AADFF880E3}" = rport=1701 | protocol=17 | dir=out | app=system |
"{BB105F2C-8126-465E-93DA-5C7A0A539CF9}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{BBA33572-1F46-4940-AD2A-7E92EACF9C47}" = lport=443 | protocol=6 | dir=in | app=system |
"{BC238477-5863-40B2-8627-D92B20251108}" = lport=1723 | protocol=6 | dir=in | app=system |
"{CC213FFA-E55E-4124-B1D3-7C77A21ABDBC}" = lport=80 | protocol=6 | dir=in | name=@wsmres.dll,-50 |
"{CDEEE1AE-A75C-42FB-A7D4-D9C653AA3817}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{CE8A5665-CBD5-41CA-B54B-343E04389481}" = rport=1723 | protocol=6 | dir=out | app=system |
"{D00FC308-E3F6-4E0B-9026-354F63261B0E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{D30A5C65-4E26-4B84-AC61-A618F56C0566}" = lport=1701 | protocol=17 | dir=in | app=system |
"{D532D768-E3C1-49B2-8385-FC3466926B9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{DA13C5CC-D5C9-4FAA-88FD-DC71AA66E5B0}" = rport=1723 | protocol=6 | dir=out | app=system |
"{DA8DAB2D-9EB9-4AB9-9062-9ACD8D79DF86}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{DDB06745-1074-4680-8966-E440F4085599}" = lport=444 | protocol=6 | dir=in | name=tcp |
"{F3284AAE-8B46-449D-ADA2-5E9B8B2D8BD6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A86574-B2EF-40A6-A8DB-4291401C0D33}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{1513A2F2-CC34-4542-BAB6-0AFC659928A5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{264192D0-CCAE-4547-AC01-F0BD57E30614}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{27E69D9C-C0E0-4592-BB21-F4177EC327B7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29B61AE6-2E0F-4717-9846-6C0374A0633D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29EF98FD-65D0-4D7E-B8E4-D3758A94C65C}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{2D4F6A15-FD04-4452-BAA6-2EB5D5A23ECB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2DC430B8-5562-40C7-A80A-B1F41ADDCD6E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{39A6F247-2FEA-4CB1-AC7D-8D472B0EE890}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{3C17D4CB-5446-40CD-A160-4B4BE29D4893}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3CFAF864-3184-4FD9-8D85-87F4C84805F0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{50B00988-8DD0-43D8-B449-885D6938F828}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{72CCD043-6681-499F-9FBE-02A2105B5B17}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{77113BC9-401A-4607-909C-4944FD41D732}" = dir=in | app=c:\program files\checkpoint\ssl network extender\slimsvc.exe |
"{7DF87AC0-CE97-45F2-84C4-5CF5D8590595}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9B39141C-7ABC-4E52-A852-C2238DF642FE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9C9BB4D7-B277-4409-9B63-ABD0E1A480AC}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{B8A4F8B8-4C73-429E-88BB-F3543AC77BD2}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{C101EF96-9645-4CB8-8754-3AB282DD0C8F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CD1D1B05-6E9E-43BE-9A5C-A727142CC4FF}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{D7310273-E9FA-4EDF-9BAC-FA461E9E3705}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{EF5EB82D-729F-451D-8559-C3D0F056A2BC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{1C6CE6DF-44B7-4557-93BD-06BEAD16611E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{20FD014C-080E-4096-9399-EA2A908F45C5}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{24066CF6-A531-4E51-AEE1-4646192AD91B}C:\users\mario kronz\appdata\local\temp\low\snxac\staproxy.exe" = protocol=6 | dir=in | app=c:\users\mario kronz\appdata\local\temp\low\snxac\staproxy.exe |
"TCP Query User{2D55CF2A-1BE5-46AA-A787-11363329FAB6}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{33686BBA-AE17-4688-AAFB-68D0830A4D5E}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{63F75D87-AED0-446B-9719-7F0E7ECEAD7E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{6A8BFF60-7A33-4AB6-82BB-A040891CC940}C:\users\mario kronz\appdata\local\temp\snxac\staproxy.exe" = protocol=6 | dir=in | app=c:\users\mario kronz\appdata\local\temp\snxac\staproxy.exe |
"TCP Query User{6CE83492-2802-4E66-9F0D-953495DF4BAF}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{883CB8DF-7231-42D4-A5AE-7048B827CB31}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{90A41E84-22AC-42A8-BEAC-5D859C99E529}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BF3CAD63-90BC-4B5C-BF75-B019A2898EC0}C:\users\mario kronz\appdata\local\temp\low\snxac\staproxy.exe" = protocol=6 | dir=in | app=c:\users\mario kronz\appdata\local\temp\low\snxac\staproxy.exe |
"TCP Query User{F76F3B8F-C269-41CC-BA1C-36F8A92E216C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2CAE6881-6161-445F-AD2B-601A13BA84D7}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{3C496D91-9EA4-4353-AF71-8CF65CC6B035}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{43BC948F-3991-453B-892F-66599D069D9A}C:\users\mario kronz\appdata\local\temp\low\snxac\staproxy.exe" = protocol=17 | dir=in | app=c:\users\mario kronz\appdata\local\temp\low\snxac\staproxy.exe |
"UDP Query User{460E6A43-1260-4516-A622-C0477EF62AFA}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{47DBF6FA-FBB0-496B-97D0-5E0D8448BA75}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5021F75D-E89C-4532-AB1D-E7E6F146EEEC}C:\users\mario kronz\appdata\local\temp\snxac\staproxy.exe" = protocol=17 | dir=in | app=c:\users\mario kronz\appdata\local\temp\snxac\staproxy.exe |
"UDP Query User{6E161C24-5BB2-4474-AD4B-219DFFD7B7AC}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{8297D0D6-31CA-4AF5-9F6B-60825C45B8C2}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{C195DD04-F46F-4183-97DC-EFD62F488227}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{C7060B08-7BA5-4F31-B073-762DDF545995}C:\users\mario kronz\appdata\local\temp\low\snxac\staproxy.exe" = protocol=17 | dir=in | app=c:\users\mario kronz\appdata\local\temp\low\snxac\staproxy.exe |
"UDP Query User{E1219FA8-DF3F-4CD7-BE4D-053855918352}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FCFBB9E2-BBD5-4CD7-A9CB-1A0A5BFED0EF}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix Online Plug-in (Web)
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = Die Sims™ Lebensgeschichten
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{244660F1-2D1E-4322-B4D8-873D89C64BF7}" = Fauna Marin Calcu DE
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 24
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix Online Plug-in (USB)
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead Movie Wizard SE VCD
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65AA10FF-6F32-48AE-881F-FC96E7BF3A5E}" = ESU for Microsoft Vista
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix Online Plug-in (DV)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 2.3G
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{a26ff7e0-a2d0-4453-aa12-14c8aeede90b}" = Check Point SSL Network Extender Service
"{A2C60BF1-82E3-493C-911D-14AD50471F2F}" = Rundum-Betrachter-innoPlus
"{A89131FD-3D18-4DA8-84C8-622423011B51}_is1" = ALNO AG  Küchenplaner
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoPlus
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software  1.10.13.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce68ca3b-2fc4-4104-9986-d4900ca651f0}" = Check Point SSL Network Extender Components Shell
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix Online Plug-in (HDX)
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows-Treiberpaket - Nokia Modem  (10/12/2007 3.6)
"7-Zip" = 7-Zip 9.20
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows-Treiberpaket - Nokia Modem  (08/03/2007 6.84.0.2)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AquaCalculator 2.x" = AquaCalculator 2.x
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem  (03/05/2008 3.7)
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"dm Fotowelt" = dm Fotowelt
"dm-Fotowelt" = dm-Fotowelt
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem  (03/13/2008 6.86.0.1)
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mediscript-CD Hammerexamen" = Mediscript-CD Hammerexamen
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"Nokia PC Suite" = Nokia PC Suite
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Premiere Internet TV_is1" = Premiere Internet TV Version 1.2.3
"ProInst" = Intel(R) PROSet/Wireless Software
"ProtectDisc Driver" = ProtectDisc Helper Driver
"QPedia" = QPedia (remove only)
"SAIA FishSelector" = SAIA FishSelector
"SereneScreen Marine Aquarium 3_is1" = SereneScreen Marine Aquarium 3
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trojan Remover_is1" = Trojan Remover 6.8.2
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZDFmediathek_is1" = ZDFmediathek Version 1.4.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.04.2011 09:19:00 | Computer Name = Privat | Source = Windows Search Service | ID = 3013
Description =
 
Error - 18.04.2011 09:19:00 | Computer Name = Privat | Source = Windows Search Service | ID = 3013
Description =
 
Error - 18.04.2011 09:19:00 | Computer Name = Privat | Source = Windows Search Service | ID = 3013
Description =
 
Error - 18.04.2011 09:19:00 | Computer Name = Privat | Source = Windows Search Service | ID = 3013
Description =
 
Error - 18.04.2011 10:45:48 | Computer Name = Privat | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.04.2011 10:45:48 | Computer Name = Privat | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15616
 
Error - 18.04.2011 10:45:48 | Computer Name = Privat | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15616
 
Error - 18.04.2011 11:09:06 | Computer Name = Privat | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.04.2011 11:09:06 | Computer Name = Privat | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1416021
 
Error - 18.04.2011 11:09:06 | Computer Name = Privat | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1416021
 
[ OSession Events ]
Error - 27.10.2010 01:46:24 | Computer Name = Privat | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.03.2011 12:12:32 | Computer Name = Privat | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 17.04.2011 18:16:30 | Computer Name = Privat | Source = Service Control Manager | ID = 7000
Description =
 
Error - 17.04.2011 18:18:03 | Computer Name = Privat | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 18.04.2011 um 00:16:05 unerwartet heruntergefahren.
 
Error - 17.04.2011 18:19:12 | Computer Name = Privat | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 95.89.184.50 für die Netzwerkkarte mit der Netzwerkadresse
 001DE05DEAFF wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 17.04.2011 18:19:19 | Computer Name = Privat | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.04.2011 05:50:50 | Computer Name = Privat | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 18.04.2011 11:09:17 | Computer Name = Privat | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 95.89.160.140 für die Netzwerkkarte mit der Netzwerkadresse
 001DE05DEAFF wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 19.04.2011 00:11:15 | Computer Name = Privat | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.0.140 über die
 Netzwerkkarte mit der Netzwerkadresse 001DE05DEAFF ist verloren gegangen.
 
Error - 19.04.2011 11:56:48 | Computer Name = Privat | Source = DCOM | ID = 10005
Description =
 
Error - 19.04.2011 11:56:48 | Computer Name = Privat | Source = Service Control Manager | ID = 7009
Description =
 
Error - 19.04.2011 11:56:48 | Computer Name = Privat | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

markusg 19.04.2011 18:48
poste alle malwarebytes logs die du bisher erstellt hast,
zu finden unter malwarebytes, logdateien

bibamus 19.04.2011 18:51
habe auch das problem mit TR/Kazy.mekml.1
 
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6385

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

17.04.2011 23:03:45
mbam-log-2011-04-17 (23-03-45).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158133
Laufzeit: 28 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BRcrbSmEXhdOhE (Trojan.Agent) -> Value: BRcrbSmEXhdOhE -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\brcrbsmexhdohe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\mario kronz\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6385

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

18.04.2011 12:43:05
mbam-log-2011-04-18 (12-43-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 368699
Laufzeit: 5 Stunde(n), 48 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

markusg 19.04.2011 19:33
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

bibamus 19.04.2011 19:43
combofix lässt sich nicht runterladen, hast du villeicht nen download link.danke.

markusg 19.04.2011 20:08
warum lässt es sich nicht laden, da sind mehrere links angegeben was ist das problem?

bibamus 19.04.2011 20:19
so hier ist der combo log

Combofix Logfile:
Code:
ComboFix 11-04-19.01 - Mario Kronz 19.04.2011  20:56:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2046.1077 [GMT 2:00]
ausgeführt von:: c:\users\Mario Kronz\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\system32\KBL.LOG
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-19 bis 2011-04-19  ))))))))))))))))))))))))))))))
.
.
2011-04-19 19:10 . 2011-04-19 19:10        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-19 16:01 . 2011-04-19 16:01        --------        d-----w-        c:\programdata\McAfee
2011-04-19 16:01 . 2011-04-19 16:01        --------        d-----w-        c:\programdata\McAfee Security Scan
2011-04-19 16:01 . 2011-04-19 16:01        --------        d-----w-        c:\program files\McAfee Security Scan
2011-04-17 21:49 . 2006-06-19 11:01        69632        ----a-w-        c:\windows\system32\ztvcabinet.dll
2011-04-17 21:49 . 2006-05-25 13:52        162304        ----a-w-        c:\windows\system32\ztvunrar36.dll
2011-04-17 21:49 . 2005-08-25 23:50        77312        ----a-w-        c:\windows\system32\ztvunace26.dll
2011-04-17 21:49 . 2002-03-05 23:00        75264        ----a-w-        c:\windows\system32\unacev2.dll
2011-04-17 21:49 . 2003-02-02 18:06        153088        ----a-w-        c:\windows\system32\UNRAR3.dll
2011-04-17 21:48 . 2011-04-17 21:53        --------        d-----w-        c:\program files\Trojan Remover
2011-04-17 21:48 . 2011-04-17 21:48        --------        d-----w-        c:\users\Mario Kronz\AppData\Roaming\Simply Super Software
2011-04-17 21:48 . 2011-04-17 21:48        --------        d-----w-        c:\programdata\Simply Super Software
2011-04-17 18:22 . 2011-04-17 18:22        --------        d-----w-        c:\users\Mario Kronz\AppData\Roaming\Malwarebytes
2011-04-17 18:21 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-17 18:21 . 2011-04-17 18:21        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-17 18:21 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-17 18:21 . 2011-04-17 18:21        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-04-16 06:21 . 2011-03-15 04:05        6792528        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A61C9AD-9DEC-407E-AC7E-152B480E0BDD}\mpengine.dll
2011-04-13 15:53 . 2011-03-03 15:42        739328        ----a-w-        c:\windows\system32\inetcomm.dll
2011-04-13 15:53 . 2011-03-03 10:50        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-04-03 18:27 . 2011-04-03 18:27        --------        d-----w-        C:\292169e594b55255652a
2011-03-25 02:03 . 2011-03-25 02:03        --------        d-----w-        c:\windows\CheckSur
2011-03-23 07:28 . 2011-02-22 13:33        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2011-03-23 07:28 . 2011-02-22 13:33        797696        ----a-w-        c:\windows\system32\FntCache.dll
2011-03-23 07:28 . 2011-02-22 14:13        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 20:30 . 2010-04-12 07:16        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-02-02 20:40 . 2010-04-28 19:33        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2009-10-02 23:38        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 21:51        638336        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 21:51        478720        ----a-w-        c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 21:51        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 21:51        160768        ----a-w-        c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 21:51        1029120        ----a-w-        c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 21:51        189952        ----a-w-        c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 21:51        37376        ----a-w-        c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 21:51        258048        ----a-w-        c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 21:51        586240        ----a-w-        c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 21:51        2873344        ----a-w-        c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 21:51        26112        ----a-w-        c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 21:51        209920        ----a-w-        c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 21:51        98816        ----a-w-        c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 21:51        1554432        ----a-w-        c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 21:51        876032        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 21:51        667648        ----a-w-        c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 21:51        847360        ----a-w-        c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 21:51        135680        ----a-w-        c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 21:51        979456        ----a-w-        c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 21:51        357376        ----a-w-        c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 21:51        302592        ----a-w-        c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 21:51        261632        ----a-w-        c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 21:51        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 21:51        486400        ----a-w-        c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 21:51        683008        ----a-w-        c:\windows\system32\d2d1.dll
2010-10-12 15:33 . 2010-10-12 15:33        124344        ----a-w-        c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-10-12 17:15 . 2010-10-12 17:15        13240        ----a-w-        c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-10-12 15:37 . 2010-10-12 15:37        70592        ----a-w-        c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-10-12 15:35 . 2010-10-12 15:35        91576        ----a-w-        c:\program files\mozilla firefox\plugins\confmgr.dll
2010-10-12 15:34 . 2010-10-12 15:34        22464        ----a-w-        c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-10-12 15:32 . 2010-10-12 15:32        255416        ----a-w-        c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-10-12 15:35 . 2010-10-12 15:35        31672        ----a-w-        c:\program files\mozilla firefox\plugins\icafile.dll
2010-10-12 15:34 . 2010-10-12 15:34        40384        ----a-w-        c:\program files\mozilla firefox\plugins\icalogon.dll
2010-07-14 11:42 . 2010-07-14 11:42        898480        ----a-w-        c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-10-12 15:37 . 2010-10-12 15:37        24000        ----a-w-        c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-11 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-07-05 1167296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-2-14 813584]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-24 525640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"HPAdvisor"=c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"SynTPStart"=c:\program files\Synaptics\SynTP\SynTPStart.exe
"RtHDVCpl"=RtHDVCpl.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"IAAnotif"=c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
"WAWifiMessage"=c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9cdd128cfd42;Google Update Service (gupdate1c9cdd128cfd42);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]
S2 acedrv01;acedrv01;c:\windows\system32\drivers\acedrv01.sys [2008-03-21 93696]
S2 acedrv02;acedrv02;c:\windows\system32\drivers\acedrv02.sys [2008-03-21 97280]
S2 acedrv03;acedrv03;c:\windows\system32\drivers\acedrv03.sys [2008-03-21 97280]
S2 acedrv04;acedrv04;c:\windows\system32\drivers\acedrv04.sys [2008-03-21 97280]
S2 acedrv06;acedrv06;c:\windows\system32\drivers\acedrv06.sys [2008-03-21 99840]
S2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [2008-03-21 108768]
S2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [2007-06-18 373568]
S2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [2007-05-30 201696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-11 135336]
S2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [2007-06-10 331870]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [2007-06-10 110160]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-15 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 10:40]
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 22:29]
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 22:29]
.
2011-04-19 c:\windows\Tasks\Norton Security Scan for Mario Kronz.job
- c:\program files\Norton Security Scan\Engine\2.7.6.13\Nss.exe [2011-02-27 18:34]
.
2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{7A39246F-50F8-4164-AE91-05374F3DC096}.job
- c:\windows\system32\msfeedssync.exe [2011-04-17 20:09]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: &Wikipedia - c:\program files\QPedia\search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mario Kronz\AppData\Roaming\Mozilla\Firefox\Profiles\zwysk8tw.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-19 21:11
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2011-04-19  21:15:57
ComboFix-quarantined-files.txt  2011-04-19 19:15
.
Vor Suchlauf: 16 Verzeichnis(se), 105.909.673.984 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 105.441.357.824 Bytes frei
.
- - End Of File - - D30D50A3C1624D7CD0450ECC83AA0707
--- --- ---

markusg 19.04.2011 20:31
unhide nutzen, dann solltet ihr alle dateien sehen können.

bibamus 19.04.2011 20:33
ja unhide war ja schon vorher erfolgreich, aber ich lass es nochmal laufen...
ist dann alles wieder gut mit dem rechner??Vielen dank. hab zwar nicht viel mit pcs am hut, aber irgendwie fand ich das ganze spannend.hoffe es passiert nicht nochmal.danke.

markusg 19.04.2011 20:41
na wenn alles sichtbar ist brauchst kein unhide.
wir schauen noch weiter, sieht aber gut aus.
lade den ccleaner slim:
Piriform - Builds
falls der ccleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

bibamus 19.04.2011 21:12
3D-Viewer-innoPlus INNOVA-engineering GmbH 19.11.2010 2,85MB 12.00.0203 (unnötig)
7-Zip 9.20 16.04.2011 3,54MB (unnötig)
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 16.04.2011 14,0MB unbekannt
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 16.04.2011 10.1.102.64 unbekant
Adobe Reader X (10.0.1) - Deutsch Adobe Systems Incorporated 18.04.2011 115,8MB 10.0.1 unbekannt
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 16.04.2011 23,7MB 11.5.9.620unbekannt
ALNO AG Küchenplaner ALNO AG 12.04.2011 70,0MB 0.99a unnötig
Apple Application Support Apple Inc. 06.12.2010 52,7MB 1.4.1 unbekannt
Apple Mobile Device Support Apple Inc. 06.12.2010 21,7MB 3.3.0.69unbekannt
Apple Software Update Apple Inc. 02.10.2008 2,16MB 2.1.1.116 unbekannt
AquaCalculator 2.x 16.04.2011 2,83MB notwendig
Avira AntiVir Personal - Free Antivirus Avira GmbH 16.04.2011 90,7MB 10.0.0.635 notwendig
Bonjour Apple Inc. 14.09.2010 0,97MB 2.0.3.0 unbekannt
CCleaner Piriform 18.04.2011 2,77MB 3.05 unbekannt
Check Point SSL Network Extender Components Shell Check Point 13.04.2010 0,29MB 2.00.0000 notwendig
Check Point SSL Network Extender Service CheckPoint 13.04.2010 0,53MB 7.01.0000 notwendig
Citrix Online Plug-in - Web Citrix Systems, Inc. 16.04.2011 16,1MB 12.1.0.30 notwendig
Compatibility Pack für 2007 Office System Microsoft Corporation 13.04.2011 102,2MB 12.0.6425.1000 unbekannt
CyberLink YouCam CyberLink Corp. 03.01.2008 38,9MB 1.0.1002 notwendig
Die Sims™ Lebensgeschichten Electronic Arts 22.01.2008 2.720MB 1.00.0000 unnötig
dm Fotowelt 16.04.2011 201MB notwendig
dm-Fotowelt 16.04.2011 407MB notwendig
DVD Suite CyberLink Corp. 16.04.2011 48,1MB 5.5.0928 notwendig
EA Link Electronic Arts 22.01.2008 7,84MB 3.1.1.4 unbekannt
ESU for Microsoft Vista Hewlett-Packard 26.11.2007 14,3MB 2.0.11.1 unbekannt
Fauna Marin Calcu DE Fauna Marin 17.07.2010 17,0MB 1.2.1 unnötig
Google Toolbar for Firefox Google Inc. 18.04.2011 4,94MB 7.1.20101113 unbekannt
Google Toolbar for Internet Explorer Google Inc. 18.04.2011 10,3MB 6.6.1409.1944 notwendig
Hauppauge MCE XP/Vista Software Encoder (2.0.25149) Hauppauge Computer Works, Inc. 16.04.2011 0,15MB 2.0.25149 unbekannt
HP Active Support Library Hewlett-Packard 07.12.2010 20,5MB 3.1.9.1 unbekannt
HP Customer Experience Enhancements Hewlett-Packard 25.11.2007 0,98MB 5.4.0.2430 unbekannt
HP Easy Setup - Frontend Hewlett-Packard 25.11.2007 1,92MB 5.4.0.2430 unbekannt
HP Help and Support Hewlett-Packard 20.10.2008 14,3MB 2.0.10.0 notwendig
HP Quick Launch Buttons 6.30 E1 Hewlett-Packard 03.01.2008 19,4MB 6.30 E1 unbekannt
HP QuickPlay 3.6 16.04.2011 7,95MB unbekannt
HP QuickTouch 1.00 C4 Hewlett-Packard 03.01.2008 1,77MB 1.0.7 unbekannt
HP Total Care Advisor Hewlett-Packard 26.11.2007 30,1MB 1.4.19.2433 unbekannt
HP Update Hewlett-Packard 06.09.2008 3,76MB 4.000.011.006 unbekannt
HP Wireless Assistant Hewlett-Packard 07.12.2010 3,95MB 3.00 H3 unbekannt
ICQ6.5 ICQ 12.03.2009 49,2MB 6.5 notwendig
IKEA Home Planner IKEA IT 28.03.2009 146,8MB 2.0.1 unnötig
Intel(R) PROSet/Wireless Software Intel Corporation 16.04.2011 unbekannt 11.5.0000
Intel® Matrix Storage Manager Intel Corporation 16.04.2011 37,1MB unbekannt
iTunes Apple Inc. 06.12.2010 144,8MB 10.1.0.56 notwendig
Java(TM) 6 Update 24 Sun Microsystems, Inc. 15.11.2008 94,4MB 6.0.240 unbekannt
LabelPrint CyberLink Corp. 16.04.2011 229MB 2.20.2128 unbekannt
Logitech SetPoint Logitech 16.08.2009 16,2MB 4.80 unbekannt
Malwarebytes' Anti-Malware Malwarebytes Corporation 16.04.2011 4,80MB notwendig
McAfee Security Scan Plus McAfee, Inc. 18.04.2011 2,33MB 2.0.181.2 unbekannt
Mediscript-CD Hammerexamen 16.04.2011 246MB unnötig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 16.04.2011 37,0MB unbekannt
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 16.04.2011 27,8MB unbekannt
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 16.04.2011 120,3MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 16.04.2011 24,5MB 4.0.30319 unbekannt
Microsoft Office Home and Student 2007 Microsoft Corporation 16.04.2011 301MB 12.0.6425.1000 unbekannt
Microsoft Office Live Add-in 1.5 Microsoft Corporation 01.07.2010 0,49MB 2.0.4024.1 unbekannt
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 13.04.2011 114,4MB 12.0.6425.1000 unbekannt
Microsoft Silverlight Microsoft Corporation 15.02.2011 29,1MB 4.0.60129.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 16.05.2009 1,74MB 3.1.0000 unbekannt
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 16.05.2009 0,61MB 1.0.1215.0 unbekannt
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 16.05.2009 1,45MB 1.0.1215.0 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 29.07.2009 0,25MB 8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 13.04.2011 0,29MB 8.0.51011 unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570unbekannt Microsoft Corporation 13.04.2011 0,58MB 9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 14.06.2010 0,61MB 9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 12.09.2010 0,23MB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11.04.2010 0,58MB 9.0.30729.4148 unbekannt
Microsoft Works Microsoft Corporation 14.12.2010 378MB 9.7.0621 unbekannt
Motorola SM56 Speakerphone Modem Motorola Inc 16.04.2011 1,73MB 6.12.25.06 unbekannt
Mozilla Firefox (3.0.19) Mozilla 16.04.2011 25,1MB 3.0.19 (de) notwendig
MSCU for Microsoft Vista Hewlett-Packard 25.11.2007 230MB 1.0.1.9 unbekannt
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 23.01.2008 1,27MB 4.20.9848.0 unbekannt
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 24.01.2008 1,27MB 4.20.9849.0 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14.11.2008 1,28MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,34MB 4.20.9876.0 unbekannt
My HP Games WildTangent 16.04.2011 215MB HPCMPQ1902 unbekannt
Nokia Connectivity Cable Driver Nokia 10.04.2010 2,86MB 7.1.23.0 unnötig
Nokia PC Suite Nokia 16.04.2011 34,9MB 7.1.40.6 unnötig
Norton Security Scan Symantec Corporation 16.04.2011 11,6MB 2.7.6.13 unnötig
NVIDIA Drivers NVIDIA Corporation 16.04.2011 1.10 unbekannt
PC Connectivity Solution Nokia 10.04.2010 12,2MB 9.44.0.3 unbekannt
Photo Loader 2.3G 16.04.2011 0,82MB unbekannt
PowerDirector CyberLink Corp. 26.11.2007 352MB 6.5.2129 unbekannt
Premiere Internet TV Version 1.2.3 Premiere Interactive GmbH 16.04.2011 unnötig 2,93MB
ProtectDisc Helper Driver 16.04.2011 96,00KB 9.1.0.0 unbekannt
QPedia (remove only) 16.04.2011 56,00KB unbekannt
QuickPlay SlingPlayer 0.4.4 SlingMedia 16.04.2011 216MB 0.4.4 unbekannt
QuickTime Apple Inc. 01.11.2010 72,9MB 7.68.75.0 unbekannt
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista Realtek 03.01.2008 0,73MB 1.00.0000 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 03.01.2008 12,0MB 6.0.1.5470 notwendig
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 16.04.2011 1,93MB 3.51.01 unbekannt
Rundum-Betrachter-innoPlus INNOVA-engineering GmbH Dresden 15.01.2011 2,25MB 12.00.0203 unnötig
Safari Apple Inc. 06.12.2010 41,3MB 5.33.19.4 notwenidg
SAIA FishSelector 16.04.2011 4,82MB unnötig
SereneScreen Marine Aquarium 3 Prolific Publishing, Inc. 27.12.2009 0,70MB 3.0 unnötig
Spybot - Search & Destroy Safer Networking Limited 22.03.2008 37,4MB 1.5.2 unnötig
Synaptics Pointing Device Driver Synaptics Incorporated 16.04.2011 14,0MB 15.0.17.4 unbekannt
Trojan Remover 6.8.2 Simply Super Software 16.04.2011 9,56MB 6.8.2 unnötig
TuneUp Utilities 2007 TuneUp Software 22.03.2008 26,4MB 6.0.2311 unbekannt
Ulead Movie Wizard SE VCD Ulead System 16.04.2011 162,5MB 8.0 unbekannt
Windows Live Essentials Microsoft Corporation 16.04.2011 155,3MB 14.0.8089.0726 unbekannt
Windows Live ID-Anmelde-Assistent Microsoft Corporation 01.07.2010 4,69MB 6.500.3165.0 unbekannt
Windows Live Sync Microsoft Corporation 24.11.2009 2,79MB 14.0.8089.726unbekannt
Windows Live-Uploadtool Microsoft Corporation 16.05.2009 0,22MB 14.0.8014.1029 unbekannt
Windows-Treiberpaket - Nokia Modem (03/05/2008 3.7) Nokia 16.04.2011 03/05/2008 3.7 unnötig
Windows-Treiberpaket - Nokia Modem (03/13/2008 6.86.0.1) Nokia 16.04.2011 69,2MB 03/13/2008 6.86.0.1 unnötig
Windows-Treiberpaket - Nokia Modem (08/03/2007 6.84.0.2) Nokia 16.04.2011 66,0MB 08/03/2007 6.84.0.2 unnötig
Windows-Treiberpaket - Nokia Modem (10/12/2007 3.6) Nokia 16.04.2011 10/12/2007 3.6 unnötig
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 16.04.2011 66,0MB 08/22/2008 7.0.0.0 unnötig
WinZip 12.1 WinZip Computing, S.L. 07.10.2009 15,9MB 12.1.8519 unnötig
ZDFmediathek Version 1.4.0 ZDF 16.04.2011 2,35MB
unbekannt

markusg 20.04.2011 11:24
3D-Viewerdeinstaliere:
7zip kann man eig behalten, wenn mal was gepackt werden muss.


öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus.
so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden.
unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken.
unter update, auf instalieren stellen.
klicke übernehmen /ok
deinstaliere.
ALNO
Bonjour
Die Sims™
ESU
Fauna
Google Toolbar beide

von hb behalte:
HP Easy
HP Quick Launch Buttons
HP QuickTouch
HP Update
HP Wireless falls du wlan nutzt der rest kann weg
IKEA
LabelPrint
McAfee Security Scan
Mediscript
Microsoft Office schreiben tabellen etc, falls unnötig weg.
Microsoft Silverlight
Microsoft SQL
Mozilla Firefox (3.0.19) öffnen hilfe und update, version 4 instalieren.

My HP Games
Nokia beide.
Norton Security Scan
PC Connectivity Solution
Photo Loader
PowerDirector
Rundum-Betrachter
SAIA FishSelector
SereneScreen
Spybot
Trojan Remover
TuneUp
Ulead
Windows Live alle
bereinige mit dem ccleaner

bibamus 20.04.2011 17:16
muss ich unter bereinigen verstehen dass ich sie runterschmeissen soll??

markusg 20.04.2011 17:18
in der ccleaner anleitung steht wie man mit ihm bereinigt, und die aufgelisteten programme in meinem post sollst du deinstaliren bzw updaten.

bibamus 20.04.2011 17:28
soll ich auch die fehler in der regestry beheben??

markusg 20.04.2011 18:17
ja kannst du.

bibamus 20.04.2011 18:31
so hab alles gemacht wie du gesagt hast....alles ist runter...muss ich noch was machen??

hab noch ein weiteres problem, wenn ich mein laptop anmache dann fährt windows zwar hoch, aber der bildschirm bleibt schwarz...wenn ich dann paarmal aus und wieder anmache, geht er irgendwann an, liegt das an der hardware oder kann cih das irgendwie beheben??

markusg 20.04.2011 18:32
war das schon vorher so? vor der malware meine ich?

bibamus 20.04.2011 18:35
ja das war vorher, kam irgendwann, macht aber insofernnur ein problem das es nervig ist und ich den laptop immer nur in ruhezustand versetze, denn dann geht der bildschirm direkt an...hab mal gegoogelt, da schreiben die dass es eine kaltlötstelle in der grafikkarte ist, das gäbe es mal beim hp, aber ich frage mich an wieso er dann überhaupt noch angeht

bibamus 20.04.2011 19:03
hast mir bis jetzt sehr geholfen, vielen dank dafür.liebe grüsse aus trier

markusg 20.04.2011 19:03
ist noch garantie drauf?

bibamus 20.04.2011 19:04
nein die kiste ist jetzt 3 jahre alt...ist ein hp pavillon dv 9700

markusg 20.04.2011 19:05
kannst du den aufmachen und von innen mal säubern, vllt hilft das schon

bibamus 20.04.2011 19:15
ui, ja muss ich mal machen.....hoffe das hilft...hab im internet gelesen dass es ein flexing problem ist


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131