sbcvvhost_win86

ninzie · 25.12.2011, 18:14

Hallo Leute

Ich bin neu hier und hoffe ich mach jetzt keinen Fehler hier ein neues Thema zu erstellen..hab mir wie so einige schon vor mir hier im Forum den Virus sbcvvhost_win86 eingefangen...hab mich auch schon hier etwas informiert nur ist es bei wie in diesem Thread beschrieben:

HTML-Code:

[URL]http://www.trojaner-board.de/106823-sbcvvhost_win86-keine-programme-aufrufbar-internetverbindung-nur-abzockseite.html[/URL]

Kann weder auf Programme zugreifen..noch ins Menü oder der gleichen..nicht mal in den Task Manager...Im prinzip ist bei mir nur weißer Bildschrim da ich den Internetzugriff für den Virus per Zonealarm verweigert hab.
Hab mir auch die Antwort darauf durchgelesen und weiß jetzt nicht wie ich das Programm auf dem Computer ausführen soll wenn ich nirgends ins Menü komme...oder soll ich mit dem Laptop (woran ich jetzt sitze) die cd brennen?

Entschuldigt is bestimmt ne total dumme frage aber manchmal bin ich schwer von kp

schon mal danke für die Hilfe

lg

markusg · 25.12.2011, 18:17

hi, brenne die cd halt an einem sauberen gerät und dann den laptop der infiziert ist mit der gebrannten cd starten :-)

ninzie · 25.12.2011, 20:03

Hab alles wie gemacht wie beschrieben..nur leider beim versuch den REATOGO-X-PE Desktop zu starten...arbeitet die Festplatte ziemlich und dann kommt die bluescreen fehlermeldung

Kann es sein das mein "sauberes" System zwei betriebssysteme drauf hat (win 7 und xp) und mein infiziertes nur win 7...das er da iwie schwierigkeiten hat?

Bitte sagt mir nicht ich muss es komplett neu machen

markusg · 25.12.2011, 20:10

hi, bitte mal im bios gucken und dort von ide auf AHCI umstellen, bzw wenn das schon so ist, umgekehrt, dann otl noch mal versuchen

ninzie · 25.12.2011, 20:54

ok soweit so gut..hab den scan gemacht...nur mich hat verwundert das C:\Extras.Txt bei mir fehlt...dabei hab ich alles gemacht wie beschrieben...naja ich hoffe C:\OTL.Txt hilft erstmal..

Code:

ATTFilter

OTL logfile created on: 12/25/2011 8:41:44 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.87 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive H: | 290.45 Gb Total Space | 41.72 Gb Free Space | 14.36% Space Free | Partition Type: NTFS
Drive I: | 290.62 Gb Total Space | 27.83 Gb Free Space | 9.58% Space Free | Partition Type: NTFS
Drive J: | 15.41 Gb Total Space | 3.05 Gb Free Space | 19.81% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/09/22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- H:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/04/19 10:34:48 | 000,625,184 | ---- | M] () [Auto] -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/04/19 10:34:48 | 000,207,904 | ---- | M] () [Auto] -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2011/12/14 14:51:32 | 003,316,000 | ---- | M] () [Auto] -- H:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/07/15 07:30:54 | 000,066,872 | ---- | M] () [Auto] -- H:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/07/03 06:21:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- H:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/29 09:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand] -- H:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/06/06 05:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 08:41:03 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- H:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/21 13:20:46 | 000,090,624 | ---- | M] () [Auto] -- H:\Program Files (x86)\EpocCam\EpocCamSvc.exe -- (EpocCamSvc)
SRV - [2011/02/18 10:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- H:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/02/10 06:58:28 | 000,076,288 | ---- | M] () [Auto] -- H:\Windows\SysWOW64\scm.exe -- (Secure Content Management)
SRV - [2010/12/08 07:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand] -- H:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/09/10 11:56:02 | 000,040,960 | ---- | M] () [Auto] -- H:\Users\Janine\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/16 19:08:42 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- H:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/28 14:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand] -- H:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- H:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- H:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/08 08:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/07/03 06:21:30 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- H:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/03 06:21:30 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- H:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/10 01:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/22 18:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/05/15 09:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- H:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009/12/25 08:51:35 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- H:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/08/13 02:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- H:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/07/13 19:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/26 02:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/30 00:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/04/29 10:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- H:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009/04/06 03:13:46 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- H:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2009/04/06 03:13:46 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- H:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2009/03/25 11:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2009/03/25 11:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV:64bit: - [2009/03/25 11:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2009/03/25 11:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2009/03/25 11:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV:64bit: - [2009/03/25 11:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009/03/25 11:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2008/08/28 04:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- H:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/06/17 16:02:40 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | Auto] -- H:\Windows\System32\drivers\npf.sys -- (npf)
DRV:64bit: - [2008/06/15 20:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- H:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/05/16 06:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008/05/16 06:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008/05/16 06:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/05/16 06:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008/05/16 06:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008/05/16 06:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008/05/16 06:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV:64bit: - [2008/01/09 05:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- H:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010/05/15 09:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- H:\Windows\SysWOW64\drivers\vsdatant.sys -- (Vsdatant)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3210&r=173612091916p0345v1j5y47m4920r
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3210&r=173612091916p0345v1j5y47m4920r
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Janine_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3210&r=173612091916p0345v1j5y47m4920r
IE - HKU\Janine_ON_H\Software\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\Janine_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\Janine_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Janine_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
IE - HKU\NetworkService_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: KPSA-home-Priess@EasternGraphics.com:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: H:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: H:\Program Files (x86)\Win7codecs\rm\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: H:\Program Files (x86)\Win7codecs\rm\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: H:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@zylom.com/ZylomGamesPlayer: H:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/23 08:41:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/18 08:49:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/04/11 11:07:20 | 000,000,000 | ---D | M]
 
[2009/12/29 06:14:21 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Janine\AppData\Roaming\Mozilla\Extensions
[2011/12/24 09:31:29 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\extensions
[2011/12/21 13:15:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/12/06 16:02:49 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/12/24 09:31:29 | 000,000,000 | ---D | M] (DownloadHelper) -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/19 17:14:31 | 000,000,000 | ---D | M] (BlockSite) -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/11/12 10:54:07 | 000,000,000 | ---D | M] (Greasemonkey) -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/12/30 06:35:35 | 000,000,000 | ---D | M] (KPSA-Home (Priess)) -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\extensions\KPSA-home-Priess@EasternGraphics.com
[2010/09/20 13:01:24 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\extensions\quickstores@quickstores.de
[2011/12/15 16:08:07 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\extensions\toolbar@ask.com
[2011/12/25 06:21:39 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-1.xml
[2011/09/01 05:50:47 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-10.xml
[2011/09/08 12:03:52 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-11.xml
[2011/09/21 13:55:45 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-12.xml
[2011/09/28 05:11:03 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-13.xml
[2011/10/06 10:21:26 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-14.xml
[2011/11/07 13:21:16 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-15.xml
[2011/11/24 12:01:27 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-16.xml
[2011/11/29 12:31:00 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-17.xml
[2011/12/22 09:03:48 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-18.xml
[2011/03/05 12:49:52 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-2.xml
[2011/03/24 13:37:41 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-3.xml
[2011/03/30 10:53:23 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-4.xml
[2011/04/29 10:57:37 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-5.xml
[2011/05/21 14:20:43 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-6.xml
[2011/07/03 14:34:13 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-7.xml
[2011/08/16 15:51:45 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-8.xml
[2011/08/20 15:47:23 | 000,000,950 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin-9.xml
[2011/03/30 08:14:34 | 000,001,042 | ---- | M] () -- H:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\searchplugins\icqplugin.xml
[2011/11/23 08:41:51 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/05 13:09:03 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- H:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
File not found (No name found) -- 
() (No name found) -- H:\USERS\JANINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JCUJPW5Y.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2011/11/23 08:41:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- H:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/03 21:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/10/23 09:01:34 | 000,102,400 | ---- | M] (Zylom) -- H:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011/10/06 06:57:24 | 000,001,392 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/06 06:57:24 | 000,002,252 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/06 06:57:24 | 000,001,153 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/06 06:57:24 | 000,006,805 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/06 06:57:23 | 000,001,178 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/06 06:57:23 | 000,001,105 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/06/27 15:08:06 | 000,435,609 | R--- | M]) - H:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 14990 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Janine_ON_H\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [NvCplDaemon] H:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] H:\Users\Janine\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] H:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] H:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [APSDaemon] H:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] H:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ZoneAlarm Client]  File not found
O4 - HKU\Janine_ON_H..\Run: []  File not found
O4 - HKU\Janine_ON_H..\Run: [Akamai NetSession Interface] H:\Users\Janine\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\Janine_ON_H..\Run: [DAEMON Tools Lite] H:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\Janine_ON_H..\Run: [SpybotSD TeaTimer] H:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Janine_ON_H..\Run: [WBhXTAWuFpmNyON] H:\Users\Janine\AppData\Roaming\sbcvvhost_win86.exe (JqItwY)
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - H:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - H:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - H:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000022 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - H:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - H:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - H:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - H:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - H:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - H:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - H:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - H:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - H:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Janine_ON_H Winlogon: Shell - (C:\Users\Janine\AppData\Roaming\sbcvvhost_win86.exe) - H:\Users\Janine\AppData\Roaming\sbcvvhost_win86.exe (JqItwY)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{10a978c7-f15d-11de-b263-001f16fafcf3}\Shell - "" = AutoRun
O33 - MountPoints2\{10a978c7-f15d-11de-b263-001f16fafcf3}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\{1aa55d3d-ff79-11de-a8c4-0009dd1061b0}\Shell - "" = AutoRun
O33 - MountPoints2\{1aa55d3d-ff79-11de-a8c4-0009dd1061b0}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a
O33 - MountPoints2\{4394c935-11e6-11e1-b59e-001f16fafcf3}\Shell - "" = AutoRun
O33 - MountPoints2\{4394c935-11e6-11e1-b59e-001f16fafcf3}\Shell\AutoRun\command - "" = F:\ZTE_Handset_USB_Driver.exe
O33 - MountPoints2\{dc19c2b4-2a1e-11e0-9b14-001f16fafcf3}\Shell - "" = AutoRun
O33 - MountPoints2\{dc19c2b4-2a1e-11e0-9b14-001f16fafcf3}\Shell\AutoRun\command - "" = L:\AutoRun.exe
O33 - MountPoints2\{dc19c2b9-2a1e-11e0-9b14-001f16fafcf3}\Shell - "" = AutoRun
O33 - MountPoints2\{dc19c2b9-2a1e-11e0-9b14-001f16fafcf3}\Shell\AutoRun\command - "" = L:\AutoRun.exe
O33 - MountPoints2\{ead9d831-2861-11df-84c4-0009dd1061b0}\Shell - "" = AutoRun
O33 - MountPoints2\{ead9d831-2861-11df-84c4-0009dd1061b0}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/25 11:00:37 | 000,095,744 | ---- | C] (Kassl GmbH) -- H:\Users\Janine\AppData\Roaming\dwlGina3.dll
[2011/12/25 08:29:43 | 000,344,064 | ---- | C] (JqItwY) -- H:\Users\Janine\AppData\Roaming\sbcvvhost_win86.exe
[2011/12/25 07:05:54 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{4ADF2F7E-32C0-44BA-81F6-6100AF407309}
[2011/12/25 07:05:42 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{79114947-0604-4C2E-BB78-8D2BF736AA96}
[2011/12/22 10:58:57 | 000,000,000 | ---D | C] -- H:\Users\Janine\Desktop\20028b16
[2011/12/21 15:08:03 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{30F64131-6487-491B-928C-0DD351220143}
[2011/12/21 15:07:52 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{B9F8CA9A-5045-44AD-8183-47E68F5468FB}
[2011/12/20 14:53:07 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{D961B2E7-3666-401C-9C22-F929E8595818}
[2011/12/20 14:52:56 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{6A0299DF-FE4F-47D1-A5EC-291BE7669823}
[2011/12/19 08:32:10 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{849D8664-F2C7-440C-9AE8-28DF1F850D9B}
[2011/12/18 16:31:51 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{9493726E-F8A5-4885-8EBD-D0D2D9E2C562}
[2011/12/18 16:31:40 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{38CD215B-F816-4545-ABFE-A51A13F26B1A}
[2011/12/17 12:07:53 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{F58EFCAF-7EC3-4FED-8921-FE62889DF125}
[2011/12/17 12:07:42 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{AB239FCD-FA5E-484B-9170-73F06C12309E}
[2011/12/15 11:40:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\csrsrv.dll
[2011/12/15 11:40:39 | 000,703,488 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2011/12/15 11:40:39 | 000,599,552 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msfeeds.dll
[2011/12/15 11:40:39 | 000,256,000 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iepeers.dll
[2011/12/15 11:40:39 | 000,247,808 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2011/12/15 11:40:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieui.dll
[2011/12/15 11:40:38 | 000,482,816 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\html.iec
[2011/12/15 11:40:38 | 000,386,048 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\html.iec
[2011/12/15 11:40:38 | 000,185,856 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\iepeers.dll
[2011/12/15 11:40:38 | 000,134,144 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll
[2011/12/15 11:40:38 | 000,132,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\url.dll
[2011/12/15 11:40:38 | 000,097,280 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmled.dll
[2011/12/15 11:40:38 | 000,067,072 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\mshtmled.dll
[2011/12/15 11:40:38 | 000,057,856 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\licmgr10.dll
[2011/12/15 11:40:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\licmgr10.dll
[2011/12/15 11:40:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msfeedssync.exe
[2011/12/15 11:40:38 | 000,012,288 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeedssync.exe
[2011/12/15 11:39:14 | 000,723,456 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\EncDec.dll
[2011/12/15 11:39:14 | 000,534,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\EncDec.dll
[2011/12/14 08:58:16 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/12/14 08:58:16 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/12/14 08:58:14 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Roaming\Notepad++
[2011/12/14 08:58:14 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Notepad++
[2011/12/13 12:34:37 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{95057DC5-D54C-4187-826B-643DDCAA6BB8}
[2011/12/13 12:34:25 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{61241C86-EB82-40F1-91CB-5F66434871B3}
[2011/12/12 15:04:59 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{021084A1-F90A-4347-94AE-926C52F70440}
[2011/12/12 14:31:28 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{25400FE6-88ED-45B8-9E95-C822F3F2805B}
[2011/12/12 14:31:17 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{9AEE842E-7558-4523-A0DC-A2F205757AC6}
[2011/12/10 09:04:24 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{3DA2FE9F-3291-4517-8FFF-3603A2A23D5C}
[2011/12/09 15:45:07 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{230428C8-3DF1-4FF9-941E-53C565889984}
[2011/12/09 15:44:56 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{AA358FFB-D45A-42FF-AEC4-248D185CD4AF}
[2011/12/08 15:05:10 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{CB370B26-1C98-41E2-B6EE-CB59021316C7}
[2011/12/08 13:08:17 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{A32E322A-F23A-46E9-8AED-27DDBE91297A}
[2011/12/08 11:23:34 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{DA98BC26-0F8E-4232-AB26-061B0F7727ED}
[2011/12/08 11:23:23 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{86C4850B-54C2-4C98-8A87-3AB54039079F}
[2011/12/07 14:33:01 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{B4556013-4941-42D3-A232-666922A3CB57}
[2011/12/07 14:32:45 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{244A81A1-646E-4747-BA60-16CA0862A684}
[2011/12/06 14:04:23 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{821FFE4D-CB7F-4D6E-A201-47CDDF2B259A}
[2011/12/06 14:04:13 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{DEDFC0D8-0C72-48C2-A242-A09D56088F3A}
[2011/12/06 12:22:53 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Roaming\Origin
[2011/12/06 12:22:48 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\Origin
[2011/12/06 12:22:35 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011/12/06 12:22:27 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Origin Games
[2011/12/06 12:22:27 | 000,000,000 | ---D | C] -- H:\ProgramData\Origin
[2011/12/06 12:13:05 | 000,000,000 | ---D | C] -- H:\ProgramData\EA Core
[2011/12/06 12:13:04 | 000,000,000 | ---D | C] -- H:\ProgramData\Electronic Arts
[2011/12/05 08:00:00 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{2C282816-4B23-49F4-873A-F0CD309FEF50}
[2011/12/05 07:59:49 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{22249AF0-704F-42B6-A613-AF075AD9C08A}
[2011/12/04 11:44:23 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{A5761B82-A23A-4ABC-BCC7-3E9426927DE9}
[2011/12/04 11:44:11 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{3B4F585C-3973-4B39-902D-5E0364FE46AF}
[2011/12/03 13:28:07 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Avanquest update
[2011/12/03 13:28:07 | 000,000,000 | ---D | C] -- H:\ProgramData\Avanquest
[2011/12/03 07:22:22 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{243FC9C5-476C-4E80-B344-2DCB8181BCD6}
[2011/12/03 07:22:11 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{1DE767C4-0F5F-4319-AFBE-D15C052CF0C5}
[2011/12/02 13:13:54 | 000,000,000 | ---D | C] -- H:\Windows\SysWow64\Wargasm
[2011/12/02 11:45:44 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{C2EF0935-508E-43D4-B148-7CC75818C92E}
[2011/12/02 11:45:33 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{05DE8670-E240-4AB1-A69E-41F61F861B9E}
[2011/12/01 13:43:30 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{D63C0D11-755A-4683-A255-EEEE45F908AA}
[2011/12/01 13:43:19 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{08925188-5D03-4D75-B491-09047F1A02C4}
[2011/11/30 13:43:13 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{35A1A36F-7524-4755-B637-02CD4DDA6679}
[2011/11/30 13:43:00 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{60AA247B-56A5-485E-AF49-8EBA6099B27B}
[2011/11/29 14:00:55 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{ECF2499F-DEB7-411B-9D57-1A5C5532B168}
[2011/11/29 14:00:44 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{F8E06CD1-EE58-4AFA-89CF-847F5DE4C5E3}
[2011/11/27 10:42:13 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{8485D2A2-085D-4F11-8BD8-A37545525509}
[2011/11/27 10:42:02 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{6EF923A1-D939-432E-B9C2-66A1CB7178F9}
[2011/11/27 07:44:20 | 000,000,000 | ---D | C] -- H:\Users\Janine\AppData\Local\{88F9D681-1AA2-4CDC-B43C-CB4136024814}
[2011/11/26 07:34:10 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xider
[2009/12/25 07:10:55 | 000,148,736 | ---- | C] (Avanquest Software) -- H:\ProgramData\hpe3DCB.dll
[2009/08/15 08:45:34 | 000,036,136 | ---- | C] (Oberon Media) -- H:\ProgramData\FullRemove.exe
[4 H:\ProgramData\*.tmp files -> H:\ProgramData\*.tmp -> ]
[4 H:\ProgramData\*.tmp files -> H:\ProgramData\*.tmp -> ]
[1 H:\Windows\System32\drivers\*.tmp files -> H:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/25 14:13:25 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2011/12/25 11:41:14 | 000,664,396 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2011/12/25 11:41:14 | 000,624,578 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2011/12/25 11:41:14 | 000,134,564 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2011/12/25 11:41:14 | 000,110,216 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2011/12/25 11:24:25 | 000,009,696 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/25 11:24:25 | 000,009,696 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/25 11:17:00 | 000,001,106 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/25 11:00:37 | 000,095,744 | ---- | M] (Kassl GmbH) -- H:\Users\Janine\AppData\Roaming\dwlGina3.dll
[2011/12/25 08:38:00 | 000,001,110 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/25 08:29:41 | 000,344,064 | ---- | M] (JqItwY) -- H:\Users\Janine\AppData\Roaming\sbcvvhost_win86.exe
[2011/12/25 08:24:12 | 001,730,236 | ---- | M] () -- H:\Users\Janine\Desktop\facinate_installer_402754.sis
[2011/12/25 08:22:12 | 000,007,394 | ---- | M] () -- H:\Users\Janine\Desktop\binu_app_for_facebook_t.jad
[2011/12/25 08:10:09 | 006,552,172 | ---- | M] () -- H:\Users\Janine\Desktop\spbshell37_lh4eqyza(2)(1).sis
[2011/12/24 09:42:14 | 003,307,956 | ---- | M] () -- H:\Users\Janine\Desktop\WhatsApp_2_6_55.sis
[2011/12/17 09:07:53 | 002,378,384 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2011/12/14 08:58:16 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/12/09 08:55:46 | 006,552,172 | ---- | M] () -- H:\Users\Janine\Desktop\spbshell37_lh4eqyza(2).sis
[2011/12/06 12:22:36 | 000,000,696 | ---- | M] () -- H:\Users\Public\Desktop\Origin.lnk
[2011/12/06 12:22:36 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011/12/03 16:40:40 | 000,002,441 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/03 16:22:46 | 002,379,910 | ---- | M] () -- H:\Users\Janine\Desktop\Edna.pdf
[2011/12/03 13:31:41 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
[2011/12/03 13:31:18 | 000,002,236 | ---- | M] () -- H:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011/11/26 07:34:10 | 000,000,968 | ---- | M] () -- H:\Users\Janine\Desktop\Edna Bricht Aus.lnk
[2011/11/26 07:34:10 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xider
[4 H:\ProgramData\*.tmp files -> H:\ProgramData\*.tmp -> ]
[4 H:\ProgramData\*.tmp files -> H:\ProgramData\*.tmp -> ]
[1 H:\Windows\System32\drivers\*.tmp files -> H:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/12/25 08:24:03 | 001,730,236 | ---- | C] () -- H:\Users\Janine\Desktop\facinate_installer_402754.sis
[2011/12/25 08:22:12 | 000,007,394 | ---- | C] () -- H:\Users\Janine\Desktop\binu_app_for_facebook_t.jad
[2011/12/25 08:09:23 | 006,552,172 | ---- | C] () -- H:\Users\Janine\Desktop\spbshell37_lh4eqyza(2)(1).sis
[2011/12/24 09:41:55 | 003,307,956 | ---- | C] () -- H:\Users\Janine\Desktop\WhatsApp_2_6_55.sis
[2011/12/09 08:55:05 | 006,552,172 | ---- | C] () -- H:\Users\Janine\Desktop\spbshell37_lh4eqyza(2).sis
[2011/12/06 12:22:36 | 000,000,696 | ---- | C] () -- H:\Users\Public\Desktop\Origin.lnk
[2011/12/03 16:22:33 | 002,379,910 | ---- | C] () -- H:\Users\Janine\Desktop\Edna.pdf
[2011/12/03 13:31:18 | 000,002,236 | ---- | C] () -- H:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011/11/26 07:34:10 | 000,000,968 | ---- | C] () -- H:\Users\Janine\Desktop\Edna Bricht Aus.lnk
[2011/11/18 07:04:34 | 000,000,000 | ---- | C] () -- H:\Users\Janine\AppData\Local\{626DEDC2-5D2C-4D88-B604-22CF030E27D7}
[2011/07/23 06:32:56 | 000,000,000 | ---- | C] () -- H:\Users\Janine\AppData\Local\{E0A09C69-607E-4A46-9C75-77ED2E80D197}
[2011/07/16 01:59:22 | 000,000,094 | ---- | C] () -- H:\Users\Janine\AppData\Local\fusioncache.dat
[2011/07/15 07:30:54 | 000,669,184 | ---- | C] () -- H:\Windows\SysWow64\pbsvc.exe
[2011/06/14 16:37:55 | 000,000,400 | ---- | C] () -- H:\Windows\ODBC.INI
[2011/06/01 04:36:02 | 000,000,178 | ---- | C] () -- H:\Users\Janine\AppData\Local\bff.dat
[2011/05/16 16:18:47 | 000,000,132 | ---- | C] () -- H:\Users\Janine\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/03/08 11:25:06 | 000,001,456 | ---- | C] () -- H:\Users\Janine\AppData\Local\Adobe Für Web speichern 11.0 Prefs
[2011/02/10 06:58:28 | 000,076,288 | ---- | C] () -- H:\Windows\SysWow64\scm.exe
[2011/01/11 14:35:05 | 000,000,012 | ---- | C] () -- H:\Windows\dirsaver.ini
[2011/01/03 08:41:19 | 000,000,728 | ---- | C] () -- H:\Users\Janine\AppData\Roaming\wklnhst.dat
[2010/11/20 14:21:25 | 000,000,425 | ---- | C] () -- H:\Windows\BRWMARK.INI
[2010/11/20 12:56:11 | 000,031,864 | ---- | C] () -- H:\Windows\maxlink.ini
[2010/10/23 11:28:26 | 000,069,632 | R--- | C] () -- H:\Windows\SysWow64\xmltok.dll
[2010/10/23 11:28:26 | 000,036,864 | R--- | C] () -- H:\Windows\SysWow64\xmlparse.dll
[2010/09/23 10:17:51 | 000,000,093 | ---- | C] () -- H:\Windows\Lexstat.ini
[2010/06/23 05:35:52 | 000,790,528 | ---- | C] () -- H:\Windows\SysWow64\xvidcore.dll
[2010/06/23 05:35:52 | 000,134,144 | ---- | C] () -- H:\Windows\SysWow64\xvidvfw.dll
[2010/05/12 09:09:06 | 000,108,032 | ---- | C] () -- H:\Windows\SysWow64\ff_vfw.dll
[2010/01/22 15:38:36 | 000,000,045 | ---- | C] () -- H:\Windows\Twacker.ini
[2010/01/22 15:38:35 | 000,000,045 | ---- | C] () -- H:\Windows\lifeview.ini
[2010/01/22 15:38:29 | 000,014,385 | ---- | C] () -- H:\Windows\TW561a.ini
[2010/01/18 15:41:55 | 000,103,736 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrB.exe
[2010/01/18 15:40:51 | 000,066,872 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrA.exe
[2010/01/13 06:09:39 | 001,526,730 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/11 15:24:30 | 000,000,034 | ---- | C] () -- H:\Windows\cdplayer.ini
[2010/01/08 16:03:15 | 000,005,085 | ---- | C] () -- H:\ProgramData\ypkpiykb.yyr
[2010/01/07 11:12:30 | 000,045,056 | ---- | C] () -- H:\Windows\SysWow64\xfire_lsp_9028.dll
[2010/01/03 14:48:37 | 000,047,104 | ---- | C] () -- H:\Users\Janine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/29 06:14:10 | 000,000,000 | ---- | C] () -- H:\Windows\nsreg.dat
[2009/08/16 03:08:36 | 000,178,176 | ---- | C] () -- H:\Windows\SysWow64\unrar.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- H:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2008/10/07 11:13:30 | 000,197,912 | ---- | C] () -- H:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 11:13:22 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelFrench.dll
[2007/03/12 12:59:00 | 000,299,008 | ---- | C] () -- H:\Program Files\navigram_register.exe
[2007/02/05 13:05:26 | 000,000,038 | ---- | C] () -- H:\Windows\AviSplitter.INI
 
========== LOP Check ==========
 
[2009/12/24 15:02:27 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Application Data
[2009/12/25 08:25:43 | 000,000,000 | ---D | M] -- H:\ProgramData\Arcade Lab
[2011/12/03 13:28:07 | 000,000,000 | ---D | M] -- H:\ProgramData\Avanquest
[2010/02/18 13:19:32 | 000,000,000 | ---D | M] -- H:\ProgramData\Avanquest Bluetooth SDK
[2009/12/25 07:19:11 | 000,000,000 | ---D | M] -- H:\ProgramData\BVRP Software
[2011/09/24 11:59:30 | 000,000,000 | ---D | M] -- H:\ProgramData\CheckPoint
[2009/12/25 08:56:12 | 000,000,000 | ---D | M] -- H:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Documents
[2009/12/24 15:02:27 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2010/11/03 10:12:06 | 000,000,000 | -HSD | M] -- H:\ProgramData\DSS
[2011/12/06 12:13:05 | 000,000,000 | ---D | M] -- H:\ProgramData\EA Core
[2011/12/06 12:13:04 | 000,000,000 | ---D | M] -- H:\ProgramData\Electronic Arts
[2009/12/24 15:59:59 | 000,000,000 | ---D | M] -- H:\ProgramData\FarmFrenzy2
[2009/12/24 15:02:27 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favorites
[2011/05/22 08:17:56 | 000,000,000 | ---D | M] -- H:\ProgramData\ICQ
[2011/05/02 14:11:46 | 000,000,000 | ---D | M] -- H:\ProgramData\Mono
[2011/04/11 11:06:10 | 000,000,000 | ---D | M] -- H:\ProgramData\NokiaInstallerCache
[2009/12/24 15:03:34 | 000,000,000 | ---D | M] -- H:\ProgramData\OEM
[2011/12/06 12:24:49 | 000,000,000 | ---D | M] -- H:\ProgramData\Origin
[2009/08/15 09:01:59 | 000,000,000 | ---D | M] -- H:\ProgramData\Packard Bell
[2009/08/15 09:04:49 | 000,000,000 | ---D | M] -- H:\ProgramData\Partner
[2011/04/11 11:08:17 | 000,000,000 | ---D | M] -- H:\ProgramData\PC Suite
[2010/12/28 11:10:48 | 000,000,000 | ---D | M] -- H:\ProgramData\regid.1986-12.com.adobe
[2011/07/15 10:52:07 | 000,000,000 | ---D | M] -- H:\ProgramData\ScanSoft
[2010/10/25 12:39:57 | 000,000,000 | ---D | M] -- H:\ProgramData\SecTaskMan
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Start Menu
[2009/12/24 15:02:27 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2010/01/11 09:13:41 | 000,000,000 | ---D | M] -- H:\ProgramData\TEMP
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Templates
[2010/06/13 09:10:07 | 000,000,000 | ---D | M] -- H:\ProgramData\TuneUp Software
[2009/12/24 15:02:27 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2010/07/23 12:37:49 | 000,000,000 | ---D | M] -- H:\ProgramData\Win7codecs
[2010/10/25 14:14:34 | 000,000,000 | ---D | M] -- H:\ProgramData\WinZip
[2011/11/18 08:49:47 | 000,000,000 | ---D | M] -- H:\ProgramData\Zylom
[2010/01/20 08:52:11 | 000,000,000 | ---D | M] -- H:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2009/12/26 17:27:07 | 000,000,000 | -HSD | M] -- H:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/04/08 06:43:28 | 000,000,000 | ---D | M] -- H:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/06/13 09:09:41 | 000,000,000 | -HSD | M] -- H:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011/12/04 05:58:12 | 000,032,640 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> H:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 142 bytes -> H:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 136 bytes -> H:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 128 bytes -> H:\ProgramData\TEMP:5D7E5A8F
< End of report >

Hoffe hab das jetzt richtig eingefügt hier^^

markusg · 27.12.2011, 16:16

hi
hatte mir mal n tag auszeit gegönnt, jetzt gehts weiter

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O4 - HKU\Janine_ON_H..\Run: [WBhXTAWuFpmNyON] H:\Users\Janine\AppData\Roaming\sbcvvhost_win86.exe (JqItwY)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O20 - HKU\Janine_ON_H Winlogon: Shell - (C:\Users\Janine\AppData\Roaming\sbcvvhost_win86.exe) - H:\Users\Janine\AppData\Roaming\sbcvvhost_win86.exe (JqItwY)
[2011/12/25 11:00:37 | 000,095,744 | ---- | C] (Kassl GmbH) -- H:\Users\Janine\AppData\Roaming\dwlGina3.dll
:Files
H:\Users\Janine\AppData\Roaming\sbcvvhost_win86.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

öffne computer, öffne H: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

ninzie · 27.12.2011, 17:34

ok erstma danke bis hierhin...er wollte zwar neustarten tut es aber nicht..egal? oder was tun?

markusg · 27.12.2011, 17:49

starte mal manuell neu entweder über den otl desktop oder power knopf drücken, dann cd raus und gucken obs läuft

ninzie · 27.12.2011, 17:57

oki rechner soweit oben..allerdings werden keine desktop icons angezeigt und die otl.txt hat er auch nicht geöffnet...

markusg · 27.12.2011, 18:01

hi, mach mal nen rechtsklick, ansicht, symbole einblenden.
dann weiter mit dem upload wie beschrieben.

ninzie · 27.12.2011, 18:10

öffne computer, öffne H: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.

diesen schritt versteh ich nicht ganz...wo finde ich denn die _OTL?
hab kein Verzeichnis H:

muss ich den rechner dann wieder mit der CD starten?

EDIT: nein schon gut habs gefunden^^ lade es grade hoch..ich sag doch ich bin manchmal schwer von kp

markusg · 27.12.2011, 19:51

danke für den upload

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

ninzie · 27.12.2011, 20:37

Hier die Combofix.txt

Code:

ATTFilter

ComboFix 11-12-27.01 - Janine 27.12.2011  20:20:52.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4095.2596 [GMT 1:00]
ausgeführt von:: c:\users\Janine\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\007d472f.tmp
c:\programdata\008267f8.tmp
c:\programdata\0254ecd9.tmp
c:\programdata\02568042.tmp
c:\programdata\hpe3DCB.dll
c:\users\Janine\AppData\Roaming\.#
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\scm.exe
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-27 bis 2011-12-27  ))))))))))))))))))))))))))))))
.
.
2011-12-27 22:41 . 2011-07-13 02:55	2237440	----a-r-	C:\OTLPE.exe
2011-12-27 22:41 . 2011-12-27 17:28	--------	d-----w-	C:\_OTL
2011-12-27 19:26 . 2011-12-27 19:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-27 17:15 . 2011-11-21 11:40	8822856	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E004DDD7-639F-4D6D-AFCD-E1A07EA97720}\mpengine.dll
2011-12-15 16:39 . 2011-11-24 05:00	3141632	----a-w-	c:\windows\system32\win32k.sys
2011-12-15 16:39 . 2011-10-15 06:25	723456	----a-w-	c:\windows\system32\EncDec.dll
2011-12-15 16:39 . 2011-10-15 05:48	534528	----a-w-	c:\windows\SysWow64\EncDec.dll
2011-12-15 16:39 . 2011-11-05 05:17	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-15 16:39 . 2011-11-05 04:30	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-12-14 13:58 . 2011-12-14 13:58	--------	d-----w-	c:\users\Janine\AppData\Roaming\Notepad++
2011-12-14 13:58 . 2011-12-14 13:58	--------	d-----w-	c:\program files (x86)\Notepad++
2011-12-06 17:22 . 2011-12-06 17:24	--------	d-----w-	c:\users\Janine\AppData\Roaming\Origin
2011-12-06 17:22 . 2011-12-06 17:22	--------	d-----w-	c:\users\Janine\AppData\Local\Origin
2011-12-06 17:22 . 2011-12-06 17:24	--------	d-----w-	c:\programdata\Origin
2011-12-06 17:22 . 2011-12-06 17:22	--------	d-----w-	c:\program files (x86)\Origin Games
2011-12-06 17:13 . 2011-12-06 17:13	--------	d-----w-	c:\programdata\EA Core
2011-12-06 17:13 . 2011-12-06 17:13	--------	d-----w-	c:\programdata\Electronic Arts
2011-12-06 17:09 . 2011-12-06 17:09	--------	d-----w-	c:\users\Janine\Destop
2011-12-03 18:28 . 2011-12-03 18:28	--------	d-----w-	c:\programdata\Avanquest
2011-12-03 18:28 . 2011-12-03 18:28	--------	d-----w-	c:\program files (x86)\Avanquest update
2011-12-02 18:13 . 2004-11-16 18:50	--------	d-----w-	c:\windows\SysWow64\Wargasm
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 11:37 . 2011-05-24 08:32	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 18:21 . 2011-10-01 18:21	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-29 16:24 . 2011-11-10 14:14	1897328	----a-w-	c:\windows\system32\drivers\tcpip.sys
2007-03-12 17:59 . 2007-03-12 17:59	299008	----a-w-	c:\program files\navigram_register.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-11-21 01:18	1515688	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-21 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Akamai NetSession Interface"="c:\users\Janine\AppData\Local\Akamai\netsession_win.exe" [2011-12-12 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"ZoneAlarm Client"="d:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-02-18 1043968]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-09-08 888488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
"ControlCenter3"=c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
"BrMfcWnd"=c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"NokiaMServer"=c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-29 135664]
R2 OMSCAN;OMSCAN;Sys??ò?(ibe??ò?.ewo??ò?/ [x]
R2 Secure Content Management;Secure Content Management;c:\windows\system32\scm.exe [x]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-29 135664]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 EpocCamSvc;EpocCamSvc;c:\program files (x86)\EpocCam\EpocCamSvc.exe [2011-03-21 90624]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\Janine\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2010-09-10 40960]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-04-01 1401672]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-29 19:14]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-29 19:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 16333856]
"Ocs_SM"="c:\users\Janine\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-09-10 106496]
"combofix"="c:\combofix\CF20593.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3210&r=173612091916p0345v1j5y47m4920r
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Save YouTube Video
IE: Save YouTube Video as MP3
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
LSP: xfire_lsp_9028.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\jcujpw5y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.de/search?q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.2&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-WBhXTAWuFpmNyON - c:\users\Janine\AppData\Roaming\sbcvvhost_win86.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1374029676-1744045079-474200933-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1374029676-1744045079-474200933-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1374029676-1744045079-474200933-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-27  20:33:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-27 19:33
.
Vor Suchlauf: 14 Verzeichnis(se), 47.094.247.424 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 46.506.635.264 Bytes frei
.
- - End Of File - - 2328400A058DFA037AC47CE8D2B00DF6

markusg · 27.12.2011, 21:18

1. deinstaliere mal spybot, nicht mehr sonderlich zeitgemäß und kann die reinigung stören, pc neustarten.
2.

malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

ninzie · 28.12.2011, 02:25

ok hier die log file:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122705

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.12.2011 02:23:00
mbam-log-2011-12-28 (02-23-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 418741
Laufzeit: 1 Stunde(n), 7 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\electronic arts\medal of honor\Binaries\loader.dll (Riskware.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\Janine\documents\battlefield bad company 2\Crack\rld-bbc2.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
c:\Users\Janine\documents\Setups\battlefield.2_keygen-fff\fff-ea103.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\Janine\documents\Setups\tuneup utilities 2009 v.8.0.1210\tuneup utilities 2009 v.8.0.1210\Patch\tune.up.utilities.2009-patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
d:\program files (x86)\electronic arts\battlefield bad company 2\rld-bbc2.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.

25.12.2011, 18:17	#2
markusg /// Malware-holic	sbcvvhost_win86 hi, brenne die cd halt an einem sauberen gerät und dann den laptop der infiziert ist mit der gebrannten cd starten :-) __________________ __________________

sbcvvhost_win86

Plagegeister aller Art und deren Bekämpfung: sbcvvhost_win86

sbcvvhost_win86

sbcvvhost_win86

sbcvvhost_win86

sbcvvhost_win86

sbcvvhost_win86

sbcvvhost_win86

sbcvvhost_win86

sbcvvhost_win86

sbcvvhost_win86

sbcvvhost_win86

sbcvvhost_win86

sbcvvhost_win86

sbcvvhost_win86

sbcvvhost_win86

sbcvvhost_win86

Ähnliche Themen: sbcvvhost_win86

27.12.2011, 17:34	#7
ninzie	sbcvvhost_win86 ok erstma danke bis hierhin...er wollte zwar neustarten tut es aber nicht..egal? oder was tun? Geändert von ninzie (27.12.2011 um 17:47 Uhr)

27.12.2011, 17:57	#9
ninzie	sbcvvhost_win86 oki rechner soweit oben..allerdings werden keine desktop icons angezeigt und die otl.txt hat er auch nicht geöffnet...