Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 13.12.2011, 22:50   #1
habemehl
 
BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean? - Standard

BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean?



Auf dem Notebook eines Kollegen hat sich der BKA-Trojaner eingeschlichen (Details siehe: hxxp://computer.t-online.de/ukash-bundeskriminalamt-trojaner-erpresst-nutzer/id_45379290/index)
Ich weiß leider nicht, wie er ihn bekommen hat, er ist sich (wie immer) keine Schuld bewusst...

Ich habe das Notebook (Vista, 32Bit) im abgesicherten Modus starten können und dort mit Malewarebyte den Rechner gescannt und repariert, dabei wurden u.a.
PUP.VSHareRedir, Trojan.Dropper und Hijack.StartPage gefunden (Details siehe mbamlog 2011-12-13 17-18-47)
Diese konnten entfernt werden, danach habe ich das Notebook normal starten können. Scans mit AVG, McAfee Stinger und ein erneuter Scan mit Malewarebytes fanden keine weiteren Schädlinge.

Ich bin mir nicht sicher, ob das System wirklich wieder sauber ist und habe daher nach eurer Anleitung OTL-Logs. Ich würde mich freuen, wenn ihr euch die Logs anschauen könnt und mir sagen könnt ob das System wieder Clean ist oder ob da noch mehr versteckt ist...

Hier die OTL
Code:
ATTFilter
OTL logfile created on: 13.12.2011 21:07:46 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = G:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,27 Gb Available Physical Memory | 15,28% Memory free
3,74 Gb Paging File | 2,06 Gb Available in Paging File | 54,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,09 Gb Total Space | 207,39 Gb Free Space | 72,24% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 2,09 Gb Free Space | 20,95% Space Free | Partition Type: NTFS
Drive F: | 1022,00 Mb Total Space | 1017,02 Mb Free Space | 99,51% Space Free | Partition Type: FAT32
Drive G: | 1,87 Gb Total Space | 1,73 Gb Free Space | 92,52% Space Free | Partition Type: FAT
 
Computer Name: WK***-PC | User Name: Wolfgang K** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\OTL.exe (OldTimer Tools)
PRC - G:\Defogger.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
PRC - C:\Programme\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\SolutionMenu\CNSLMAIN.EXE (CANON INC.)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - G:\Defogger.exe ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\167cb8990c9f24c3c84d564f4075e2ad\System.Data.DataSetExtensions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\ICQ7.2\MDb.dll ()
MOD - C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3363.26466__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3363.26465__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3363.26485__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3393.24803__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3393.24802__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3363.26474__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3363.26485__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3393.24803__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (0140511280238208mcinstcleanup) McAfee Application Installer Cleanup (0140511280238208) --  File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (Agere Systems)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Users\Wolfgang K**\Desktop\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Users\Wolfgang K**\Desktop\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.14 15:34:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.16 01:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.16 01:44:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 12:39:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.27 15:13:51 | 000,000,000 | ---D | M]
 
[2010.07.27 14:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgang K**\AppData\Roaming\mozilla\Extensions
[2011.12.12 22:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgang K**\AppData\Roaming\mozilla\Firefox\Profiles\00kextk9.default\extensions
[2011.03.14 21:38:03 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Wolfgang K**\AppData\Roaming\mozilla\Firefox\Profiles\00kextk9.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.10.02 14:28:52 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Wolfgang K**\AppData\Roaming\mozilla\Firefox\Profiles\00kextk9.default\extensions\vshare@toolbar
[2011.12.13 21:01:53 | 000,000,950 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin-1.xml
[2011.08.27 15:14:01 | 000,000,950 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin-2.xml
[2011.09.07 17:55:57 | 000,000,950 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin-3.xml
[2011.10.04 10:07:42 | 000,000,950 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin-4.xml
[2011.11.11 12:41:06 | 000,000,950 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin-5.xml
[2011.08.12 09:18:10 | 000,001,056 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\startsear.xml
[2010.10.02 14:29:05 | 000,001,583 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\web-search.xml
[2011.11.11 12:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.07 14:55:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.09.24 22:17:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\WOLFGANG K**\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\00KEXTK9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.11 12:39:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.10.04 10:07:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 10:07:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.04 10:07:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 10:07:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 10:07:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 10:07:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Users\Wolfgang K**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.179.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9441735D-5E71-4572-B178-E29A95E5C4E7}: DhcpNameServer = 192.168.179.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (avgrsstx.dll) -C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{17766186-ab00-11df-81b2-00247e984c86}\Shell - "" = AutoRun
O33 - MountPoints2\{17766186-ab00-11df-81b2-00247e984c86}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{17766188-ab00-11df-81b2-00247e984c86}\Shell - "" = AutoRun
O33 - MountPoints2\{17766188-ab00-11df-81b2-00247e984c86}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{861c1bd0-a95a-11df-9aad-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{861c1bd0-a95a-11df-9aad-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{861c1c09-a95a-11df-9aad-00247e984c86}\Shell - "" = AutoRun
O33 - MountPoints2\{861c1c09-a95a-11df-9aad-00247e984c86}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f58ae69b-abb4-11df-827d-00247e984c86}\Shell - "" = AutoRun
O33 - MountPoints2\{f58ae69b-abb4-11df-827d-00247e984c86}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f58ae69d-abb4-11df-827d-00247e984c86}\Shell - "" = AutoRun
O33 - MountPoints2\{f58ae69d-abb4-11df-827d-00247e984c86}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\windows\System32\rundll32.exe" "C:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.13 17:57:35 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\windows\stinger.sys
[2011.12.12 22:17:30 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang K**\AppData\Roaming\Malwarebytes
[2011.12.12 22:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.12 22:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.12 22:17:19 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011.12.12 22:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.27 13:22:55 | 000,256,576 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010.07.27 13:22:52 | 000,203,328 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.13 20:58:08 | 000,000,000 | ---- | M] () -- C:\Users\Wolfgang K**\defogger_reenable
[2011.12.13 20:00:43 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.13 20:00:43 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.13 17:57:35 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\windows\stinger.sys
[2011.12.13 17:29:16 | 000,730,616 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011.12.13 17:29:16 | 000,655,950 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011.12.13 17:29:16 | 000,162,054 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011.12.13 17:29:16 | 000,133,466 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011.12.13 17:29:06 | 090,281,361 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2011.12.13 17:22:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011.12.13 17:21:57 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.13 17:15:55 | 000,007,728 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Local\d3d9caps.dat
[2011.12.12 22:17:23 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.12 22:07:05 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2011.12.01 04:27:11 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011.11.23 13:07:55 | 000,009,049 | ---- | M] () -- C:\Users\Wolfgang K**\Desktop\link.odt
 
========== Files Created - No Company Name ==========
 
[2011.12.13 20:58:08 | 000,000,000 | ---- | C] () -- C:\Users\Wolfgang K**\defogger_reenable
[2011.12.13 17:21:57 | 1875,763,200 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.12 22:17:23 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.23 12:36:49 | 000,009,049 | ---- | C] () -- C:\Users\Wolfgang K**\Desktop\link.odt
[2011.06.14 17:42:50 | 000,001,849 | ---- | C] () -- C:\Users\Wolfgang K**\AppData\Roaming\GhostObjGAFix.xml
[2010.08.08 11:31:24 | 000,013,824 | ---- | C] () -- C:\Users\Wolfgang K**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.07 22:38:29 | 000,000,008 | RHS- | C] () -- C:\ProgramData\2245E2BB5A.sys
[2010.08.07 22:38:28 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.08.01 17:57:51 | 000,107,612 | ---- | C] () -- C:\windows\System32\StructuredQuerySchema.bin
[2010.08.01 17:57:50 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2010.07.27 23:09:54 | 000,007,728 | ---- | C] () -- C:\Users\Wolfgang K**\AppData\Local\d3d9caps.dat
[2010.07.27 14:33:58 | 000,030,439 | ---- | C] () -- C:\windows\scunin.dat
[2010.07.27 14:09:52 | 000,116,224 | ---- | C] () -- C:\windows\System32\redmonnt.dll
[2010.07.27 14:09:52 | 000,045,056 | ---- | C] () -- C:\windows\System32\unredmon.exe
[2010.07.27 13:22:53 | 001,765,184 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010.07.27 13:22:53 | 000,034,496 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010.07.27 13:22:53 | 000,027,200 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2010.07.27 13:22:53 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010.07.27 13:11:49 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2010.07.27 13:00:53 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010.07.27 12:59:46 | 000,000,012 | ---- | C] () -- C:\windows\bthservsdp.dat
[2009.07.31 07:37:59 | 000,018,904 | ---- | C] () -- C:\windows\System32\StructuredQuerySchemaTrivial.bin
[2009.04.16 00:25:22 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2009.02.23 02:39:30 | 000,184,394 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2008.04.16 16:03:14 | 000,730,616 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2008.04.16 16:03:14 | 000,290,748 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2008.04.16 16:03:14 | 000,162,054 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2008.04.16 16:03:14 | 000,036,916 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2006.11.02 13:44:53 | 000,441,064 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,655,950 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,133,466 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2000.03.01 18:49:20 | 000,028,958 | ---- | C] () -- C:\windows\System32\kart_dbl.dll
[1997.09.01 02:00:00 | 000,038,614 | ---- | C] () -- C:\windows\System32\Kart_doj.dll
[1997.08.04 10:17:56 | 001,201,206 | ---- | C] () -- C:\windows\System32\Kart24gf.dll
[1997.08.04 10:16:44 | 001,201,206 | ---- | C] () -- C:\windows\System32\Kart24gd.dll
 
========== LOP Check ==========
 
[2010.10.26 15:57:19 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang K**\AppData\Roaming\Citrix
[2011.12.11 02:14:10 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang K**\AppData\Roaming\ICQ
[2010.08.07 22:38:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang K**\AppData\Roaming\InterVideo
[2011.03.18 21:35:26 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang K**\AppData\Roaming\Kalypso Media
[2010.07.27 15:47:14 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang K**\AppData\Roaming\OpenOffice.org
[2011.06.28 20:31:01 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang K**\AppData\Roaming\SumatraPDF
[2011.12.12 22:07:06 | 000,032,538 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.07.27 13:35:02 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.08.03 21:33:21 | 000,000,000 | -HSD | M] -- C:\boot
[2011.12.06 18:12:25 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 13:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.07.27 13:06:29 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.07.29 13:29:33 | 000,000,000 | ---D | M] -- C:\ee28d4468e00528a6de8ed929566f2
[2009.07.31 07:53:46 | 000,000,000 | -H-D | M] -- C:\hp
[2010.07.27 13:31:56 | 000,000,000 | ---D | M] -- C:\Logs
[2008.01.21 03:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.12 22:17:19 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.12 22:17:22 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.07.27 13:06:29 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.06.21 17:12:05 | 000,000,000 | ---D | M] -- C:\Swsetup
[2011.12.13 21:12:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.04.26 16:41:50 | 000,000,000 | -H-D | M] -- C:\System.Sav
[2010.07.27 13:09:54 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.13 17:57:35 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011.04.21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008.01.21 03:33:55 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009.04.11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2009.04.11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011.04.21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2009.07.31 07:54:43 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.07.31 07:54:43 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.07.31 07:54:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2009.07.31 07:54:44 | 002,923,520 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 03:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-11 01:14:23
 
<           >

< End of report >
         

PS: GMER analysiert das Notebook noch und das scheint noch etwas zu dauern... Ich liefere das Log morgenfrüh nach.

Vielen Dank und beste Grüße
habemehl

Alt 14.12.2011, 07:34   #2
kira
/// Helfer-Team
 
BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean? - Standard

BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean?



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
  • per Doppelklick starten.
  • gleich mal die Datenbanken zu aktualisieren - online updaten
  • Vollständiger Suchlauf wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
erneut einen Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 14.12.2011, 18:22   #3
habemehl
 
BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean? - Standard

BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean?



Hallo Kira,

vielen Dank für deine Unterstützung. Ich habe alles durchgelesen und bearbeitet: Der Vollscan mit Malewarebyte hat etwas gedauert, hat aber noch etwas gefunden:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8368

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

14.12.2011 17:13:17
mbam-log-2011-12-14 (17-13-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 394230
Laufzeit: 2 Stunde(n), 8 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\wolfgang K**\AppData\LocalLow\Sun\Java\deployment\cache\6.0\5\5aaf8145-3ecc832d (Trojan.Dropper) -> Quarantined and deleted successfully.
         
Hier der OTL-Scan (OTL.txt):
Code:
ATTFilter
OTL logfile created on: 14.12.2011 17:56:33 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = G:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 44,99% Memory free
3,74 Gb Paging File | 2,57 Gb Available in Paging File | 68,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,09 Gb Total Space | 208,05 Gb Free Space | 72,47% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 2,09 Gb Free Space | 20,95% Space Free | Partition Type: NTFS
Drive F: | 1022,00 Mb Total Space | 1017,02 Mb Free Space | 99,51% Space Free | Partition Type: FAT32
Drive G: | 1,87 Gb Total Space | 1,72 Gb Free Space | 92,30% Space Free | Partition Type: FAT
 
Computer Name: WK** | User Name: Wolfgang K** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - \\?\C:\windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Programme\Canon\SolutionMenu\CNSLMAIN.EXE (CANON INC.)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\ICQ7.2\MDb.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3393.24736__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3393.24809__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3393.24776__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3393.24717__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3393.24737__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3393.24810__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3393.24776__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3393.24726__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3393.24789__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3393.24771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3393.24775__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3393.24731__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3393.24761__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3393.24726__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3393.24764__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3393.24727__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3393.24738__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3393.24784__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3393.24742__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3393.24737__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3393.24808__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3393.24768__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3393.24763__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3393.24808__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3393.24742__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3393.24768__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3393.24762__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3393.24770__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3393.24762__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3393.24763__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3393.24769__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3363.26466__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3363.26478__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3363.26472__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3363.26488__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3363.26504__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3363.26504__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3363.26486__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3363.26504__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3363.26467__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3363.26495__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3363.26480__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3363.26494__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3363.26493__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3363.26492__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3363.26492__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3363.26501__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3363.26494__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3363.26465__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3363.26484__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3363.26525__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3363.26501__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3363.26491__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3363.26490__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3363.26487__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3363.26493__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3363.26488__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3363.26482__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3363.26479__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3363.26472__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3363.26490__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3363.26486__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3363.26485__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.OS\2.0.3363.26502__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3363.26489__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3363.26477__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3363.26491__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3363.26489__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3363.26478__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3393.24722__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3393.24731__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3393.24803__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3393.24715__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3393.24715__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3393.24802__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3393.24717__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3363.26487__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3393.24817__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3363.26470__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3363.26482__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3363.26474__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3363.26486__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3363.26476__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3363.26485__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3363.26484__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3363.26495__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3393.24803__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3393.24713__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3393.24715__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3393.24713__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (0140511280238208mcinstcleanup) McAfee Application Installer Cleanup (0140511280238208) --  File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (Agere Systems)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Users\Wolfgang K**\Desktop\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Users\Wolfgang K**\Desktop\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.14 15:34:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.16 01:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.16 01:44:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 12:39:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.27 15:13:51 | 000,000,000 | ---D | M]
 
[2010.07.27 14:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgang K**\AppData\Roaming\mozilla\Extensions
[2011.12.12 22:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgang K**\AppData\Roaming\mozilla\Firefox\Profiles\00kextk9.default\extensions
[2011.03.14 21:38:03 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Wolfgang K**\AppData\Roaming\mozilla\Firefox\Profiles\00kextk9.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.10.02 14:28:52 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Wolfgang K**\AppData\Roaming\mozilla\Firefox\Profiles\00kextk9.default\extensions\vshare@toolbar
[2011.12.13 21:01:53 | 000,000,950 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin-1.xml
[2011.08.27 15:14:01 | 000,000,950 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin-2.xml
[2011.09.07 17:55:57 | 000,000,950 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin-3.xml
[2011.10.04 10:07:42 | 000,000,950 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin-4.xml
[2011.11.11 12:41:06 | 000,000,950 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin-5.xml
[2011.08.12 09:18:10 | 000,001,056 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\startsear.xml
[2010.10.02 14:29:05 | 000,001,583 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\web-search.xml
[2011.11.11 12:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.07 14:55:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.09.24 22:17:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\WOLFGANG K**\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\00KEXTK9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.11 12:39:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.10.04 10:07:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 10:07:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.04 10:07:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 10:07:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 10:07:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 10:07:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Users\Wolfgang K**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9441735D-5E71-4572-B178-E29A95E5C4E7}: DhcpNameServer = 192.168.43.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (avgrsstx.dll) -C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{17766186-ab00-11df-81b2-00247e984c86}\Shell - "" = AutoRun
O33 - MountPoints2\{17766186-ab00-11df-81b2-00247e984c86}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{17766188-ab00-11df-81b2-00247e984c86}\Shell - "" = AutoRun
O33 - MountPoints2\{17766188-ab00-11df-81b2-00247e984c86}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{861c1bd0-a95a-11df-9aad-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{861c1bd0-a95a-11df-9aad-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{861c1c09-a95a-11df-9aad-00247e984c86}\Shell - "" = AutoRun
O33 - MountPoints2\{861c1c09-a95a-11df-9aad-00247e984c86}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d99f9dcb-9975-11df-90f7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d99f9dcb-9975-11df-90f7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\reatogoMenu.exe
O33 - MountPoints2\{f58ae69b-abb4-11df-827d-00247e984c86}\Shell - "" = AutoRun
O33 - MountPoints2\{f58ae69b-abb4-11df-827d-00247e984c86}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f58ae69d-abb4-11df-827d-00247e984c86}\Shell - "" = AutoRun
O33 - MountPoints2\{f58ae69d-abb4-11df-827d-00247e984c86}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.13 17:57:35 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\windows\stinger.sys
[2011.12.12 22:17:30 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang K**\AppData\Roaming\Malwarebytes
[2011.12.12 22:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.12 22:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.12 22:17:19 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011.12.12 22:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.27 13:22:55 | 000,256,576 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010.07.27 13:22:52 | 000,203,328 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.14 17:58:41 | 000,730,616 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011.12.14 17:58:41 | 000,655,950 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011.12.14 17:58:41 | 000,162,054 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011.12.14 17:58:41 | 000,133,466 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011.12.14 17:52:20 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.14 17:52:19 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.14 17:52:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011.12.14 17:52:03 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.14 17:51:00 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2011.12.13 20:58:08 | 000,000,000 | ---- | M] () -- C:\Users\Wolfgang K**\defogger_reenable
[2011.12.13 17:57:35 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\windows\stinger.sys
[2011.12.13 17:29:06 | 090,281,361 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2011.12.13 17:15:55 | 000,007,728 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Local\d3d9caps.dat
[2011.12.12 22:17:23 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.01 04:27:11 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011.11.23 13:07:55 | 000,009,049 | ---- | M] () -- C:\Users\Wolfgang K**\Desktop\link.odt
 
========== Files Created - No Company Name ==========
 
[2011.12.13 20:58:08 | 000,000,000 | ---- | C] () -- C:\Users\Wolfgang K**\defogger_reenable
[2011.12.13 17:21:57 | 1875,763,200 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.12 22:17:23 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.23 12:36:49 | 000,009,049 | ---- | C] () -- C:\Users\Wolfgang K**\Desktop\link.odt
[2011.06.14 17:42:50 | 000,001,849 | ---- | C] () -- C:\Users\Wolfgang K**\AppData\Roaming\GhostObjGAFix.xml
[2010.08.08 11:31:24 | 000,013,824 | ---- | C] () -- C:\Users\Wolfgang K**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.07 22:38:29 | 000,000,008 | RHS- | C] () -- C:\ProgramData\2245E2BB5A.sys
[2010.08.07 22:38:28 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.08.01 17:57:51 | 000,107,612 | ---- | C] () -- C:\windows\System32\StructuredQuerySchema.bin
[2010.08.01 17:57:50 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2010.07.27 23:09:54 | 000,007,728 | ---- | C] () -- C:\Users\Wolfgang K**\AppData\Local\d3d9caps.dat
[2010.07.27 14:33:58 | 000,030,439 | ---- | C] () -- C:\windows\scunin.dat
[2010.07.27 14:09:52 | 000,116,224 | ---- | C] () -- C:\windows\System32\redmonnt.dll
[2010.07.27 14:09:52 | 000,045,056 | ---- | C] () -- C:\windows\System32\unredmon.exe
[2010.07.27 13:22:53 | 001,765,184 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010.07.27 13:22:53 | 000,034,496 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010.07.27 13:22:53 | 000,027,200 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2010.07.27 13:22:53 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010.07.27 13:11:49 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2010.07.27 13:00:53 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010.07.27 12:59:46 | 000,000,012 | ---- | C] () -- C:\windows\bthservsdp.dat
[2009.07.31 07:37:59 | 000,018,904 | ---- | C] () -- C:\windows\System32\StructuredQuerySchemaTrivial.bin
[2009.04.16 00:25:22 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2009.02.23 02:39:30 | 000,184,394 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2008.04.16 16:03:14 | 000,730,616 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2008.04.16 16:03:14 | 000,290,748 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2008.04.16 16:03:14 | 000,162,054 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2008.04.16 16:03:14 | 000,036,916 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2006.11.02 13:44:53 | 000,441,064 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,655,950 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,133,466 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2000.03.01 18:49:20 | 000,028,958 | ---- | C] () -- C:\windows\System32\kart_dbl.dll
[1997.09.01 02:00:00 | 000,038,614 | ---- | C] () -- C:\windows\System32\Kart_doj.dll
[1997.08.04 10:17:56 | 001,201,206 | ---- | C] () -- C:\windows\System32\Kart24gf.dll
[1997.08.04 10:16:44 | 001,201,206 | ---- | C] () -- C:\windows\System32\Kart24gd.dll

< End of report >
         
und hier die Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 14.12.2011 17:56:33 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = G:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 44,99% Memory free
3,74 Gb Paging File | 2,57 Gb Available in Paging File | 68,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,09 Gb Total Space | 208,05 Gb Free Space | 72,47% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 2,09 Gb Free Space | 20,95% Space Free | Partition Type: NTFS
Drive F: | 1022,00 Mb Total Space | 1017,02 Mb Free Space | 99,51% Space Free | Partition Type: FAT32
Drive G: | 1,87 Gb Total Space | 1,72 Gb Free Space | 92,30% Space Free | Partition Type: FAT
 
Computer Name: WK** | User Name: Wolfgang K** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" /n /dde
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ADCD8CB-409B-46E6-A1FD-75ED90383432}" = rport=139 | protocol=6 | dir=out | app=system | 
"{16B49269-EBE4-427E-8239-A900442ABC9E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{28EB71EA-478E-4E8A-84E7-9AAA4A9E2E44}" = rport=445 | protocol=6 | dir=out | app=system | 
"{353C8006-5C1C-4D39-ACD8-6CC1CF6714E2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{46ED42FD-5C76-469F-9E72-0C1BE29269C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{659B5AF4-B031-4C12-90B6-76BDE290C451}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6D03B75D-9B2C-4040-9742-1BEB3D345BA8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{73796C75-9EB6-4AE7-9793-4F92447453A2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7AF4B45F-16DA-45ED-BEAE-835A7E044A00}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C5AB261-AA5A-42E7-B00B-67FB51FBC214}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7CE623D5-6F75-470B-93EF-129DB7132935}" = rport=138 | protocol=17 | dir=out | app=system | 
"{80C7F5E5-604C-46CE-8525-BF0C3CEEB2D6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{970E360D-629E-48C1-BE8A-93BCDCDACB95}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A86189FF-4CB9-4478-AA28-5CCFA213B182}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B59C00FC-DE26-4888-AE36-6507718FDBEE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B9473618-10AD-41DD-9322-EFD46EF35F47}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{CB41AC6D-ACD3-4FE4-877B-75E0EC7A9509}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DDCEBB57-E0FA-4391-90D2-C8B2CC6F09D4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E94ACB86-3511-4DA3-BACC-603C8D6711FD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EB5603E5-2FD1-4106-914F-B3A94EE70DF0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F0D4C22A-9596-49CB-A1D1-E90F8630D05A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{112DA61D-E348-4E31-8C9F-D1DC721A159B}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{16270E15-B5CB-4266-810D-AC01366598A5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1C47FB92-E21B-4233-A36D-6125FF4AB9CE}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{29323FA8-7361-4F94-9FF7-8C1516E723C6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{466F0A88-9DCA-4E1C-98A2-089A22550650}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4D8C140F-C49E-47B3-B9F5-434C19CD10C3}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{55363155-FE55-4AD4-829B-302DD098822D}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{587E63AF-3503-43EB-8393-E2E60F23568F}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{5CA94815-340A-43FD-8D18-76B3E4BC045A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{61E7ACBA-AAD2-43A6-AE0C-20A4C877D8AC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9512AC24-6636-4E24-AD20-E1EB98033AB9}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{9B745913-05D5-4D43-9450-673299410EB1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A101BD3E-F281-4576-8848-271FC8E79172}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe | 
"{A1862102-AEC6-4B47-AD9A-B2DA599969D0}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{B33AD838-F143-4B2A-A6D6-64FA4255106A}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe | 
"{E14667C7-F2A8-487A-9FBF-5E4BFA7F39AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{0259C7CA-8D31-4AD6-9D16-83A3C37D9F2E}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{1E6C1CC3-7ACB-4B79-ADAF-689D1753FAE9}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{64DF052A-9060-4BE6-83C7-40227B6BB8AE}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"TCP Query User{83B736A8-362D-4E57-B1A6-06018860521D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{8FA778D6-9ED5-44AD-8BA5-0AEE06F4A437}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{9A8D75F2-D3AF-4733-879B-F3674F5CE6C8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{C140FA86-1A49-4D03-BFC9-0F9CC88F89B7}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{0236FAC1-7CDD-4EC0-A125-A6BA647F3CBB}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{15C585A0-F011-4FBE-91EB-A17566D9B066}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{40A53EEB-0DA0-428E-AA8C-9AE9A11203B3}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{52821B4F-46C6-4FCD-B3DF-019C48942702}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{545F8EBE-A58E-40BC-94BD-83A12CD76E08}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{BEAA4A7F-7EBC-4BDE-A7BF-F347CD1C2DDB}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"UDP Query User{C665DF7A-0481-440A-819C-F21F88ACC203}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{1373F37A-08A5-A7C9-7004-BE87467CF585}" = Catalyst Control Center Graphics Full New
"{1D3EF69A-BBC3-B00B-0C36-062A36466706}" = CCC Help Greek
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2287DBA3-AD47-4FF0-AAB6-551992E43D0D}" = HP User Guides 0133
"{235CDB6A-6008-42E8-987E-B393C2289A41}" = HP Common Access Service Library
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{255D9E15-C69E-D650-EBC8-2209DA1ABDAE}" = CCC Help Russian
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 27
"{26DEDA99-DDD3-48E1-42AA-E6D7C2594646}" = CCC Help Portuguese
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{2B7F990D-80DF-4122-56E4-20CDDB696CBA}" = Skins
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31043705-9B90-482A-1654-4DAB99F125FF}" = CCC Help French
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.50 A1
"{37B41895-0BEE-3831-531B-EFBB4F9E3505}" = Catalyst Control Center Core Implementation
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C6D6D40-CCD7-FAD1-C71B-F4A005CA7FB2}" = CCC Help Chinese Traditional
"{41818E2C-E227-BD82-1F80-8D2603B00EB3}" = Catalyst Control Center Localization All
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{48EE8491-08E3-4996-ACA4-1E71ED5A1C4F}" = Catalyst Control Center Graphics Full Existing
"{491464CD-DF4B-8DF3-108A-0C4D988F7E08}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DF06829-423B-4D04-9ABB-4C8D9ABF7BC5}" = CCC Help Thai
"{4FEA85FC-49B2-2472-E2B1-ED902D0E7607}" = CCC Help Dutch
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{6441AF33-BEF0-A597-9D4F-B2EC69C7EB85}" = CCC Help Japanese
"{6533DCA9-C3C4-A141-0AC2-2AA60BB88714}" = CCC Help Swedish
"{65E38B35-E861-39AD-94C3-9A6BC099BE73}" = ATI Catalyst Install Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{697B1E2E-4754-1E53-1EA2-5B54794DF4C4}" = CCC Help Norwegian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CB01492-9EB8-6EA9-0EEC-88FECA4CA74D}" = CCC Help Italian
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{75C5100D-9874-EA1C-EBF1-B11DB721C7D0}" = CCC Help Chinese Standard
"{75EA97E2-BAD7-45DF-8196-82A828BF47DC}" = Royal Doppelkopf
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{79A65475-2F7F-491C-BF2F-8D5C0AF0775C}" = DUNGEONS
"{7B5B7A1F-149A-922A-B855-6B80FC1D0664}" = CCC Help Czech
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E05A9B8-173B-9DFC-75FA-A1EA61F737B1}" = CCC Help Korean
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9ED8918B-6561-2C39-0703-67273861F84A}" = CCC Help Danish
"{A1DB71A6-3809-4A85-2CD9-C4518C123F95}" = CCC Help Finnish
"{A3276EED-22A1-4808-9AA3-88A451482E10}" = Catalyst Control Center - Branding
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA8EC7A4-EA02-4A72-B14F-65DA485F74C8}" = ESU for Microsoft Vista SP1
"{AAB53AB8-03FC-5F3C-2822-312D66E15DA5}" = CCC Help Spanish
"{AB497FF1-AEA0-2B68-AB6F-F9577916A0CD}" = ccc-utility
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6FECC42-C7ED-86E2-3BD8-6EF99FEF168A}" = CCC Help German
"{BA6FDFE7-A596-0ABE-0F2A-4B90AF48439F}" = Catalyst Control Center InstallProxy
"{C021640F-DED0-71B2-CA5B-8F1EE1130E26}" = CCC Help English
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC28A406-462D-4A08-A125-3EAF8A64DE4E}" = HP Wireless Assistant
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E05EB9D2-8559-4821-98AC-3D5DA3242D5B}" = Vista Default Settings
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4A4F5C0-C67F-22EC-319B-44546DFC3DB3}" = Catalyst Control Center Graphics Light
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E777AA77-5DF2-99D1-CF96-7EECFA652AA0}" = ccc-core-static
"{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
"{EA3BE3EA-A032-BC41-B753-74453AD7D22F}" = CCC Help Turkish
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EFBE9BC0-39D6-FC89-5353-5641A18761F9}" = CCC Help Polish
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = CPQ Wallpaper
"{F639E2A2-FE6B-4527-B8BE-C1C423B81844}" = HP Webcam
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG9Uninstall" = AVG Free 9.0
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Canon iP2600 series Benutzerregistrierung" = Canon iP2600 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Setup.divx.com" = DivX-Setup
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"ICQToolbar" = ICQ Toolbar
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{F639E2A2-FE6B-4527-B8BE-C1C423B81844}" = HP Webcam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"PDF Complete" = PDF Complete
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Starcraft" = Starcraft
"SumatraPDF" = SumatraPDF
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.18
"vShare.tv plugin" = vShare.tv plugin 1.3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Doppelkopf XXL" = Doppelkopf XXL
"Skat-Online V8" = Skat-Online V8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.12.2011 08:12:25 | Computer Name = WK** | Source = WinMgmt | ID = 4
Description = 
 
Error - 11.12.2011 08:12:25 | Computer Name = WK** | Source = WinMgmt | ID = 4
Description = 
 
Error - 11.12.2011 08:12:25 | Computer Name = WK** | Source = WinMgmt | ID = 4
Description = 
 
Error - 11.12.2011 08:12:25 | Computer Name = WK** | Source = WinMgmt | ID = 4
Description = 
 
Error - 11.12.2011 08:29:59 | Computer Name = WK** | Source = EventSystem | ID = 4609
Description = 
 
Error - 12.12.2011 17:10:07 | Computer Name = WK** | Source = EventSystem | ID = 4609
Description = 
 
Error - 12.12.2011 17:27:26 | Computer Name = WK** | Source = EventSystem | ID = 4609
Description = 
 
Error - 13.12.2011 12:08:07 | Computer Name = WK** | Source = EventSystem | ID = 4609
Description = 
 
Error - 13.12.2011 12:33:12 | Computer Name = WK** | Source = VSS | ID = 8194
Description = 
 
Error - 13.12.2011 17:08:14 | Computer Name = WK** | Source = Perflib | ID = 1010
Description = 
 
[ Hewlett-Packard Events ]
Error - 05.04.2011 10:52:52 | Computer Name = WK** | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041105045245.xml
 File not created by asset agent
 
Error - 14.06.2011 12:42:48 | Computer Name = WK** | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061114064212.xml
 File not created by asset agent
 
Error - 19.07.2011 13:35:30 | Computer Name = WK** | Source = Hewlett-Packard | ID = 0
Description = 
 
Error - 02.08.2011 08:17:49 | Computer Name = WK** | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081102021716.xml
 File not created by asset agent
 
[ System Events ]
Error - 13.12.2011 12:57:41 | Computer Name = WK** | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 13.12.2011 12:57:41 | Computer Name = WK** | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 13.12.2011 12:57:41 | Computer Name = WK** | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 13.12.2011 12:57:41 | Computer Name = WK** | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 13.12.2011 12:58:42 | Computer Name = WK** | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 14.12.2011 09:34:36 | Computer Name = WK** | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
Error - 14.12.2011 09:41:55 | Computer Name = WK** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.12.2011 09:43:31 | Computer Name = WK** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 14.12.2011 12:53:15 | Computer Name = WK** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.12.2011 12:54:35 | Computer Name = WK** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
und drittens die installierten Programme:
Code:
ATTFilter
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	26.07.2010		10.0.22.87
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	30.11.2011		11.1.102.55
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	08.05.2011	6,61MB	11.5.9.620
Agere Systems HDA Modem	LSI Corporation	30.07.2009	13.158MB	
ATI Catalyst Install Manager	ATI Technologies, Inc.	26.07.2010	13,8MB	3.0.719.0
AVG Free 9.0	AVG Technologies	26.07.2010	68,5MB	
Broadcom 802.11 Wireless LAN Adapter	Broadcom Corporation	27.07.2010		5.10.91.8
Canon iP2600 series		01.08.2010		
Canon iP2600 series Benutzerregistrierung		01.08.2010	0,52MB	
Canon My Printer		01.08.2010	2,14MB	
Canon Utilities Solution Menu		01.08.2010	1,60MB	
CCleaner	Piriform	13.12.2011	4,20MB	3.13
CPQ Wallpaper	Hewlett-Packard	30.07.2009	9,60MB	1.0.1.1
DivX-Setup	DivX, LLC	08.05.2011	2,83MB	2.5.0.8
Doppelkopf XXL		31.10.2011	63,4MB	
DUNGEONS	Realmforge Studios GmbH	17.03.2011	1.963MB	1.2.1.7
ESU for Microsoft Vista SP1	Hewlett-Packard	29.07.2009	30,0MB	2.00.1.3
FreePDF (Remove only)		26.07.2010	3,55MB	
GPL Ghostscript 8.71		26.07.2010	33,8MB	
HP Common Access Service Library	Hewlett-Packard	30.07.2009	0,97MB	3.0.22.1
HP Customer Experience Enhancements	Hewlett-Packard	30.07.2009	0,99MB	5.7.0.3036
HP Integrated Module with Bluetooth wireless technology	Broadcom Corporation	26.07.2010	87,8MB	6.2.0.8800
HP Quick Launch Buttons 6.50 A1	Hewlett-Packard	30.07.2009	27,3MB	6.50 A1
HP Software Setup	Hewlett-Packard	29.07.2009	1,22MB	1.0.0.14
HP Support Assistant	Hewlett-Packard Company	20.06.2011	71,2MB	5.2.9.2
HP Update	Hewlett-Packard	30.07.2009	3,80MB	4.000.013.003
HP User Guides 0133	Hewlett-Packard	30.07.2009	261MB	1.01.0000
HP Webcam	CyberLink Corp.	26.07.2010	28,8MB	1.0.2710
HP Webcam	Roxio	25.04.2011	401MB	1.0.25.0
HP Webcam Driver	Sonix	26.07.2010	5,57MB	5.8.50007.0
HP Wireless Assistant	Hewlett-Packard	30.07.2009	2,69MB	3.50.4.1
ICQ Toolbar	ICQ	28.06.2011		3.0.0
ICQ7.5	ICQ	29.07.2011	55,7MB	7.5
IDT Audio	IDT	26.07.2010	63,4MB	1.0.6162.12
InterVideo WinDVD 8	InterVideo Inc.	26.07.2010	172,3MB	8.5-B0.156
Java(TM) 6 Update 27	Sun Microsystems, Inc.	26.07.2010	97,2MB	6.0.270
LightScribe System Software	LightScribe	30.07.2009	22,5MB	1.18.5.1
Malwarebytes' Anti-Malware Version 1.51.2.1300	Malwarebytes Corporation	11.12.2011	6,76MB	1.51.2.1300
McAfee Security Scan Plus	McAfee, Inc.	24.10.2010	9,34MB	2.0.181.2
Microsoft .NET Framework 1.1		26.07.2010		
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	28.07.2010	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	26.07.2010	37,0MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	12.09.2010	120,3MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	17.03.2011	38,0MB	4.0.30319
Microsoft Office Suite Activation Assistant	Microsoft Corporation	30.07.2009	8,37MB	2.7
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	26.07.2010	0,33MB	8.0.59193
Mozilla Firefox 8.0 (x86 de)	Mozilla	10.11.2011	40,4MB	8.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	26.07.2010	35,00KB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	26.07.2010	1,34MB	4.20.9876.0
OpenOffice.org 3.2	OpenOffice.org	26.07.2010	379MB	3.2.9502
PDF Complete	PDF Complete, Inc.	26.07.2010	35,2MB	3.5.57
PIXMA Extended Survey Program		01.08.2010	0,76MB	
RedMon - Redirection Port Monitor		26.07.2010		
Roxio Creator Business	Roxio	26.07.2010	377MB	10.1
Royal Doppelkopf	<no manufacturer>	24.05.2011	6,47MB	1.0.9
Skat-Online V8	Skat.com, c/o Markus Riehl	01.06.2011		
Skype Click to Call	Skype Technologies S.A.	06.11.2011	21,0MB	5.6.8442
Skype™ 5.5	Skype Technologies S.A.	06.11.2011	17,0MB	5.5.124
Starcraft		26.07.2010	74,3MB	
SumatraPDF	Krzysztof Kowalczyk	27.06.2011	1,67MB	1.6
Surf & E-Mail-Stick	Huawei Technologies Co.,Ltd	15.08.2010	38,4MB	11.301.08.00.35
Synaptics Pointing Device Driver	Synaptics Incorporated	30.07.2009	15,8MB	12.2.2.0
Veetle TV 0.9.18	Veetle, Inc	15.10.2010	10,1MB	0.9.18
Vista Default Settings	Hewlett-Packard	30.07.2009	0,28MB	2.0.1.1
vShare.tv plugin 1.3	vShare.tv, Inc.	26.08.2011	0,58MB	1.3
Windows Live Messenger	Microsoft Corporation	26.07.2010	29,0MB	8.1.0178.00
Windows Media Player Firefox Plugin	Microsoft Corp	12.10.2010	0,44MB	1.0.0.8
         
Falls du ihn noch benötigst, hier ist der versprochene GMER Scan von gestern Abend:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-14 06:30:03
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40J
Running: 8k9ot6oo.exe; Driver: C:\Users\WOLFGA~1\AppData\Local\Temp\awtyypoc.sys


---- Kernel code sections - GMER 1.0.15 ----

?               System32\drivers\ejjuw.sys                                                                       Das System kann den angegebenen Pfad nicht finden. !
.text           C:\windows\system32\DRIVERS\atikmdag.sys                                                         section is writeable [0x9BE02000, 0x251858, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[3724] ntdll.dll!LdrLoadDll                          776693A8 5 Bytes  JMP 5DF32EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                          avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Driver\BTHUSB \Device\000000a3                                                                  bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\000000a5                                                                  bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                          avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                        avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e984c86                      
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247e984c86 (not active ControlSet)  

---- EOF - GMER 1.0.15 ----
         
__________________

Alt 15.12.2011, 08:40   #4
kira
/// Helfer-Team
 
BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean? - Standard

BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean?



1.
absichtlich installiert?:
Zitat:
vShare.tv plugin
2.
Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere:
Code:
ATTFilter
McAfee Security Scan Plus
         
obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.


3.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 29 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

4.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=all&pf=cmnb
IE - HKCU\..\URLSearchHook:  - No CLSID value found
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="
[2011.10.04 10:07:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.04 10:07:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{17766186-ab00-11df-81b2-00247e984c86}\Shell - "" = AutoRun
O33 - MountPoints2\{17766186-ab00-11df-81b2-00247e984c86}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{17766188-ab00-11df-81b2-00247e984c86}\Shell - "" = AutoRun
O33 - MountPoints2\{17766188-ab00-11df-81b2-00247e984c86}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{861c1bd0-a95a-11df-9aad-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{861c1bd0-a95a-11df-9aad-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{861c1c09-a95a-11df-9aad-00247e984c86}\Shell - "" = AutoRun
O33 - MountPoints2\{861c1c09-a95a-11df-9aad-00247e984c86}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d99f9dcb-9975-11df-90f7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d99f9dcb-9975-11df-90f7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\reatogoMenu.exe
O33 - MountPoints2\{f58ae69b-abb4-11df-827d-00247e984c86}\Shell - "" = AutoRun
O33 - MountPoints2\{f58ae69b-abb4-11df-827d-00247e984c86}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f58ae69d-abb4-11df-827d-00247e984c86}\Shell - "" = AutoRun
O33 - MountPoints2\{f58ae69d-abb4-11df-827d-00247e984c86}\Shell\AutoRun\command - "" = G:\AutoRun.exe

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

6.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

8.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

9.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
► Berichte mir kurz über alle Umsetzungsschritte, die Du erledigt hast!
► berichte auch erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 15.12.2011, 19:41   #5
habemehl
 
BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean? - Standard

BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean?



Hallo Kira,

alles erleidgt. Hier die Ergebnisse:

zu 1) Ja, das Plugin wurde bewusst installiert (Fußballfan)

zu 2) MC Afee wurde deinstalliert

zu 3) Java wurde installiert
PS: Toolbars waren diesmal nicht dabei.

zu 4) CCCleaner hat einiges aufgeräumt. Das Protokoll hätte auf meinem USB Stick gespeichert werden sollen, das ist jetzt aber irgendwo im Nirvana. Ich finde es nicht wieder (der Datei-Speicher-Dialog von Vista ist gewöhnungsbedürftig)

zu 5) Ich habe den PC- und Benutzernamen annonymisiert, in deinem Script konnte ich keine Annonymisierungen finden (ich hatte K** und WK** genutzt). Der Fix lief m.E. ohne Probleme durch, hier das Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=" removed from browser.search.defaulturl
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=" removed from keyword.URL
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17766186-ab00-11df-81b2-00247e984c86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17766186-ab00-11df-81b2-00247e984c86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17766186-ab00-11df-81b2-00247e984c86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17766186-ab00-11df-81b2-00247e984c86}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17766188-ab00-11df-81b2-00247e984c86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17766188-ab00-11df-81b2-00247e984c86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17766188-ab00-11df-81b2-00247e984c86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17766188-ab00-11df-81b2-00247e984c86}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{861c1bd0-a95a-11df-9aad-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{861c1bd0-a95a-11df-9aad-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{861c1bd0-a95a-11df-9aad-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{861c1bd0-a95a-11df-9aad-806e6f6e6963}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{861c1c09-a95a-11df-9aad-00247e984c86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{861c1c09-a95a-11df-9aad-00247e984c86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{861c1c09-a95a-11df-9aad-00247e984c86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{861c1c09-a95a-11df-9aad-00247e984c86}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d99f9dcb-9975-11df-90f7-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d99f9dcb-9975-11df-90f7-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d99f9dcb-9975-11df-90f7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d99f9dcb-9975-11df-90f7-806e6f6e6963}\ not found.
File E:\reatogoMenu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f58ae69b-abb4-11df-827d-00247e984c86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f58ae69b-abb4-11df-827d-00247e984c86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f58ae69b-abb4-11df-827d-00247e984c86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f58ae69b-abb4-11df-827d-00247e984c86}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f58ae69d-abb4-11df-827d-00247e984c86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f58ae69d-abb4-11df-827d-00247e984c86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f58ae69d-abb4-11df-827d-00247e984c86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f58ae69d-abb4-11df-827d-00247e984c86}\ not found.
File G:\AutoRun.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
 
User: Public
 
User: Wolfgang K**
->Temp folder emptied: 50879 bytes
->Temporary Internet Files folder emptied: 1570482 bytes
->Java cache emptied: 10506234 bytes
->FireFox cache emptied: 50906747 bytes
->Flash cache emptied: 703 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 185040 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 60,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12152011_133042

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
zu 7) USB-Sticks wurden gescannt. Für Vista ist in deinem Link leider keine Anleitung zur dauerhaften Deaktivierung der Autorun-Funktion. Ich habe hier etwas gefunden: hxxp://www.uwe-sieber.de/usbstick.html

zu 8) ESET Online Scanner hat nichts gefunden.

zu 9) Hier die neueste OTL:
Code:
ATTFilter
OTL logfile created on: 15.12.2011 19:17:35 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = G:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,55 Gb Available Physical Memory | 31,40% Memory free
3,74 Gb Paging File | 2,38 Gb Available in Paging File | 63,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,09 Gb Total Space | 211,51 Gb Free Space | 73,68% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 2,09 Gb Free Space | 20,95% Space Free | Partition Type: NTFS
Drive F: | 1022,00 Mb Total Space | 1017,02 Mb Free Space | 99,51% Space Free | Partition Type: FAT32
Drive G: | 1,87 Gb Total Space | 1,69 Gb Free Space | 90,35% Space Free | Partition Type: FAT
 
Computer Name: WK** | User Name: Wolfgang K** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.13 17:13:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2011.10.24 13:59:29 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgtray.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.01.25 16:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.01.25 16:38:44 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2011.01.05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.2\ICQ.exe
PRC - [2010.11.25 14:38:46 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgcsrvx.exe
PRC - [2010.09.23 19:06:44 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgnsx.exe
PRC - [2010.07.27 14:54:16 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgchsvx.exe
PRC - [2010.07.27 14:54:16 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgrsx.exe
PRC - [2010.07.27 14:54:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgwdsvc.exe
PRC - [2009.09.05 16:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2009.04.16 00:26:56 | 000,299,008 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.04.16 00:26:28 | 000,180,224 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.04.13 10:21:26 | 002,344,224 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009.04.13 10:21:26 | 000,791,840 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.04.13 10:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.30 13:47:00 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.03.30 13:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\stacsv.exe
PRC - [2009.03.02 14:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\AEstSrv.exe
PRC - [2008.11.21 21:49:04 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2008.08.26 15:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2008.08.08 15:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe
PRC - [2008.01.21 03:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.09.14 02:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.04.13 16:49:00 | 000,101,528 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe
PRC - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.13 19:23:13 | 000,998,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011.10.13 19:21:31 | 011,804,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011.10.13 19:21:13 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011.10.13 19:20:54 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011.10.13 16:59:11 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011.10.13 16:33:41 | 005,450,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.10.13 16:32:04 | 012,430,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.13 16:31:35 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.13 16:29:50 | 007,950,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.13 16:27:24 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.03.21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.01.05 09:18:56 | 000,733,184 | ---- | M] () -- C:\Programme\ICQ7.2\MDb.dll
MOD - [2010.07.27 13:01:47 | 001,728,512 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3393.24736__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010.07.27 13:01:47 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3393.24809__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010.07.27 13:01:47 | 000,364,544 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3393.24776__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.07.27 13:01:47 | 000,286,720 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3393.24717__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.07.27 13:01:47 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3393.24737__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.07.27 13:01:47 | 000,139,264 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3393.24810__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.07.27 13:01:47 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3393.24776__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.07.27 13:01:47 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3393.24726__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.07.27 13:01:47 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3393.24789__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.07.27 13:01:47 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3393.24771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.07.27 13:01:47 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3393.24775__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.07.27 13:01:47 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3393.24731__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.07.27 13:01:47 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3393.24761__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010.07.27 13:01:47 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3393.24726__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010.07.27 13:01:46 | 000,811,008 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3393.24764__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.07.27 13:01:46 | 000,712,704 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3393.24727__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010.07.27 13:01:46 | 000,593,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3393.24738__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010.07.27 13:01:46 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3393.24784__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.07.27 13:01:46 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3393.24742__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010.07.27 13:01:46 | 000,225,280 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3393.24737__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.07.27 13:01:46 | 000,147,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3393.24808__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2010.07.27 13:01:46 | 000,126,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3393.24768__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010.07.27 13:01:46 | 000,081,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3393.24763__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.07.27 13:01:46 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3393.24808__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010.07.27 13:01:46 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3393.24742__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010.07.27 13:01:46 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3393.24768__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010.07.27 13:01:45 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3393.24762__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.07.27 13:01:45 | 000,401,408 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3393.24770__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010.07.27 13:01:45 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3393.24762__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.07.27 13:01:45 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3393.24763__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.07.27 13:01:45 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3393.24769__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.07.27 13:01:45 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3363.26466__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.07.27 13:01:45 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3363.26478__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.07.27 13:01:45 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3363.26472__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.07.27 13:01:45 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3363.26488__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010.07.27 13:01:45 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3363.26504__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010.07.27 13:01:45 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3363.26504__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.07.27 13:01:45 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3363.26486__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.07.27 13:01:45 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3363.26504__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.07.27 13:01:45 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.07.27 13:01:44 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3363.26467__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.07.27 13:01:44 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3363.26495__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3363.26480__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3363.26494__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3363.26493__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3363.26492__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3363.26492__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.07.27 13:01:44 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3363.26501__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3363.26494__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3363.26465__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.07.27 13:01:44 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3363.26484__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3363.26525__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.07.27 13:01:44 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3363.26501__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3363.26491__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3363.26490__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3363.26487__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3363.26493__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3363.26488__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010.07.27 13:01:44 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3363.26482__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3363.26479__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3363.26472__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3363.26490__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3363.26486__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.07.27 13:01:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3363.26485__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.07.27 13:01:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.OS\2.0.3363.26502__90ba9c70f846762e\DEM.OS.dll
MOD - [2010.07.27 13:01:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.07.27 13:01:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3363.26489__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.07.27 13:01:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.07.27 13:01:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3363.26477__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3363.26491__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3363.26489__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.07.27 13:01:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3363.26478__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.07.27 13:01:43 | 001,142,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3393.24722__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.07.27 13:01:43 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3393.24731__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.07.27 13:01:43 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3393.24803__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.07.27 13:01:43 | 000,081,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3393.24715__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.07.27 13:01:43 | 000,081,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3393.24715__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010.07.27 13:01:43 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3393.24802__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.07.27 13:01:43 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3393.24717__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010.07.27 13:01:43 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3363.26487__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.07.27 13:01:43 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3393.24817__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.07.27 13:01:43 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3363.26470__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.07.27 13:01:43 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3363.26482__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.07.27 13:01:43 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3363.26474__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.07.27 13:01:43 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.07.27 13:01:43 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3363.26486__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.07.27 13:01:43 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3363.26476__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010.07.27 13:01:43 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3363.26485__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.07.27 13:01:43 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3363.26484__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.07.27 13:01:43 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3363.26495__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010.07.27 13:01:43 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3393.24803__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010.07.27 13:01:43 | 000,014,848 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010.07.27 13:01:43 | 000,013,312 | ---- | M] () -- C:\windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010.07.27 13:01:43 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3393.24713__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.07.27 13:01:42 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3393.24715__90ba9c70f846762e\APM.Server.dll
MOD - [2010.07.27 13:01:42 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3393.24713__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.04.16 00:25:22 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2009.04.13 10:09:00 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 05:42:12 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.12.18 14:03:42 | 000,020,480 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.01.25 16:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.07.27 14:54:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009.04.16 00:26:28 | 000,180,224 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.04.13 10:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.03.30 13:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\stacsv.exe -- (STacSV)
SRV - [2009.03.02 14:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\AEstSrv.exe -- (AESTFilters)
SRV - [2008.08.26 15:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.08.08 15:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008.04.08 12:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.04.13 16:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.09.14 15:32:39 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.05.06 08:50:09 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.07.27 14:54:47 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009.05.27 15:47:22 | 001,765,184 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.04.16 00:45:42 | 004,366,336 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.03.30 13:47:00 | 000,398,848 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.11.08 09:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.10.29 16:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.04.27 18:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.01.21 03:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007.06.19 00:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.04.17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Users\Wolfgang K**\Desktop\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Users\Wolfgang K**\Desktop\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.14 15:34:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.16 01:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.16 01:44:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 12:39:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.27 15:13:51 | 000,000,000 | ---D | M]
 
[2010.07.27 14:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgang K**\AppData\Roaming\mozilla\Extensions
[2011.12.15 17:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgang K**\AppData\Roaming\mozilla\Firefox\Profiles\00kextk9.default\extensions
[2011.03.14 21:38:03 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Wolfgang K**\AppData\Roaming\mozilla\Firefox\Profiles\00kextk9.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011.12.15 17:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgang K**\AppData\Roaming\mozilla\Firefox\Profiles\00kextk9.default\extensions\staged
[2010.10.02 14:28:52 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Wolfgang K**\AppData\Roaming\mozilla\Firefox\Profiles\00kextk9.default\extensions\vshare@toolbar
[2011.12.13 21:01:53 | 000,000,950 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin-1.xml
[2011.08.27 15:14:01 | 000,000,950 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin-2.xml
[2011.09.07 17:55:57 | 000,000,950 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin-3.xml
[2011.10.04 10:07:42 | 000,000,950 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin-4.xml
[2011.11.11 12:41:06 | 000,000,950 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin-5.xml
[2011.08.12 09:18:10 | 000,001,056 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\icqplugin.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\startsear.xml
[2010.10.02 14:29:05 | 000,001,583 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Roaming\Mozilla\Firefox\Profiles\00kextk9.default\searchplugins\web-search.xml
[2011.12.15 13:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.07 14:55:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.15 13:13:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\WOLFGANG K**\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\00KEXTK9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.11 12:39:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.15 13:12:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.10.04 10:07:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 10:07:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 10:07:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 10:07:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.179.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9441735D-5E71-4572-B178-E29A95E5C4E7}: DhcpNameServer = 192.168.179.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20 - AppInit_DLLs: (avgrsstx.dll) -C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.15 19:02:54 | 000,000,000 | ---D | C] -- C:\ad2adc2dd6fc9b613065a965295f
[2011.12.15 19:02:15 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011.12.15 19:02:12 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2011.12.15 19:02:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2011.12.15 19:02:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011.12.15 19:02:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011.12.15 19:02:08 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2011.12.15 17:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.15 17:43:09 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\EncDec.dll
[2011.12.15 17:43:06 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2011.12.15 17:43:01 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011.12.15 17:43:01 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011.12.15 17:42:55 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll
[2011.12.15 14:37:57 | 000,000,000 | ---D | C] -- C:\windows\pss
[2011.12.15 13:56:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2011.12.15 13:37:02 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang K**\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.15 13:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.15 13:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.15 13:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.15 13:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.12.15 13:12:57 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2011.12.15 13:12:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2011.12.15 13:12:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2011.12.15 13:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.12.14 18:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.14 18:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.13 17:57:35 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\windows\stinger.sys
[2011.12.12 22:17:30 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang K**\AppData\Roaming\Malwarebytes
[2011.12.12 22:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.12 22:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.12 22:17:19 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011.12.12 22:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.27 13:22:55 | 000,256,576 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010.07.27 13:22:52 | 000,203,328 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.15 19:22:03 | 000,730,616 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011.12.15 19:22:03 | 000,655,950 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011.12.15 19:22:03 | 000,133,466 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011.12.15 19:22:02 | 000,162,054 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011.12.15 19:14:17 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.15 19:14:17 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.15 19:13:46 | 000,441,064 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011.12.15 19:13:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011.12.15 19:12:02 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.15 19:05:46 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2011.12.15 13:41:54 | 090,355,839 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2011.12.15 13:36:38 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.15 13:12:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2011.12.15 13:12:31 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2011.12.15 13:12:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2011.12.15 13:12:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2011.12.13 20:58:08 | 000,000,000 | ---- | M] () -- C:\Users\Wolfgang K**\defogger_reenable
[2011.12.13 17:57:35 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\windows\stinger.sys
[2011.12.13 17:15:55 | 000,007,728 | ---- | M] () -- C:\Users\Wolfgang K**\AppData\Local\d3d9caps.dat
[2011.12.12 22:17:23 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.01 04:27:11 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011.11.23 14:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2011.11.23 13:07:55 | 000,009,049 | ---- | M] () -- C:\Users\Wolfgang K**\Desktop\link.odt
 
========== Files Created - No Company Name ==========
 
[2011.12.15 13:36:38 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.13 20:58:08 | 000,000,000 | ---- | C] () -- C:\Users\Wolfgang K**\defogger_reenable
[2011.12.13 17:21:57 | 1875,763,200 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.12 22:17:23 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.23 12:36:49 | 000,009,049 | ---- | C] () -- C:\Users\Wolfgang K**\Desktop\link.odt
[2011.06.14 17:42:50 | 000,001,849 | ---- | C] () -- C:\Users\Wolfgang K**\AppData\Roaming\GhostObjGAFix.xml
[2010.08.08 11:31:24 | 000,013,824 | ---- | C] () -- C:\Users\Wolfgang K**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.07 22:38:29 | 000,000,008 | RHS- | C] () -- C:\ProgramData\2245E2BB5A.sys
[2010.08.07 22:38:28 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.08.01 17:57:51 | 000,107,612 | ---- | C] () -- C:\windows\System32\StructuredQuerySchema.bin
[2010.08.01 17:57:50 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2010.07.27 23:09:54 | 000,007,728 | ---- | C] () -- C:\Users\Wolfgang K**\AppData\Local\d3d9caps.dat
[2010.07.27 14:33:58 | 000,030,439 | ---- | C] () -- C:\windows\scunin.dat
[2010.07.27 14:09:52 | 000,116,224 | ---- | C] () -- C:\windows\System32\redmonnt.dll
[2010.07.27 14:09:52 | 000,045,056 | ---- | C] () -- C:\windows\System32\unredmon.exe
[2010.07.27 13:22:53 | 001,765,184 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010.07.27 13:22:53 | 000,034,496 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010.07.27 13:22:53 | 000,027,200 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2010.07.27 13:22:53 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010.07.27 13:11:49 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2010.07.27 13:00:53 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010.07.27 12:59:46 | 000,000,012 | ---- | C] () -- C:\windows\bthservsdp.dat
[2009.07.31 07:37:59 | 000,018,904 | ---- | C] () -- C:\windows\System32\StructuredQuerySchemaTrivial.bin
[2009.04.16 00:25:22 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2009.02.23 02:39:30 | 000,184,394 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2008.04.16 16:03:14 | 000,730,616 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2008.04.16 16:03:14 | 000,290,748 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2008.04.16 16:03:14 | 000,162,054 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2008.04.16 16:03:14 | 000,036,916 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2006.11.02 13:44:53 | 000,441,064 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,655,950 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,133,466 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2000.03.01 18:49:20 | 000,028,958 | ---- | C] () -- C:\windows\System32\kart_dbl.dll
[1997.09.01 02:00:00 | 000,038,614 | ---- | C] () -- C:\windows\System32\Kart_doj.dll
[1997.08.04 10:17:56 | 001,201,206 | ---- | C] () -- C:\windows\System32\Kart24gf.dll
[1997.08.04 10:16:44 | 001,201,206 | ---- | C] () -- C:\windows\System32\Kart24gd.dll
 
========== LOP Check ==========
 
[2010.10.26 15:57:19 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang K**\AppData\Roaming\Citrix
[2011.12.11 02:14:10 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang K**\AppData\Roaming\ICQ
[2010.08.07 22:38:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang K**\AppData\Roaming\InterVideo
[2011.03.18 21:35:26 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang K**\AppData\Roaming\Kalypso Media
[2010.07.27 15:47:14 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang K**\AppData\Roaming\OpenOffice.org
[2011.06.28 20:31:01 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang K**\AppData\Roaming\SumatraPDF
[2011.12.15 19:05:49 | 000,032,538 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
und hier die Extras
Code:
ATTFilter
OTL Extras logfile created on: 15.12.2011 19:17:35 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = G:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,55 Gb Available Physical Memory | 31,40% Memory free
3,74 Gb Paging File | 2,38 Gb Available in Paging File | 63,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,09 Gb Total Space | 211,51 Gb Free Space | 73,68% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 2,09 Gb Free Space | 20,95% Space Free | Partition Type: NTFS
Drive F: | 1022,00 Mb Total Space | 1017,02 Mb Free Space | 99,51% Space Free | Partition Type: FAT32
Drive G: | 1,87 Gb Total Space | 1,69 Gb Free Space | 90,35% Space Free | Partition Type: FAT
 
Computer Name: WK** | User Name: Wolfgang K** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ADCD8CB-409B-46E6-A1FD-75ED90383432}" = rport=139 | protocol=6 | dir=out | app=system | 
"{16B49269-EBE4-427E-8239-A900442ABC9E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{28EB71EA-478E-4E8A-84E7-9AAA4A9E2E44}" = rport=445 | protocol=6 | dir=out | app=system | 
"{353C8006-5C1C-4D39-ACD8-6CC1CF6714E2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{46ED42FD-5C76-469F-9E72-0C1BE29269C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{659B5AF4-B031-4C12-90B6-76BDE290C451}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6D03B75D-9B2C-4040-9742-1BEB3D345BA8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{73796C75-9EB6-4AE7-9793-4F92447453A2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7AF4B45F-16DA-45ED-BEAE-835A7E044A00}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C5AB261-AA5A-42E7-B00B-67FB51FBC214}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7CE623D5-6F75-470B-93EF-129DB7132935}" = rport=138 | protocol=17 | dir=out | app=system | 
"{80C7F5E5-604C-46CE-8525-BF0C3CEEB2D6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{970E360D-629E-48C1-BE8A-93BCDCDACB95}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A86189FF-4CB9-4478-AA28-5CCFA213B182}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B59C00FC-DE26-4888-AE36-6507718FDBEE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B9473618-10AD-41DD-9322-EFD46EF35F47}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{CB41AC6D-ACD3-4FE4-877B-75E0EC7A9509}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DDCEBB57-E0FA-4391-90D2-C8B2CC6F09D4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E94ACB86-3511-4DA3-BACC-603C8D6711FD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EB5603E5-2FD1-4106-914F-B3A94EE70DF0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F0D4C22A-9596-49CB-A1D1-E90F8630D05A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{112DA61D-E348-4E31-8C9F-D1DC721A159B}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{16270E15-B5CB-4266-810D-AC01366598A5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1C47FB92-E21B-4233-A36D-6125FF4AB9CE}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{29323FA8-7361-4F94-9FF7-8C1516E723C6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{466F0A88-9DCA-4E1C-98A2-089A22550650}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4D8C140F-C49E-47B3-B9F5-434C19CD10C3}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{55363155-FE55-4AD4-829B-302DD098822D}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{587E63AF-3503-43EB-8393-E2E60F23568F}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{5CA94815-340A-43FD-8D18-76B3E4BC045A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{61E7ACBA-AAD2-43A6-AE0C-20A4C877D8AC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9512AC24-6636-4E24-AD20-E1EB98033AB9}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{9B745913-05D5-4D43-9450-673299410EB1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A101BD3E-F281-4576-8848-271FC8E79172}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe | 
"{A1862102-AEC6-4B47-AD9A-B2DA599969D0}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{B33AD838-F143-4B2A-A6D6-64FA4255106A}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe | 
"{E14667C7-F2A8-487A-9FBF-5E4BFA7F39AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{0259C7CA-8D31-4AD6-9D16-83A3C37D9F2E}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{1E6C1CC3-7ACB-4B79-ADAF-689D1753FAE9}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{64DF052A-9060-4BE6-83C7-40227B6BB8AE}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"TCP Query User{83B736A8-362D-4E57-B1A6-06018860521D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{8FA778D6-9ED5-44AD-8BA5-0AEE06F4A437}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{9A8D75F2-D3AF-4733-879B-F3674F5CE6C8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{C140FA86-1A49-4D03-BFC9-0F9CC88F89B7}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{0236FAC1-7CDD-4EC0-A125-A6BA647F3CBB}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{15C585A0-F011-4FBE-91EB-A17566D9B066}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{40A53EEB-0DA0-428E-AA8C-9AE9A11203B3}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{52821B4F-46C6-4FCD-B3DF-019C48942702}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{545F8EBE-A58E-40BC-94BD-83A12CD76E08}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{BEAA4A7F-7EBC-4BDE-A7BF-F347CD1C2DDB}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"UDP Query User{C665DF7A-0481-440A-819C-F21F88ACC203}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{1373F37A-08A5-A7C9-7004-BE87467CF585}" = Catalyst Control Center Graphics Full New
"{1D3EF69A-BBC3-B00B-0C36-062A36466706}" = CCC Help Greek
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2287DBA3-AD47-4FF0-AAB6-551992E43D0D}" = HP User Guides 0133
"{235CDB6A-6008-42E8-987E-B393C2289A41}" = HP Common Access Service Library
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{255D9E15-C69E-D650-EBC8-2209DA1ABDAE}" = CCC Help Russian
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26DEDA99-DDD3-48E1-42AA-E6D7C2594646}" = CCC Help Portuguese
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{2B7F990D-80DF-4122-56E4-20CDDB696CBA}" = Skins
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31043705-9B90-482A-1654-4DAB99F125FF}" = CCC Help French
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.50 A1
"{37B41895-0BEE-3831-531B-EFBB4F9E3505}" = Catalyst Control Center Core Implementation
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C6D6D40-CCD7-FAD1-C71B-F4A005CA7FB2}" = CCC Help Chinese Traditional
"{41818E2C-E227-BD82-1F80-8D2603B00EB3}" = Catalyst Control Center Localization All
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{48EE8491-08E3-4996-ACA4-1E71ED5A1C4F}" = Catalyst Control Center Graphics Full Existing
"{491464CD-DF4B-8DF3-108A-0C4D988F7E08}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DF06829-423B-4D04-9ABB-4C8D9ABF7BC5}" = CCC Help Thai
"{4FEA85FC-49B2-2472-E2B1-ED902D0E7607}" = CCC Help Dutch
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{6441AF33-BEF0-A597-9D4F-B2EC69C7EB85}" = CCC Help Japanese
"{6533DCA9-C3C4-A141-0AC2-2AA60BB88714}" = CCC Help Swedish
"{65E38B35-E861-39AD-94C3-9A6BC099BE73}" = ATI Catalyst Install Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{697B1E2E-4754-1E53-1EA2-5B54794DF4C4}" = CCC Help Norwegian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CB01492-9EB8-6EA9-0EEC-88FECA4CA74D}" = CCC Help Italian
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{75C5100D-9874-EA1C-EBF1-B11DB721C7D0}" = CCC Help Chinese Standard
"{75EA97E2-BAD7-45DF-8196-82A828BF47DC}" = Royal Doppelkopf
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{79A65475-2F7F-491C-BF2F-8D5C0AF0775C}" = DUNGEONS
"{7B5B7A1F-149A-922A-B855-6B80FC1D0664}" = CCC Help Czech
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E05A9B8-173B-9DFC-75FA-A1EA61F737B1}" = CCC Help Korean
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9ED8918B-6561-2C39-0703-67273861F84A}" = CCC Help Danish
"{A1DB71A6-3809-4A85-2CD9-C4518C123F95}" = CCC Help Finnish
"{A3276EED-22A1-4808-9AA3-88A451482E10}" = Catalyst Control Center - Branding
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA8EC7A4-EA02-4A72-B14F-65DA485F74C8}" = ESU for Microsoft Vista SP1
"{AAB53AB8-03FC-5F3C-2822-312D66E15DA5}" = CCC Help Spanish
"{AB497FF1-AEA0-2B68-AB6F-F9577916A0CD}" = ccc-utility
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6FECC42-C7ED-86E2-3BD8-6EF99FEF168A}" = CCC Help German
"{BA6FDFE7-A596-0ABE-0F2A-4B90AF48439F}" = Catalyst Control Center InstallProxy
"{C021640F-DED0-71B2-CA5B-8F1EE1130E26}" = CCC Help English
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC28A406-462D-4A08-A125-3EAF8A64DE4E}" = HP Wireless Assistant
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E05EB9D2-8559-4821-98AC-3D5DA3242D5B}" = Vista Default Settings
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4A4F5C0-C67F-22EC-319B-44546DFC3DB3}" = Catalyst Control Center Graphics Light
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E777AA77-5DF2-99D1-CF96-7EECFA652AA0}" = ccc-core-static
"{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
"{EA3BE3EA-A032-BC41-B753-74453AD7D22F}" = CCC Help Turkish
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EFBE9BC0-39D6-FC89-5353-5641A18761F9}" = CCC Help Polish
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = CPQ Wallpaper
"{F639E2A2-FE6B-4527-B8BE-C1C423B81844}" = HP Webcam
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG9Uninstall" = AVG Free 9.0
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Canon iP2600 series Benutzerregistrierung" = Canon iP2600 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"ICQToolbar" = ICQ Toolbar
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{F639E2A2-FE6B-4527-B8BE-C1C423B81844}" = HP Webcam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"PDF Complete" = PDF Complete
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Starcraft" = Starcraft
"SumatraPDF" = SumatraPDF
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.18
"vShare.tv plugin" = vShare.tv plugin 1.3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Doppelkopf XXL" = Doppelkopf XXL
"Skat-Online V8" = Skat-Online V8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.12.2011 08:12:25 | Computer Name = WK** | Source = WinMgmt | ID = 4
Description = 
 
Error - 11.12.2011 08:12:25 | Computer Name = WK** | Source = WinMgmt | ID = 4
Description = 
 
Error - 11.12.2011 08:12:25 | Computer Name = WK** | Source = WinMgmt | ID = 4
Description = 
 
Error - 11.12.2011 08:12:25 | Computer Name = WK** | Source = WinMgmt | ID = 4
Description = 
 
Error - 11.12.2011 08:29:59 | Computer Name = WK** | Source = EventSystem | ID = 4609
Description = 
 
Error - 12.12.2011 17:10:07 | Computer Name = WK** | Source = EventSystem | ID = 4609
Description = 
 
Error - 12.12.2011 17:27:26 | Computer Name = WK** | Source = EventSystem | ID = 4609
Description = 
 
Error - 13.12.2011 12:08:07 | Computer Name = WK** | Source = EventSystem | ID = 4609
Description = 
 
Error - 13.12.2011 12:33:12 | Computer Name = WK** | Source = VSS | ID = 8194
Description = 
 
Error - 13.12.2011 17:08:14 | Computer Name = WK** | Source = Perflib | ID = 1010
Description = 
 
[ Hewlett-Packard Events ]
Error - 05.04.2011 10:52:52 | Computer Name = WK** | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041105045245.xml
 File not created by asset agent
 
Error - 14.06.2011 12:42:48 | Computer Name = WK** | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061114064212.xml
 File not created by asset agent
 
Error - 19.07.2011 13:35:30 | Computer Name = WK** | Source = Hewlett-Packard | ID = 0
Description = 
 
Error - 02.08.2011 08:17:49 | Computer Name = WK** | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081102021716.xml
 File not created by asset agent
 
[ System Events ]
Error - 15.12.2011 07:54:59 | Computer Name = WK** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 15.12.2011 07:55:24 | Computer Name = WK** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.12.2011 08:23:09 | Computer Name = WK** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.12.2011 08:25:16 | Computer Name = WK** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 15.12.2011 08:33:18 | Computer Name = WK** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.12.2011 08:34:58 | Computer Name = WK** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 15.12.2011 12:39:45 | Computer Name = WK** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.12.2011 12:41:57 | Computer Name = WK** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 15.12.2011 14:14:09 | Computer Name = WK** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.12.2011 14:17:02 | Computer Name = WK** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
Mein Fazit: Ich habe etwas gesurft, ab und zu neugestartet: Mir ist nichts weiteres mehr aufgefallen. Ich Denke das System läuft wieder

Vielen vielen herzlichen Dank!
habemehl


Alt 16.12.2011, 08:50   #6
kira
/// Helfer-Team
 
BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean? - Standard

BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean?



1.
Windows Defender:
Parallel zu ein AV-Programm nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
Windows Defender komplett deaktivieren

Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder
Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe)

Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen.
Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen.
Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen.

Start => services.msc ins Suchfeld eingeben.
Es öffnet sich das Fenster der Dienste
Doppelklick auf den Dienst "Windows Defender"
Starttyp auf "Manuell" umstellen.
Dienststatus beenden, falls der Dienst noch gestartet ist.
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

2.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
ATTFilter
CCleaner
         
- Zeitweise laufen lassen:-> Anleitung

3.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

4.
Wenn alles gut verlaufen und dein System läuft stabil,mache folgendes:
Alle Systemwiederherstellungspunkte löschen, auch den Letzten

5.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

Lesestoff Nr.1:
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler[/b[
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    Sponsor-Programm, Toolbars möglist abwählen (so wird oft Art von Adware/Spyware mitinstalliert)
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Comnputer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept
  • Entwicklung schädlicher Websites/viruslist.com
  • Brennpunkt: Bilder und Töne
    Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira
__________________
--> BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean?

Alt 16.12.2011, 14:09   #7
habemehl
 
BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean? - Standard

BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean?



Hallo Kira,

nochmals vielen Dank - wieder ein Mensch glücklicher.

zu 1) wurde umgesetzt!
zu 2) hatte ich gestern abend schon erledigt
zu 3) OTL war nur auf meinem "Bereinigungs-USB-Stick" und ist jetzt weg, aber kann beim (hoffentlich nicht notwendigen) nächsten Mal, neu geladen werden.
zu 4) Ich konnte den letzten Wiederherstellungspunkt nicht löschen, habe daher einen neuen Wiederherstellungspunkt angelegt und dann nochmal "Alle bis auf den letzten" gelöscht. Somit ist der jetzige "letzte" Wiederherstellungspunkte, der erste vom sauberen System.
zu 5) Da ich mir eh in den vergangenen Tagen einen neuen Passwort-Algorithmus ausgedacht habe (auf allen Systemen ein anderes, sicheres Passwort, die ich mir trotzdem merken kann ), werde ich diesen jetzt konsequent auf meine Accounts anwenden.

Vielen Dank für die Hilfe und den Lesestoff, den werde ich in den Semesterferien durcharbeiten....

Alt 17.12.2011, 07:08   #8
kira
/// Helfer-Team
 
BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean? - Standard

BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean?



gern geschehen und nochmal alles Gute
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean?
autorun, avg, bho, c:\windows\system32\rundll32.exe, canon, defender, desktop, download, explorer, firefox, format, gesperrt, helper, hijack.startpage, home, launch, logfile, mbamservice.exe, mozilla, nicht sicher, notebook, plug-in, programme, pup.vshareredir, rechner gesperrt, registry, required, rundll, security, security scan, security update, software, starten, sttray.exe, system, usb, vista, winlogon.exe




Ähnliche Themen: BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean?


  1. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  2. Computer gesperrt Ukash Trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (2)
  3. ukash-trojaner-Rechner gesperrt
    Plagegeister aller Art und deren Bekämpfung - 12.01.2013 (2)
  4. Trojan.FakeMS, Rechner gesperrt, GVU Trojaner (BSI) Webcam-Fake, Zahlung: PaysafeCard, UKash
    Log-Analyse und Auswertung - 30.11.2012 (1)
  5. PUP.VShareRedir gefunden, Rechner versendet evtl. Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (42)
  6. GVU Ukash Trojaner - PC gesperrt
    Log-Analyse und Auswertung - 03.09.2012 (3)
  7. Trojaner ( Ukash) hat Computer gesperrt
    Log-Analyse und Auswertung - 20.08.2012 (5)
  8. Computer gesperrt - Trojaner mit ukash und paysafecard
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (11)
  9. ukash Trojaner Bildschirm gesperrt
    Log-Analyse und Auswertung - 19.05.2012 (3)
  10. ukash Trojaner eingefangen Pc gesperrt
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (2)
  11. Ukash-Trojaner, Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (28)
  12. Rechner gesperrt, Zahlung von 100,-€ an ukash und paysafe soll problem lösen...
    Log-Analyse und Auswertung - 01.04.2012 (1)
  13. Gema Ukash Virus Rechner gesperrt
    Log-Analyse und Auswertung - 09.12.2011 (3)
  14. Hatte Backddor Trojaner. Jetzt wieder clean?
    Log-Analyse und Auswertung - 25.05.2010 (15)
  15. Nach Trojaner entfernung, ist mein System wieder clean?
    Mülltonne - 20.11.2008 (0)
  16. Bagle - ist der Rechner wieder Clean?
    Plagegeister aller Art und deren Bekämpfung - 27.10.2007 (3)
  17. ist mein rechner jetzt wieder clean???
    Log-Analyse und Auswertung - 21.01.2005 (1)

Zum Thema BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean? - Auf dem Notebook eines Kollegen hat sich der BKA-Trojaner eingeschlichen (Details siehe: hxxp://computer.t-online.de/ukash-bundeskriminalamt-trojaner-erpresst-nutzer/id_45379290/index) Ich weiß leider nicht, wie er ihn bekommen hat, er ist sich (wie immer) keine Schuld bewusst... - BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean?...
Archiv
Du betrachtest: BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.