TR/Agent.avs' [trojan - "eingefangen über Yahoo Messenger"

cyberella · 24.08.2010, 15:14

Hallo zusammen,

leider war ich so bescheuert, auf einen Link zu klicken, den mir ein Kontakt angeblich im Yahoo Messenger geschickt hat. Der Trojaner benutzt nun meinen Messenger um diesen Link wiederum an meine Kontakte zu schicken.
Außerdem habe ich festgestellt, dass meine Festplatte praktisch voll ist, vor kurzem waren sicher noch 50 GB frei.

Antivir sagt folgendes:
In der Datei 'C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XE0HBOC3\bb[1].exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.avs' [trojan] gefunden.

Vorab schon mal vielen Dank für Eure Hilfe - bin derzeit ziemlich ratlos...

Als "Anfängerin" habe ich jetzt die Punkte unter 2 abgearbeitet und poste hier mal die logfiles.

1. Malware

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4469

Windows 6.0.6000
Internet Explorer 7.0.6000.16764

24.08.2010 15:09:48
mbam-log-2010-08-24 (15-09-48).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145346
Laufzeit: 21 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\xxxx\AppData\Local\Windows\winhelp.exe (Spyware.Passwords) -> Quarantined and deleted successfully.

2. OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.08.2010 15:25:06 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\xxxx\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16764)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 242,00 Mb Available Physical Memory | 24,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110,79 Gb Total Space | 2,93 Gb Free Space | 2,64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: xxxx-PC
Current User Name: xxxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.24 15:24:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
PRC - [2010.08.23 21:50:36 | 000,188,416 | RHS- | M] (CF0) -- C:\Users\Public\lmsn.exe
PRC - [2010.07.14 09:35:00 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009.11.24 17:42:48 | 000,439,776 | ---- | M] () -- C:\Program Files\fotokasten comfort\dd.exe
PRC - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009.11.13 13:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009.08.05 16:26:53 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.08 16:33:26 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.08 16:27:50 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2008.12.16 11:39:59 | 000,251,184 | ---- | M] (BIT LEADER) -- C:\Program Files\lg_swupdate\GiljabiStart.exe
PRC - [2008.08.18 18:41:00 | 001,832,272 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.01.28 12:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007.09.11 00:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
PRC - [2007.07.16 08:19:05 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.03.21 20:57:54 | 002,655,800 | ---- | M] (LG Electronics) -- C:\Program Files\LG Software\On Screen Display\HotKey.exe
PRC - [2007.03.14 15:50:24 | 004,399,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.03.02 22:47:34 | 000,185,912 | ---- | M] (LG Electronics Inc.) -- C:\Program Files\LG Software\LG Magnifier\Maglev.exe
PRC - [2007.03.02 22:37:58 | 000,112,184 | ---- | M] (LG Electronics Inc.) -- C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
PRC - [2007.02.22 11:56:14 | 000,337,464 | ---- | M] (LG Electronics Inc.) -- C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
PRC - [2007.02.12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.02.12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.11.02 14:35:33 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\mcupdate.exe
PRC - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.24 15:24:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
MOD - [2006.11.02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006.11.02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.08.05 16:26:53 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.05.23 17:05:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.28 12:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.07.16 08:19:04 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.02.12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgodd_filter.sys -- (lgodd_filter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009.12.09 19:46:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007.04.13 15:32:38 | 001,746,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007.04.13 15:32:38 | 001,746,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007.03.14 16:54:06 | 001,749,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007.02.09 17:41:16 | 000,182,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.01.31 18:55:12 | 000,690,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.01.24 12:27:28 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.11.22 09:12:00 | 000,195,072 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.05 11:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.12.14 21:30:22 | 000,007,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgsnd_filter.sys -- (lgsnd_filter)
DRV - [2001.10.09 20:11:02 | 000,183,080 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OM518VID.SYS -- (OM518P)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig?hl=de&gl=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
[2010.03.08 16:23:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions
[2010.03.08 16:23:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
 
O1 HOSTS File: ([2008.04.21 08:53:57 | 000,237,572 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    1001-search.info
O1 - Hosts: 127.0.0.1    www.1001-search.info
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    123topsearch.com
O1 - Hosts: 127.0.0.1    www.123topsearch.com
O1 - Hosts: 127.0.0.1    132.com
O1 - Hosts: 127.0.0.1    www.132.com
O1 - Hosts: 127.0.0.1    136136.net
O1 - Hosts: 8314 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BatteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe (LG Electronics Inc.)
O4 - HKLM..\Run: [Device Detection] C:\Program Files\fotokasten comfort\dd.exe ()
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display\HotKey.exe (LG Electronics)
O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\giljabistart.exe (BIT LEADER)
O4 - HKLM..\Run: [LG Magnifier] C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe (LG Electronics Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [Windows System Guard] C:\Users\Public\lmsn.exe (CF0)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} hxxp://www3.snapfish.de/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.fotokasten.de/javaapplet/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {BF5F3A70-4ECD-446A-A4EE-68AE66C1CC79} hxxp://fotoalbum.pixaco.de/Upload/PixacoActiveX.cab (MoreUploadX)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\xxxx\Pictures\PLATTE\Farbe GRÜN\IMG_6930.JPG
O24 - Desktop BackupWallPaper: C:\Users\xxxx\Pictures\PLATTE\Farbe GRÜN\IMG_6930.JPG
O28 - HKLM ShellExecuteHooks: {26F5978F-6493-4ee3-B114-C0C3ACCF9D4D} - C:\Windows\System32\bmpsap.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{19571e51-87df-11de-93fe-00e09110335b}\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.24 15:24:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
[2010.08.24 14:37:22 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes
[2010.08.24 14:36:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.24 14:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.24 14:36:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.24 14:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.24 10:00:59 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.08.24 10:00:59 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.24 10:00:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.24 10:00:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.23 21:51:42 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Windows
[2010.08.23 21:51:08 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Windows Server
[2010.08.05 15:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.08.05 15:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.24 15:31:48 | 004,718,592 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat
[2010.08.24 15:24:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
[2010.08.24 15:15:10 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.24 15:15:10 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.24 15:15:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.24 15:14:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.24 15:14:50 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.24 15:13:52 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.24 15:13:38 | 006,291,456 | -H-- | M] () -- C:\Users\xxxx\AppData\Local\IconCache.db
[2010.08.24 14:36:50 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.10 10:14:47 | 000,083,968 | ---- | M] () -- C:\Users\xxxx\Downloads\Documents\Adressenliste für Klassentreffen.doc
[2010.08.08 16:08:04 | 001,682,340 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\mdbu.bin
[2010.08.08 15:58:09 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.08 15:58:09 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.08 15:58:09 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.08 15:58:09 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.08 15:58:08 | 001,488,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.05 15:25:11 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.08.05 15:12:55 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
 
========== Files Created - No Company Name ==========
 
[2010.08.24 14:36:50 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.10 10:12:02 | 000,083,968 | ---- | C] () -- C:\Users\xxxx\Downloads\Documents\Adressenliste für Klassentreffen.doc
[2010.08.05 15:25:11 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.08.05 15:12:55 | 000,000,629 | ---- | C] () -- C:\Windows\System32\mapisvc.inf
[2009.08.13 10:38:38 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2008.11.04 12:58:07 | 001,682,340 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\mdbu.bin
[2007.10.23 21:06:06 | 000,000,680 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps.dat
[2007.07.15 14:38:25 | 000,023,888 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\UserTile.png
[2007.07.14 17:33:07 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.07.14 12:37:22 | 000,000,092 | ---- | C] () -- C:\Users\xxxx\AppData\Local\fusioncache.dat
[2007.07.14 12:08:14 | 000,022,473 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007.07.14 11:53:11 | 000,000,511 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.07.12 18:53:30 | 000,021,504 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.13 15:55:24 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
[2007.03.27 05:06:59 | 000,010,395 | ---- | C] () -- C:\Windows\lg_up.ini
[2007.03.27 05:06:01 | 000,000,890 | ---- | C] () -- C:\Windows\lgcenter.ini
[2007.03.27 04:33:33 | 000,114,688 | ---- | C] () -- C:\Windows\System32\bmpsap.dll
[2007.03.27 04:33:33 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\lgsnd_filter.sys
[2007.03.27 04:06:55 | 000,009,931 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.03.27 04:02:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1187.dll
[2007.03.27 03:59:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.03.27 03:58:09 | 000,000,196 | ---- | C] () -- C:\Windows\lgps.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:25:21 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1999.01.22 20:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
< End of report >

--- --- ---

3. OTL ExtraOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 24.08.2010 15:25:06 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\xxxx\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16764)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 242,00 Mb Available Physical Memory | 24,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110,79 Gb Total Space | 2,93 Gb Free Space | 2,64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: xxxx-PC
Current User Name: xxxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{244B61FC-23D4-4D91-8F12-24E1297D4C22}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5AB2F66D-9E65-42BE-AAC3-D81F95B0A307}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5DBC0E67-CF13-4AAE-B29C-B65DB1DB4936}" = rport=139 | protocol=6 | dir=out | app=system | 
"{63244E40-E781-4EDD-B32C-46420132B5F7}" = rport=137 | protocol=17 | dir=out | app=system | 
"{760B0476-6726-4C3D-93E0-67A9819ACE93}" = lport=445 | protocol=6 | dir=in | app=system | 
"{82DE0441-EF9F-4789-AC58-A30EF4964131}" = lport=137 | protocol=17 | dir=in | app=system | 
"{910984FE-08D8-465F-88B5-2FB3EBF10AA1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{94F099F4-AA71-45AD-A1D3-35E7C2151FDC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{997C59DD-AC6A-4FF8-A380-221757A1F117}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B09BC401-09AD-4296-881C-44D5EAE30C14}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BD0B3582-CE68-4FD0-8FA7-3C95C0D86F46}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E63EF1A8-8ADC-4D51-B678-11A38D7A02F8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C03A45A-DB31-4781-B4C6-D635C4E7A73A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{2254DF02-EB1E-44D0-9564-DB514F0B6160}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{2470AE9A-5F76-4977-888D-9C69B39CFF27}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3743F0EC-0AC0-4DE2-AD35-D83CED2B1D12}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{42C19DEC-6855-4F4F-88AD-05DDD8BC6848}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{556BBB84-2924-4C07-B8F3-1952DA6C209C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{5FB7956B-15A3-4E32-8FC8-72D798FB001C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{7035E137-FB2D-413F-B69F-F1661D964C98}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{95A6A6D6-9387-4C51-A483-14462F850AB1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{BF4CB18B-9224-4530-AEA6-6B136A20B726}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C9E2FEDE-B0F9-4CB6-B8F5-7871DB71F26E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{CE32D1E3-5949-4E5E-B315-F551A5CFB012}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{E7DD2178-134F-4064-A943-EDE5EDEDCC37}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E8250AAD-E9BD-4748-81BC-76B80F4BD420}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EE6A0598-204A-41CD-A558-3B81687FC10D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F1B1E6E9-7EE6-471F-A5E5-50A031737986}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F8B07FC3-96DD-4299-B7DE-590A592B3E0A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"TCP Query User{2C177518-6DB9-4F98-AEF4-2146A9481EF3}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{81803175-361C-4342-80A9-90AC935B4560}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{9A902081-4AB7-4162-9F8C-88B8A81215B5}C:\users\xxxx\temp\teamviewer\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\xxxx\temp\teamviewer\teamviewer.exe | 
"TCP Query User{C2AA1E60-73F2-41DD-AED7-8C6A9BA22829}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{FB2C688C-0F6C-4E6B-92E0-9AC546D75B71}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{2BB8A4BB-F524-44F6-A7B7-721FEB193729}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{3CF26852-337B-4C77-9FCF-F9B93174E166}C:\users\xxxx\temp\teamviewer\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\xxxx\temp\teamviewer\teamviewer.exe | 
"UDP Query User{4C6A2E57-DED7-4DBB-BAC5-AC3DC0AA800B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{7E275D10-478E-45C9-9700-D67A611FF094}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{8A899867-BCB9-4103-9495-99591AC3CEE0}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}" = 6300Trb
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AC8EA9E-3044-46CB-AC0D-69C45D207178}" = EzManual
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8E49F657-FC83-4730-BF52-A69082989B8B}_is1" = Cramfire 2009 Version 1.6
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9455E8B0-4D73-4A9D-BFA3-D2C213BFD28F}" = LG Smart Cam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BDEDBDD9-C97B-4333-B7BE-6979A34F6F74}" = 6300_Help
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D5228699-F4DD-4D0C-82AD-3F17C45D027E}" = On Screen Display
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2CB21A2-FD45-4353-888B-FFD071270F35}" = 6300
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{E55C8F84-160B-41FA-9D41-6210801C0C24}" = BatteryMiser 5
"{E562EEFF-D152-43AC-A648-82305AE46608}" = TerraCam USB PRO
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F60F1131-3D1F-44D9-8A42-FCC62AE8CF89}" = LG Magnifier
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"FKC21_is1" = fotokasten comfort
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"HVB eFIN 3.3" = HVB eFIN 3.3
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"myphotobook" = myphotobook 3.2
"PhotoStitch" = Canon Utilities PhotoStitch
"psrpe_is1" = Password Safe and Repository Personal Edition v4.5.5.1612
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Shop for HP Supplies" = Shop for HP Supplies
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.05.2008 14:39:55 | Computer Name = xxxx-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6000.16549 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen. Prozess-ID: 750 Anfangszeit: 01c8b5270eb95a6c Zeitpunkt
der Beendigung: 10921
 
Error - 15.05.2008 04:14:32 | Computer Name = xxxx-PC | Source = VSS | ID = 8194
Description = 
 
Error - 16.06.2008 02:55:01 | Computer Name = xxxx-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung pnp.exe, Version 3.0.0.116, Zeitstempel 0x46fc7c26,
fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
0xc0000005, Fehleroffset 0x0002294f, Prozess-ID 0x90c, Anwendungsstartzeit 01c8cf7ddcaca87b.
 
Error - 17.06.2008 18:01:31 | Computer Name = xxxx-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 9.0.0.3822 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1468 Anfangszeit: 01c8d0c4db213836 Zeitpunkt der Beendigung:
24
 
Error - 23.06.2008 15:02:12 | Computer Name = xxxx-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6000.16549, Zeitstempel
0x46d230c5, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x0169c3e8, Prozess-ID 0x718, Anwendungsstartzeit
01c8d50c260d3203.
 
Error - 30.06.2008 13:38:32 | Computer Name = xxxx-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hpqscnvw.exe, Version 8.1.0.52, Zeitstempel 
0x458016e1, fehlerhaftes Modul hpqscnvw.exe, Version 8.1.0.52, Zeitstempel 0x458016e1,
Ausnahmecode 0xc0000005, Fehleroffset 0x00009b0e, Prozess-ID 0x1690, Anwendungsstartzeit
01c8dad81adea6fc.
 
Error - 30.06.2008 13:43:44 | Computer Name = xxxx-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6000.16546 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen. Prozess-ID: aa4 Anfangszeit: 01c8da9271aa0ddc Zeitpunkt
der Beendigung: 140
 
Error - 30.06.2008 15:46:01 | Computer Name = xxxx-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6000.16546 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen. Prozess-ID: eb8 Anfangszeit: 01c8dad926841bbc Zeitpunkt
der Beendigung: 239
 
Error - 30.06.2008 15:48:32 | Computer Name = xxxx-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6000.16546 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen. Prozess-ID: 1410 Anfangszeit: 01c8dae9f4876a7c Zeitpunkt
der Beendigung: 261
 
Error - 17.07.2008 05:49:03 | Computer Name = xxxx-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6000.16546 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen. Prozess-ID: ad0 Anfangszeit: 01c8e7e2d88c187c Zeitpunkt
der Beendigung: 175
 
[ Media Center Events ]
Error - 18.04.2008 04:25:25 | Computer Name = xxxx-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
 
[ System Events ]
Error - 24.08.2010 09:14:46 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 24.08.2010 09:14:46 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 24.08.2010 09:14:46 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 24.08.2010 09:14:46 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 24.08.2010 09:14:46 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 24.08.2010 09:14:46 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 24.08.2010 09:14:46 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 24.08.2010 09:14:46 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 24.08.2010 09:15:16 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.08.2010 09:16:53 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >

--- --- ---

john.doe · 24.08.2010, 15:57

Hallo Cyberella und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

1.) Deinstalliere Spybot, der behindert die Reinigung.

2.) Lade die Datei:

Zitat:

C:\Users\Public\lmsn.exe

bitte bei uns hoch. Die Datei ist nicht sichtbar! Markiere und kopiere den Text in der Box und füge ihn im Uploadchannel ein. => http://www.trojaner-board.de/54791-a...ner-board.html

3.) Poste das Log von GMER => http://www.trojaner-board.de/74908-a...t-scanner.html

4.) Poste das Log von Osam => http://www.trojaner-board.de/85306-a...n-manager.html

ciao, andreas

john.doe · 24.08.2010, 17:01

Kommando zurück. Bitte setze als Erstes SUPERAntiSpyware ein, der erkennt den. Poste das Log von SuperAntiSpyware. => http://www.trojaner-board.de/51871-a...tispyware.html

ciao, andreas

cyberella · 25.08.2010, 09:19

Hallo Andreas,

danke für die Hinweise - ich glaub mein Rechner ist total verseucht.... :-(

hier nun das logfile von SUperantispyware:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/24/2010 at 10:18 PM

Application Version : 4.41.1000

Core Rules Database Version : 5399
Trace Rules Database Version: 3211

Scan type : Complete Scan
Total Scan Time : 03:29:54

Memory items scanned : 732
Memory threats detected : 3
Registry items scanned : 9057
Registry threats detected : 4
File items scanned : 139185
File threats detected : 54

Trojan.Agent/Gen-SSHNas[FakeAlert]
C:\USERS\xxx\APPDATA\LOCAL\TEMP\SSHNAS21.DLL
C:\USERS\xxx\APPDATA\LOCAL\TEMP\SSHNAS21.DLL
[Metropolis] C:\USERS\xxx\APPDATA\LOCAL\TEMP\SSHNAS21.DLL

Trojan.Agent/Gen-CDesc[Gen]
C:\USERS\PUBLIC\LMSN.EXE
C:\USERS\PUBLIC\LMSN.EXE
[Windows System Guard] C:\USERS\PUBLIC\LMSN.EXE
C:\Windows\Prefetch\LMSN.EXE-423FAAB6.pf

Trojan.Agent/Gen-Backdoor[Apex]
C:\USERS\xxx\APPDATA\LOCAL\TEMP\IHN.EXE
C:\USERS\xxx\APPDATA\LOCAL\TEMP\IHN.EXE
[XBV6RD5SZF] C:\USERS\xxx\APPDATA\LOCAL\TEMP\IHN.EXE
C:\USERS\xxx\APPDATA\LOCAL\TEMP\IHK.EXE
C:\USERS\xxx\APPDATA\LOCAL\TEMP\IHL.EXE
C:\USERS\xxx\APPDATA\LOCAL\TEMP\IHM.EXE
C:\USERS\xxx\APPDATA\LOCAL\TEMP\IHP.EXE

Adware.Tracking Cookie
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@zanox-affiliate[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@serving-sys[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@pointroll[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ero-advertising[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@unitymedia[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@webmasterplan[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@tribalfusion[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ads.sun[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@collective-media[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@adtech[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@adfarm1.adition[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@adserver.adtechus[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@2o7[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ads.pointroll[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@weborama[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@www.etracker[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@interclick[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@www.windowsmedia[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@chitika[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@content.yieldmanager[3].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ww251.smartadserver[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ads.undertone[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ad3.adfarm1.adition[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@clickcash[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@track.adform[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@content.yieldmanager[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@bs.serving-sys[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@msnportal.112.2o7[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@smartadserver[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@invitemedia[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@tracking.quisma[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@atdmt[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@richmedia.yahoo[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@adbrite[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@eas.apm.emediate[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@zanox[2].txt
cdn1.eyewonder.com [ C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2V9CPLWY ]
cdn5.specificclick.net [ C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2V9CPLWY ]
googleads.g.doubleclick.net [ C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2V9CPLWY ]
hottraffic.nl [ C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2V9CPLWY ]
imagesrv.adition.com [ C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2V9CPLWY ]
media01.kyte.tv [ C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2V9CPLWY ]
spe.atdmt.com [ C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2V9CPLWY ]
vidii.hardsextube.com [ C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2V9CPLWY ]
www.elitepartner.de [ C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2V9CPLWY ]

Malware.Trace
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
HKU\S-1-5-21-2349178945-693852076-4111038735-1000\SOFTWARE\XML

john.doe · 25.08.2010, 15:31

Zitat:

danke für die Hinweise - ich glaub mein Rechner ist total verseucht.

Ja, das war der LolBot => ThreatExpert Report: Backdoor.LolBot

Weiter mit GMER und OSAM.

ciao, andreas

cyberella · 26.08.2010, 15:17

Hallo Andreas,

leider funtioniert das nicht.

GMER kann ich zwar runterladen und mit dem Scan beginnen, aber es ist jetzt 3x passiert, dass sich der Rechner dann verabschiedet hat - einmal war dann auch eine Systemwiederherstellung erforderlich.

OSAM hab ich auch geladen, kann es aber nicht entpacken... mit was? Winzip habe ich nicht auf dem Rechner - und man soll ja während der Bereinigung nix runterladen.

Was nun?

Ach ja und noch eine Frage: der Rechner läuft ja noch.... und ich müsste auch was arbeiten... :-(
Was sollte ich bei diesem Befall besser unterlassen, was ist "ungefährlich" - ich hab ja keine Ahnung, was das Biest auf meinem Rechner anrichtet.

Schon mal vorab

Christine

john.doe · 26.08.2010, 15:42

Zitat:

Was sollte ich bei diesem Befall besser unterlassen, was ist "ungefährlich" - ich hab ja keine Ahnung, was das Biest auf meinem Rechner anrichtet.

Vermutlich hast du das Schlimmste schon hinter dir. Mit Genauigkeit kann ich es dir nur mit mehr Informationen mitteilen, deshalb musst du weitere Logs liefern.

Zitat:

kann es aber nicht entpacken... mit was?

Mausklick rechts auf die ZIP-Datei => Alle extrahieren => Weiter => Weiter => Fertigstellen

Zitat:

dass sich der Rechner dann verabschiedet hat

Das passiert leider häufiger.

Versuchen wir eine Alternative.

Rootkitsuche mit SysProt

Lade dir Sysprot auf den Desktop, entpacke es und starte das Tool.
Gehe dort auf den Reiter Log.
Setze nun alle Haken,
auch unten bei Hidden Objects Only
Klicke auf Create Log.
Es erscheint nach einem kurzen Scan die ein Dialogfenster. Wähle dort Scan root drive only
Klicke auf Start.
Wenn der Scan abgeschlossen ist, beende SysProt.
Poste den gesamten Inhalt der "SysProtLog.txt", die auf dem Desktop zu finden ist.

ciao, andreas

cyberella · 26.08.2010, 16:22

Hallo Andreas,

hier das logfile

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 86CB3000
Module End: 86D71000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateThread
Address: 8B48472C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: 8B484718
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: 8B48471D
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 8B484727
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: xxx-PC:57695
Remote Address: 88.85.68.232:HTTP
Type: TCP
Process: C:\Users\xxx\AppData\Local\Temp\Ihn.exe
State: ESTABLISHED

Local Address: xxx-PC:57694
Remote Address: 88.85.68.232:HTTP
Type: TCP
Process: C:\Users\xxx\AppData\Local\Temp\Ihn.exe
State: ESTABLISHED

Local Address: xxx-PC:57693
Remote Address: 88.85.68.231:HTTP
Type: TCP
Process: C:\Users\xxx\AppData\Local\Temp\Ihn.exe
State: ESTABLISHED

Local Address: xxx-PC:57692
Remote Address: 88.85.68.231:HTTP
Type: TCP
Process: C:\Users\xxx\AppData\Local\Temp\Ihn.exe
State: ESTABLISHED

Local Address: xxx-PC:57681
Remote Address: 68.67.185.203:HTTP
Type: TCP
Process: C:\Users\xxx\AppData\Local\Temp\Ihm.exe
State: ESTABLISHED

Local Address: xxx-PC:57679
Remote Address: 68.67.185.200:HTTP
Type: TCP
Process: C:\Users\xxx\AppData\Local\Temp\Ihm.exe
State: ESTABLISHED

Local Address: xxx-PC:57676
Remote Address: MPR6.NGD.VIP.CH1.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: xxx-PC:57673
Remote Address: MPR2.NGD.VIP.CH1.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: xxx-PC:57671
Remote Address: EC2-184-73-244-34.COMPUTE-1.AMAZONAWS.COM:HTTP
Type: TCP
Process: C:\Users\xxx\AppData\Local\Temp\Ihm.exe
State: ESTABLISHED

Local Address: xxx-PC:57656
Remote Address: MPR3.NGD.VIP.CH1.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: xxx-PC:57643
Remote Address: MPR6.NGD.VIP.CH1.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: xxx-PC:49243
Remote Address: 173.204.1.116.REVERSE.GOGRID.COM:HOSTS2-NS
Type: TCP
Process: C:\Users\Public\lmsn.exe
State: ESTABLISHED

Local Address: xxx-PC:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: xxx-PC:49303
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: xxx-PC:27015
Remote Address: LOCALHOST:49303
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: xxx-PC:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: LISTENING

Local Address: xxx-PC:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: xxx-PC:49204
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: xxx-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: xxx-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: xxx-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: xxx-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: xxx-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: xxx-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: xxx-PC:64790
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: xxx-PC:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: xxx-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: xxx-PC:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: xxx-PC:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: xxx-PC:64791
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: xxx-PC:63861
Remote Address: NA
Type: UDP
Process: C:\Users\xxx\AppData\Local\Temp\Ihm.exe
State: NA

Local Address: xxx-PC:60167
Remote Address: NA
Type: UDP
Process: C:\Program Files\lg_swupdate\GiljabiStart.exe
State: NA

Local Address: xxx-PC:57845
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: xxx-PC:57467
Remote Address: NA
Type: UDP
Process: C:\Users\xxx\AppData\Local\Temp\Ihn.exe
State: NA

Local Address: xxx-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: xxx-PC:57134
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: xxx-PC:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: xxx-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: xxx-PC:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: xxx-PC:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found

john.doe · 26.08.2010, 16:35

Hast du mit dem Yahoo Messenger in der Zwischenzeit gearbeitet?

Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

ciao, andreas

cyberella · 26.08.2010, 16:53

nein, ich habe den yahoo messenger zwar noch nach dem Befall benutzt (da war mich noch gar nicht klar was passiert ist) aber während der Bereinigung nicht mehr.

Auch war seit dem Befall nichts anderes am Rechner - außer dem Stromkabel :-) - nicht mal ein Drucker.
Soll ich trotzdem vor dem Scan was verbinden?? Und alles auf einmal geht ja auch nicht.....

Merci!
Christine

john.doe · 26.08.2010, 17:00

Zitat:

Soll ich trotzdem vor dem Scan was verbinden?? Und alles auf einmal geht ja auch nicht.....

Nur Datenträger! Keine Drucker oder Sonstiges. ComboFix wird mehrfach laufen. Jedesmal andere Datenträger anstecken.

ciao, andreas

cyberella · 01.10.2010, 15:38

Hallo Andreas,

nach längerer Urlaubspause melde ich mich wieder zurück und hoffe dass es jetzt den Biestern auf meinem Rechner endgültig an den Kragen geht.

CCleaner hab ich installiert und durchlaufen lasse, ohne Probleme.

Ebenso Combofix - anbei der Log

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-09-30.03 - xxxx 01.10.2010  14:10:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.1014.207 [GMT 2:00]
ausgeführt von:: c:\users\xxxx\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\xxxx\AppData\Local\Windows Server
c:\users\xxxx\AppData\Local\Windows Server\admin.txt
c:\users\xxxx\AppData\Local\Windows Server\flags.ini
c:\users\xxxx\AppData\Local\Windows Server\server.dat
c:\users\xxxx\AppData\Local\Windows Server\uses32.dat
c:\users\xxxx\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp
c:\users\xxxx\DynGate_Setup_de.exe
c:\users\xxxx\DynGateQS_de.exe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-01 bis 2010-10-01  ))))))))))))))))))))))))))))))
.

2010-10-01 12:25 . 2010-10-01 12:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-10-01 11:45 . 2010-10-01 11:45	--------	d-----w-	c:\program files\CCleaner

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 17:03 . 2007-03-27 01:52	12	----a-w-	c:\windows\bthservsdp.dat
2010-08-26 15:04 . 2010-08-26 15:04	--------	d-----w-	c:\users\xxxx\AppData\Roaming\Uniblue
2010-08-24 16:35 . 2010-08-24 16:35	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-08-24 16:35 . 2010-08-24 16:35	--------	d-----w-	c:\users\xxxx\AppData\Roaming\SUPERAntiSpyware.com
2010-08-24 16:35 . 2010-08-24 16:35	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2010-08-24 15:07 . 2008-01-09 12:25	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-08-24 15:04 . 2008-01-09 12:25	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-08-24 12:37 . 2010-08-24 12:37	--------	d-----w-	c:\users\xxxx\AppData\Roaming\Malwarebytes
2010-08-24 12:37 . 2010-08-24 12:36	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-24 12:36 . 2010-08-24 12:36	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-24 08:01 . 2007-07-15 13:39	--------	d-----w-	c:\program files\Common Files\Java
2010-08-24 08:00 . 2007-07-15 22:52	--------	d-----w-	c:\program files\Java
2010-08-08 14:08 . 2008-11-04 10:58	1682340	----a-w-	c:\users\xxxx\AppData\Roaming\mdbu.bin
2010-08-08 13:58 . 2006-11-02 15:33	651350	----a-w-	c:\windows\system32\perfh007.dat
2010-08-08 13:58 . 2006-11-02 15:33	121114	----a-w-	c:\windows\system32\perfc007.dat
2010-08-05 13:25 . 2010-08-05 13:22	--------	d-----w-	c:\program files\iTunes
2010-08-05 13:23 . 2010-08-05 13:23	--------	d-----w-	c:\program files\iPod
2010-08-05 13:23 . 2007-07-14 12:59	--------	d-----w-	c:\program files\Common Files\Apple
2010-08-05 13:13 . 2010-08-05 13:13	73000	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-17 03:00 . 2010-08-24 08:00	423656	----a-w-	c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-08-27 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 4670968]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-07-16 1006264]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 4399104]
"LG Magnifier"="c:\program files\LG Software\LG Magnifier\MagnifyingGlass.exe" [2007-03-02 112184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 845360]
"KeybdUtility"="c:\program files\LG Software\On Screen Display\HotKey.exe" [2007-03-21 2655800]
"BatteryMiser 5"="c:\program files\LG Software\BatteryMiser\BatteryMiser5.exe" [2007-02-22 337464]
"LG Intelligent Update"="c:\program files\lg_swupdate\giljabistart.exe" [2008-12-16 251184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-18 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-18 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-18 138008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Device Detection"="c:\program files\fotokasten comfort\dd.exe" [2009-11-24 439776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2006-12-11 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Password Safe"=c:\program files\Password Safe and Repository Personal Edition\psr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 lgodd_filter;lgodd_filter;c:\windows\system32\drivers\lgodd_filter.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig?hl=de&gl=
uInternet Settings,ProxyOverride = *.local
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
DPF: {BF5F3A70-4ECD-446A-A4EE-68AE66C1CC79} - hxxp://fotoalbum.pixaco.de/Upload/PixacoActiveX.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-DXDllRegExe - dxdllreg.exe
AddRemove-{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF} - c:\program files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-01 14:25
Windows 6.0.6000  NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2010-10-01  14:34:59
ComboFix-quarantined-files.txt  2010-10-01 12:34

Vor Suchlauf: 7 Verzeichnis(se), 18.843.201.536 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 18.197.594.112 Bytes frei

- - End Of File - - F825A0D09C0F485FF5F862D825AF7368

--- --- ---

Was ist jetzt noch zu tun?

Vielen Dank auch schon im Voraus
Christine

cyberella · 09.10.2010, 11:25

keine Ahnung warum mein letztes Posting nicht ganz oben erschienen ist - ich poste das combobix logfile nochmal - und hoffe auf eine Antwort.

Schönen Gruß
Christine

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-09-30.03 - xxxx 01.10.2010  14:10:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.1014.207 [GMT 2:00]
ausgeführt von:: c:\users\xxxx\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\xxxx\AppData\Local\Windows Server
c:\users\xxxx\AppData\Local\Windows Server\admin.txt
c:\users\xxxx\AppData\Local\Windows Server\flags.ini
c:\users\xxxx\AppData\Local\Windows Server\server.dat
c:\users\xxxx\AppData\Local\Windows Server\uses32.dat
c:\users\xxxx\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp
c:\users\xxxx\DynGate_Setup_de.exe
c:\users\xxxx\DynGateQS_de.exe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-01 bis 2010-10-01  ))))))))))))))))))))))))))))))
.

2010-10-01 12:25 . 2010-10-01 12:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-10-01 11:45 . 2010-10-01 11:45	--------	d-----w-	c:\program files\CCleaner

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 17:03 . 2007-03-27 01:52	12	----a-w-	c:\windows\bthservsdp.dat
2010-08-26 15:04 . 2010-08-26 15:04	--------	d-----w-	c:\users\xxxx\AppData\Roaming\Uniblue
2010-08-24 16:35 . 2010-08-24 16:35	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-08-24 16:35 . 2010-08-24 16:35	--------	d-----w-	c:\users\xxxx\AppData\Roaming\SUPERAntiSpyware.com
2010-08-24 16:35 . 2010-08-24 16:35	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2010-08-24 15:07 . 2008-01-09 12:25	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-08-24 15:04 . 2008-01-09 12:25	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-08-24 12:37 . 2010-08-24 12:37	--------	d-----w-	c:\users\xxxx\AppData\Roaming\Malwarebytes
2010-08-24 12:37 . 2010-08-24 12:36	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-24 12:36 . 2010-08-24 12:36	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-24 08:01 . 2007-07-15 13:39	--------	d-----w-	c:\program files\Common Files\Java
2010-08-24 08:00 . 2007-07-15 22:52	--------	d-----w-	c:\program files\Java
2010-08-08 14:08 . 2008-11-04 10:58	1682340	----a-w-	c:\users\xxxx\AppData\Roaming\mdbu.bin
2010-08-08 13:58 . 2006-11-02 15:33	651350	----a-w-	c:\windows\system32\perfh007.dat
2010-08-08 13:58 . 2006-11-02 15:33	121114	----a-w-	c:\windows\system32\perfc007.dat
2010-08-05 13:25 . 2010-08-05 13:22	--------	d-----w-	c:\program files\iTunes
2010-08-05 13:23 . 2010-08-05 13:23	--------	d-----w-	c:\program files\iPod
2010-08-05 13:23 . 2007-07-14 12:59	--------	d-----w-	c:\program files\Common Files\Apple
2010-08-05 13:13 . 2010-08-05 13:13	73000	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-17 03:00 . 2010-08-24 08:00	423656	----a-w-	c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-08-27 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 4670968]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-07-16 1006264]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 4399104]
"LG Magnifier"="c:\program files\LG Software\LG Magnifier\MagnifyingGlass.exe" [2007-03-02 112184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 845360]
"KeybdUtility"="c:\program files\LG Software\On Screen Display\HotKey.exe" [2007-03-21 2655800]
"BatteryMiser 5"="c:\program files\LG Software\BatteryMiser\BatteryMiser5.exe" [2007-02-22 337464]
"LG Intelligent Update"="c:\program files\lg_swupdate\giljabistart.exe" [2008-12-16 251184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-18 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-18 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-18 138008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Device Detection"="c:\program files\fotokasten comfort\dd.exe" [2009-11-24 439776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"  Malwarebytes Anti-Malware   (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2006-12-11 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Password Safe"=c:\program files\Password Safe and Repository Personal Edition\psr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 lgodd_filter;lgodd_filter;c:\windows\system32\drivers\lgodd_filter.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig?hl=de&gl=
uInternet Settings,ProxyOverride = *.local
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
DPF: {BF5F3A70-4ECD-446A-A4EE-68AE66C1CC79} - hxxp://fotoalbum.pixaco.de/Upload/PixacoActiveX.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-DXDllRegExe - dxdllreg.exe
AddRemove-{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF} - c:\program files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-01 14:25
Windows 6.0.6000  NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2010-10-01  14:34:59
ComboFix-quarantined-files.txt  2010-10-01 12:34

Vor Suchlauf: 7 Verzeichnis(se), 18.843.201.536 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 18.197.594.112 Bytes frei

- - End Of File - - F825A0D09C0F485FF5F862D825AF7368

--- --- ---

Larusso · 14.10.2010, 18:10

Hy, john.doe hat uns leider verlassen

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.

Schritt 2

Downloade Dir bitte SecurityCheck

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort
OTL.txt
Extras.txt
checkup.txt
Berichte ob noch Probleme vorhanden sind.

cyberella · 18.10.2010, 11:36

Hallo Daniel,

danke für die "Übernahme" !

Hier di Logfiles:

otl.txt:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.10.2010 12:08:27 - Run 2
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\xxxx\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16764)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 224,00 Mb Available Physical Memory | 22,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 51,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110,79 Gb Total Space | 11,36 Gb Free Space | 10,25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: xxxx-PC
Current User Name: xxxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.24 15:24:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
PRC - [2010.07.14 09:35:00 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009.11.24 17:42:48 | 000,439,776 | ---- | M] () -- C:\Program Files\fotokasten comfort\dd.exe
PRC - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009.11.13 13:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009.08.05 16:26:53 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.08 16:33:26 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.08 16:27:50 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2008.12.16 11:39:59 | 000,251,184 | ---- | M] (BIT LEADER) -- C:\Program Files\lg_swupdate\GiljabiStart.exe
PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007.09.11 00:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
PRC - [2007.07.16 08:19:05 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.03.21 20:57:54 | 002,655,800 | ---- | M] (LG Electronics) -- C:\Program Files\LG Software\On Screen Display\HotKey.exe
PRC - [2007.03.14 15:50:24 | 004,399,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.03.02 22:47:34 | 000,185,912 | ---- | M] (LG Electronics Inc.) -- C:\Program Files\LG Software\LG Magnifier\Maglev.exe
PRC - [2007.03.02 22:37:58 | 000,112,184 | ---- | M] (LG Electronics Inc.) -- C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
PRC - [2007.02.22 11:56:14 | 000,337,464 | ---- | M] (LG Electronics Inc.) -- C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
PRC - [2007.02.12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.02.12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.24 15:24:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
MOD - [2006.11.02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006.11.02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.08.05 16:26:53 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.05.23 17:05:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.07.16 08:19:04 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.02.12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgodd_filter.sys -- (lgodd_filter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\xxxx\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009.12.09 19:46:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007.04.13 15:32:38 | 001,746,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007.04.13 15:32:38 | 001,746,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007.03.14 16:54:06 | 001,749,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007.02.09 17:41:16 | 000,182,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.01.31 18:55:12 | 000,690,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.01.24 12:27:28 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.11.22 09:12:00 | 000,195,072 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.05 11:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.12.14 21:30:22 | 000,007,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgsnd_filter.sys -- (lgsnd_filter)
DRV - [2001.10.09 20:11:02 | 000,183,080 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OM518VID.SYS -- (OM518P)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/webhp?rls=ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
[2010.03.08 16:23:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions
[2010.03.08 16:23:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
 
O1 HOSTS File: ([2010.10.01 14:25:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BatteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe (LG Electronics Inc.)
O4 - HKLM..\Run: [Device Detection] C:\Program Files\fotokasten comfort\dd.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display\HotKey.exe (LG Electronics)
O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\giljabistart.exe (BIT LEADER)
O4 - HKLM..\Run: [LG Magnifier] C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe (LG Electronics Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} hxxp://www3.snapfish.de/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.fotokasten.de/javaapplet/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {BF5F3A70-4ECD-446A-A4EE-68AE66C1CC79} hxxp://fotoalbum.pixaco.de/Upload/PixacoActiveX.cab (MoreUploadX)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\xxxx\Pictures\PLATTE\Farbe GRÜN\IMG_6930.JPG
O24 - Desktop BackupWallPaper: C:\Users\xxxx\Pictures\PLATTE\Farbe GRÜN\IMG_6930.JPG
O28 - HKLM ShellExecuteHooks: {26F5978F-6493-4ee3-B114-C0C3ACCF9D4D} - C:\Windows\System32\bmpsap.dll ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.01 16:32:12 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2010.10.01 14:35:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.10.01 14:05:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.10.01 14:05:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.10.01 14:05:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.10.01 14:05:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.10.01 14:05:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.10.01 14:04:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.10.01 13:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.10.01 13:42:53 | 001,187,896 | ---- | C] (Piriform Ltd) -- C:\Users\xxxx\Desktop\ccsetup236.exe
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.18 12:11:32 | 004,980,736 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat
[2010.10.18 11:52:21 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.18 11:52:20 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.18 11:52:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.18 11:51:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.18 11:51:44 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.16 12:37:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.10.16 12:36:41 | 001,806,963 | -H-- | M] () -- C:\Users\xxxx\AppData\Local\IconCache.db
[2010.10.07 17:57:07 | 001,682,340 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\mdbu.bin
[2010.10.01 14:26:01 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.10.01 14:25:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.10.01 14:00:57 | 000,048,510 | ---- | M] () -- C:\Users\xxxx\Downloads\Documents\cc_20101001_140048.reg
[2010.10.01 13:59:38 | 000,000,082 | ---- | M] () -- C:\Users\xxxx\Downloads\Documents\cc_20101001_135930.reg
[2010.10.01 13:45:45 | 000,000,774 | ---- | M] () -- C:\Users\xxxx\Desktop\CCleaner.lnk
[2010.10.01 13:43:36 | 001,187,896 | ---- | M] (Piriform Ltd) -- C:\Users\xxxx\Desktop\ccsetup236.exe
[2010.10.01 13:38:38 | 003,858,825 | R--- | M] () -- C:\Users\xxxx\Desktop\cofi.exe
 
========== Files Created - No Company Name ==========
 
[2010.10.01 14:05:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.10.01 14:05:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.10.01 14:05:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.10.01 14:05:44 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.10.01 14:05:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.10.01 14:00:51 | 000,048,510 | ---- | C] () -- C:\Users\xxxx\Downloads\Documents\cc_20101001_140048.reg
[2010.10.01 13:59:38 | 000,000,082 | ---- | C] () -- C:\Users\xxxx\Downloads\Documents\cc_20101001_135930.reg
[2010.10.01 13:45:45 | 000,000,774 | ---- | C] () -- C:\Users\xxxx\Desktop\CCleaner.lnk
[2010.10.01 13:38:14 | 003,858,825 | R--- | C] () -- C:\Users\xxxx\Desktop\cofi.exe
[2009.08.13 10:38:38 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2008.11.04 12:58:07 | 001,682,340 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\mdbu.bin
[2007.10.23 21:06:06 | 000,000,680 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps.dat
[2007.07.15 14:38:25 | 000,023,888 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\UserTile.png
[2007.07.14 17:33:07 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.07.14 12:37:22 | 000,000,092 | ---- | C] () -- C:\Users\xxxx\AppData\Local\fusioncache.dat
[2007.07.14 12:08:14 | 000,022,473 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007.07.14 11:53:11 | 000,000,511 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.07.12 18:53:30 | 000,021,504 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.13 15:55:24 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
[2007.03.27 05:06:59 | 000,010,395 | ---- | C] () -- C:\Windows\lg_up.ini
[2007.03.27 05:06:01 | 000,000,890 | ---- | C] () -- C:\Windows\lgcenter.ini
[2007.03.27 04:33:33 | 000,114,688 | ---- | C] () -- C:\Windows\System32\bmpsap.dll
[2007.03.27 04:33:33 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\lgsnd_filter.sys
[2007.03.27 04:06:55 | 000,009,931 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.03.27 04:02:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1187.dll
[2007.03.27 03:59:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.03.27 03:58:09 | 000,000,196 | ---- | C] () -- C:\Windows\lgps.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:25:21 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1999.01.22 20:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
< End of report >

--- --- ---

Extras.txt:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.10.2010 12:08:27 - Run 2
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\xxxx\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16764)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 224,00 Mb Available Physical Memory | 22,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 51,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110,79 Gb Total Space | 11,36 Gb Free Space | 10,25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: xxxx-PC
Current User Name: xxxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{244B61FC-23D4-4D91-8F12-24E1297D4C22}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5AB2F66D-9E65-42BE-AAC3-D81F95B0A307}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5DBC0E67-CF13-4AAE-B29C-B65DB1DB4936}" = rport=139 | protocol=6 | dir=out | app=system | 
"{63244E40-E781-4EDD-B32C-46420132B5F7}" = rport=137 | protocol=17 | dir=out | app=system | 
"{760B0476-6726-4C3D-93E0-67A9819ACE93}" = lport=445 | protocol=6 | dir=in | app=system | 
"{82DE0441-EF9F-4789-AC58-A30EF4964131}" = lport=137 | protocol=17 | dir=in | app=system | 
"{910984FE-08D8-465F-88B5-2FB3EBF10AA1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{94F099F4-AA71-45AD-A1D3-35E7C2151FDC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{997C59DD-AC6A-4FF8-A380-221757A1F117}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B09BC401-09AD-4296-881C-44D5EAE30C14}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BD0B3582-CE68-4FD0-8FA7-3C95C0D86F46}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E63EF1A8-8ADC-4D51-B678-11A38D7A02F8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C03A45A-DB31-4781-B4C6-D635C4E7A73A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{2254DF02-EB1E-44D0-9564-DB514F0B6160}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{2470AE9A-5F76-4977-888D-9C69B39CFF27}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3743F0EC-0AC0-4DE2-AD35-D83CED2B1D12}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{42C19DEC-6855-4F4F-88AD-05DDD8BC6848}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{556BBB84-2924-4C07-B8F3-1952DA6C209C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{5FB7956B-15A3-4E32-8FC8-72D798FB001C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{7035E137-FB2D-413F-B69F-F1661D964C98}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{95A6A6D6-9387-4C51-A483-14462F850AB1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{BF4CB18B-9224-4530-AEA6-6B136A20B726}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C9E2FEDE-B0F9-4CB6-B8F5-7871DB71F26E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{CE32D1E3-5949-4E5E-B315-F551A5CFB012}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{E7DD2178-134F-4064-A943-EDE5EDEDCC37}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E8250AAD-E9BD-4748-81BC-76B80F4BD420}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EE6A0598-204A-41CD-A558-3B81687FC10D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F1B1E6E9-7EE6-471F-A5E5-50A031737986}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F8B07FC3-96DD-4299-B7DE-590A592B3E0A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"TCP Query User{2C177518-6DB9-4F98-AEF4-2146A9481EF3}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{81803175-361C-4342-80A9-90AC935B4560}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{9A902081-4AB7-4162-9F8C-88B8A81215B5}C:\users\xxxx\temp\teamviewer\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\xxxx\temp\teamviewer\teamviewer.exe | 
"TCP Query User{C2AA1E60-73F2-41DD-AED7-8C6A9BA22829}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{FB2C688C-0F6C-4E6B-92E0-9AC546D75B71}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{2BB8A4BB-F524-44F6-A7B7-721FEB193729}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{3CF26852-337B-4C77-9FCF-F9B93174E166}C:\users\xxxx\temp\teamviewer\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\xxxx\temp\teamviewer\teamviewer.exe | 
"UDP Query User{4C6A2E57-DED7-4DBB-BAC5-AC3DC0AA800B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{7E275D10-478E-45C9-9700-D67A611FF094}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{8A899867-BCB9-4103-9495-99591AC3CEE0}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}" = 6300Trb
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AC8EA9E-3044-46CB-AC0D-69C45D207178}" = EzManual
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8E49F657-FC83-4730-BF52-A69082989B8B}_is1" = Cramfire 2009 Version 1.6
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9455E8B0-4D73-4A9D-BFA3-D2C213BFD28F}" = LG Smart Cam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BDEDBDD9-C97B-4333-B7BE-6979A34F6F74}" = 6300_Help
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D5228699-F4DD-4D0C-82AD-3F17C45D027E}" = On Screen Display
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2CB21A2-FD45-4353-888B-FFD071270F35}" = 6300
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{E55C8F84-160B-41FA-9D41-6210801C0C24}" = BatteryMiser 5
"{E562EEFF-D152-43AC-A648-82305AE46608}" = TerraCam USB PRO
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F60F1131-3D1F-44D9-8A42-FCC62AE8CF89}" = LG Magnifier
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"FKC21_is1" = fotokasten comfort
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"HVB eFIN 3.3" = HVB eFIN 3.3
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"myphotobook" = myphotobook 3.2
"PhotoStitch" = Canon Utilities PhotoStitch
"psrpe_is1" = Password Safe and Repository Personal Edition v4.5.5.1612
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Shop for HP Supplies" = Shop for HP Supplies
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.02.2008 07:08:39 | Computer Name = xxxx-PC | Source = VSS | ID = 8194
Description = 
 
Error - 08.03.2008 22:38:09 | Computer Name = xxxx-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6000.16546, Zeitstempel
 0x46c64caf, fehlerhaftes Modul mshtml.dll, Version 7.0.6000.16546, Zeitstempel 
0x46c65af4, Ausnahmecode 0xc0000005, Fehleroffset 0x00242b1d,  Prozess-ID 0xfa0, Anwendungsstartzeit
 01c881639c3e765d.
 
Error - 16.04.2008 02:19:17 | Computer Name = xxxx-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung pnp.exe, Version 3.0.0.116, Zeitstempel 0x46fc7c26,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
 0xc0000005, Fehleroffset 0x0003b15f,  Prozess-ID 0x1284, Anwendungsstartzeit 01c89f89c370248b.
 
Error - 22.04.2008 17:48:23 | Computer Name = xxxx-PC | Source = Application Hang | ID = 1002
Description = Programm WinMail.exe, Version 6.0.6000.16480 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 740  Anfangszeit: 01c8a4c25c91a8dc  Zeitpunkt
 der Beendigung: 11
 
Error - 09.05.2008 09:57:10 | Computer Name = xxxx-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6000.16549 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 7f8  Anfangszeit: 01c8b1d587265bfb  Zeitpunkt
 der Beendigung: 1322
 
Error - 13.05.2008 14:39:55 | Computer Name = xxxx-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6000.16549 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 750  Anfangszeit: 01c8b5270eb95a6c  Zeitpunkt
 der Beendigung: 10921
 
Error - 15.05.2008 04:14:32 | Computer Name = xxxx-PC | Source = VSS | ID = 8194
Description = 
 
Error - 16.06.2008 02:55:01 | Computer Name = xxxx-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung pnp.exe, Version 3.0.0.116, Zeitstempel 0x46fc7c26,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
 0xc0000005, Fehleroffset 0x0002294f,  Prozess-ID 0x90c, Anwendungsstartzeit 01c8cf7ddcaca87b.
 
Error - 17.06.2008 18:01:31 | Computer Name = xxxx-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 9.0.0.3822 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1468  Anfangszeit: 01c8d0c4db213836  Zeitpunkt der Beendigung:
 24
 
Error - 23.06.2008 15:02:12 | Computer Name = xxxx-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6000.16549, Zeitstempel
 0x46d230c5, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0169c3e8,  Prozess-ID 0x718, Anwendungsstartzeit
 01c8d50c260d3203.
 
[ Media Center Events ]
Error - 18.04.2008 04:25:25 | Computer Name = xxxx-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
[ System Events ]
Error - 16.10.2010 05:26:51 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.10.2010 05:51:45 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.10.2010 05:51:45 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.10.2010 05:51:45 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.10.2010 05:51:45 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.10.2010 05:51:45 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.10.2010 05:51:45 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.10.2010 05:51:45 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.10.2010 05:51:45 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.10.2010 05:51:45 | Computer Name = xxxx-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >

--- --- ---

checkup:

Results of screen317's Security Check version 0.99.5
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Avira AntiVir Personal - Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player
Adobe Reader 8.1.3 - Deutsch
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Windows Defender MSASCui.exe
windows defender MpCmdRun.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Probleme habe ich keine mehr festgestellt (bis auf die Meldung, dass Autostartprogramme geblockt werden), habe aber mit dem "verseuchten Ding" wenig gearbeitet.

ich bin mir allerdings ziemlich sicher, dass ich vor dem Befall noch etwa 40% freien Platz auf der Platte hatte, danach nur noch etwa 1 %, jetzt sind es wieder 10 %. Kann das noch an dem Trojaner liegen?

Und soll ich nach Ende der Bereinigung alle runtergeladenen Programme wieder löschen?

Merci vorab!
Christine

TR/Agent.avs' [trojan - "eingefangen über Yahoo Messenger"

Plagegeister aller Art und deren Bekämpfung: TR/Agent.avs' [trojan - "eingefangen über Yahoo Messenger"