Hallo Forummitglieder,
wende mich als DAU an Euch und hoffe, dass ich eure Regeln richtig umsetze!
Einmal konntet ihr mir schon helfen. Vielleicht klappts diesmal wieder.
Mein PC ist mit dem "Scheinvirus" Trojan_BNK.Win32.Keylogger.gen befallen, Keine Programme (IE, Outlook, Word,...) lassen sich mehr starten.

Ich werde immer aufgefordert, Vista Internet Security 2012 zu kaufen, um eine ganze Menge Viren, die meinen Computer befallen haben sollen, zu entfernen.

Habe OTL.exe runtergeladen und den Scan wie von euch beschrieben durchgeführt.

Anbei die beiden OTL Berichte:

Extras.txt:

OTL Extras logfile created on: 26.12.2011 21:53:34 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = c:\Users\XXXXXXXX\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,85% Memory free
6,21 Gb Paging File | 3,85 Gb Available in Paging File | 62,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 356,46 Gb Free Space | 61,34% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,73 Gb Free Space | 18,20% Space Free | Partition Type: FAT32
Drive E: | 5,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 14,83 Gb Total Space | 10,64 Gb Free Space | 71,78% Space Free | Partition Type: FAT32

Computer Name: LISA | User Name: XXXXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = x1] -- C:\Users\Lisa.Daniel\AppData\Local\ajg.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05695F55-CE99-47ED-82A3-18EF6E22C53D}" = rport=138 | protocol=17 | dir=out | app=system |
"{0F0A0349-D1D5-4A5D-AA9A-48AA26FD2764}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BBDDBB7-3FB1-4CA3-871C-A614A2D03101}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2D4288AC-6DFB-4528-9966-D0CED3BDBE37}" = lport=10243 | protocol=6 | dir=in | app=system |
"{48BF18BF-F960-4990-82B6-8FB890947793}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4D277C1F-AC09-4DDD-8C24-403ECD9D3D40}" = lport=139 | protocol=6 | dir=in | app=system |
"{5A6958C9-85CB-4A7B-8169-BA0E111C1A1C}" = lport=138 | protocol=17 | dir=in | app=system |
"{61C988AF-C00E-48E5-9F31-7404501DCE48}" = lport=2869 | protocol=6 | dir=in | app=system |
"{67029290-BD54-4D76-8109-BB033DB67B25}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6E2C93FB-4E5D-4E12-844A-69C18AD05CE0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7A61E77F-9778-4DB5-BF24-93D6778CA5EE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7F929178-5C95-43BB-8E81-EEFD5C5415B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{893ABD94-6E4D-4A21-80C8-9738AD96A362}" = rport=137 | protocol=17 | dir=out | app=system |
"{8CD19F8E-13F1-4BF1-9DCD-0BE5A5EC48BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AF715999-C363-456F-B4AF-13BFA0DBC736}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B5E8D8E9-F6A2-483F-86C8-E913BEBF6639}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C61A21CC-2376-4A85-A216-47497FBDEA49}" = lport=445 | protocol=6 | dir=in | app=system |
"{D1AB3A06-85F2-40CE-A8B4-EB43E12276C4}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{D3709D06-04E7-4AF8-B469-EAA3A6668869}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DBE3A033-A25C-4191-8C10-5C487BB2E645}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDADB6A3-4B10-4A30-AE87-B23C66E931F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{E6081167-44DE-4EFE-AFF7-32BC67E08E08}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E8B3B2D0-F064-4652-94DB-85F25FBAD978}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E96040A5-14C9-4017-8657-50CD65328F68}" = lport=137 | protocol=17 | dir=in | app=system |
"{F80770DE-BE39-44EF-BC76-1E83801F8527}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00988BC0-F7AF-4018-9246-F4EB1B410372}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{01CBE305-18C2-441B-8128-BCE3881F3FCD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{05507330-73EF-4736-B17A-71ECC5892147}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0E45F8F1-41C0-4FDA-BB96-FAEB99E50C19}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{14CFB545-7191-47F2-A175-2EA124161A27}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{14D2E712-4E64-479D-AC77-9DB2D28F24AA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{181A38B1-7EFD-469F-A51A-D27741F27486}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{20CD60AD-086C-409C-B034-774FEFCC8B4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28D901C4-6106-4EB8-891E-383FFDC57625}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{30DF6864-A337-4F6A-8429-7746505D219E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3332D803-35AA-4138-A1F9-48C2BE59539B}" = protocol=6 | dir=out | app=system |
"{3D2AD709-85D9-4FD2-8B39-8B309D461FFD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{416159B5-C79E-44A5-AB92-46999D92C896}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{49A67C06-E80B-4B1E-802D-FE4B625FF4C0}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{4AC0BEF2-5394-4BDA-BCF8-AD5C3BC0BDF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52A758BD-5893-4294-86B8-8B8BDF682285}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{54E4C7C8-4F63-4294-8512-CD787E8D825A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{67C5DBCB-6F46-4C61-A682-BEC0687C2A91}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{6914AC2C-64C3-4E81-BF52-B07A7EC5A8FF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6ED2D56A-1719-4E69-9C71-C0E8C18D05B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70893ACD-AC3E-41BC-B949-7F58C53D7A0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79F77634-20B7-4D4D-B17A-FDA42DE78C7E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7A177F3E-7715-4AA7-BF7F-A7E9222ADA8D}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{82B114E9-0BCD-4E23-8E4F-2FBFC30E8076}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{8A015514-B380-4C48-B528-25115D6B0765}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{8A2731F7-28D6-4B98-BD28-F26BBB381A9F}" = dir=in | app=e:\setup\hpznui01.exe |
"{8F45BA1D-3DD2-4B6F-B10C-867D86BAE4A7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A200B6D6-3024-4500-8EEC-DBF8F34C0690}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ACD32A56-AD10-436F-9C79-0F98394DE7D9}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{AE46D6AF-DFC1-4292-B8D6-3901507946F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B103BAF9-6566-413F-B6C7-CECA35E66A0C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B60CC218-5F01-4CE3-871E-C7C8055211C4}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{BC071F55-12E4-4164-A24A-571846BA64DE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CAE61E13-9AD5-4495-847D-EA4E24F99D3F}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{D741D8F0-A3D7-4F3C-8155-5F1E14A83D4F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D901F13C-2914-4C23-9750-710EDD210A07}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DDB9D600-5179-4C05-BFFC-1487161D1A5D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E0981756-0D6B-4A4A-9EFC-286A245B3FCB}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{E14F1341-1898-4161-8C76-53123EB2F33C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{E37488DB-89CD-4084-98B3-FDBAE62FA4B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED01D1A1-A353-43BA-BBE2-2EFB2FC647F0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EF76D00B-5E01-409C-ABF6-12A24A9AE784}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{F4DDAFE8-1357-435C-AEEE-F5DD1F88AB12}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F8339A7C-98C2-44FA-AFCC-AF0FBECD7593}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{F933E5A3-DA65-4FF5-BD69-73A36B9A33D6}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{FA65AD54-342B-4393-8D9A-13D2B82AA54B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FCEF50D6-AE8C-490B-97D5-4E29C584DDBE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"TCP Query User{436D5EBE-0A9D-49E3-9458-377FACA27AD0}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{82EC7505-26DA-42B8-8C2E-9630896D9DF4}C:\users\lisa.daniel\desktop\server kastner\winscp.exe" = protocol=6 | dir=in | app=c:\users\lisa.daniel\desktop\server kastner\winscp.exe |
"TCP Query User{8802876A-B64B-436B-99DF-6BC4FF5660AA}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"TCP Query User{90912156-420E-4272-961D-7B37CB72E260}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{926C958F-230A-4771-8B1F-79122B2AA83E}C:\users\lisa.daniel\desktop\winscp martina\winscp.exe" = protocol=6 | dir=in | app=c:\users\lisa.daniel\desktop\winscp martina\winscp.exe |
"TCP Query User{C37FD311-68C0-4F1E-BFFA-013DE7FC6BCA}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{CE02C243-3A0C-4EA4-BC63-819D35192CE2}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{F2B532D8-70EF-46F0-9C27-5EACD47BFDA2}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"UDP Query User{0223D0AC-38E9-4179-8F4D-71A3AC95FCF3}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{27F1AD11-8F19-4D9C-9396-648A83630391}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{334E53B6-8C88-483F-8EA3-5298503BDFA6}C:\users\lisa.daniel\desktop\winscp martina\winscp.exe" = protocol=17 | dir=in | app=c:\users\lisa.daniel\desktop\winscp martina\winscp.exe |
"UDP Query User{667CD0D5-3380-46E0-9640-6CE9F78B9D05}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"UDP Query User{AF1A7AEA-F762-4BD9-A472-2B7D0B4D066F}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"UDP Query User{D4015CCE-0CE7-4D97-A6B0-EF5781DD2CA8}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{DAA17A6F-B86B-4715-928D-E99D0E0C477B}C:\users\lisa.daniel\desktop\server kastner\winscp.exe" = protocol=17 | dir=in | app=c:\users\lisa.daniel\desktop\server kastner\winscp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"_{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B568EF0-5280-4E27-BE21-74D15F0BD8AF}" = Samsung PC Studio 3
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Geheimakte Tunguska
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"{80AC6A5B-DD0D-408E-A442-F8C057EFA44A}" = Rawether
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{A58EE8AF-92A3-4B65-B871-AA71962A53A4}" = You and Me 4 CD-ROM
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AE9F7747-0350-4E02-B115-6A2C92F5FA54}" = Corel Home Office
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE7347AD-2D93-4A74-8DBF-C1B073DAE509}" = Geheimakte 2 - Puritas Cordis
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C40FDA46-40CD-46EE-A79D-EA4AE56EA008}" = ACDSee for PENTAX 3.0
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"CCleaner" = CCleaner
"Chocolatier" = Chocolatier
"conduitEngine" = Conduit Engine
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Jane's Realty 2_is1" = Jane's Realty 2
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger_Plus Toolbar" = Messenger Plus Toolbar
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"NVIDIA Drivers" = NVIDIA Drivers
"Origin" = Origin
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Restaurant Empire II" = Restaurant Empire II
"Royal Envoy™_is1" = Royal Envoy™
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"Shop for HP Supplies" = Shop for HP Supplies
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra WebStart" = GeoGebra WebStart

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Und nun noch OTL.txt

le created on: 26.12.2011 21:53:34 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = c:\Users\XXXXX\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,85% Memory free
6,21 Gb Paging File | 3,85 Gb Available in Paging File | 62,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 356,46 Gb Free Space | 61,34% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,73 Gb Free Space | 18,20% Space Free | Partition Type: FAT32
Drive E: | 5,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 14,83 Gb Total Space | 10,64 Gb Free Space | 71,78% Space Free | Partition Type: FAT32

Computer Name: LISA | User Name:XXXXXXX| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\Users\Lisa.Daniel\Downloads\OTL.exe (OldTimer Tools)
PRC - D:\Defogger.exe ()
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Users\XXXXXXXX\AppData\Local\ajg.exe (Microsoft Corporation)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Common Files\ACD Systems\DE\DevDetect.exe (ACD Systems, Ltd.)


========== Modules (No Company Name) ==========

MOD - D:\Defogger.exe ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\adc6081b96ada807b858bd7dd6c44b08\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\3c0633ebbeacf2d66ef3952b50568479\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b8f8841931a97c3ab2b652f13cfeb295\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\945868a5fd952dcfe3fa4904cbab936a\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7306f4ac763fc6264804397bc22226e8\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9db16bf8a565eaa6bbb182dcd147cfb6\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\18ec39f6cef17c8576736b60e0be5131\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\11a64ded5d210891688bdef1c54c26e4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\968981974b267a245b7b78393836df5a\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\34b8c9534065b074e4e5228f40310e13\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\404a37992b5c2de07993795fb48dfc65\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\Lisa.Daniel\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll ()
MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Programme\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Programme\Logitech\Vid HD\SDL.dll ()
MOD - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Programme\Common Files\LogiShrd\LvApi11\LvApi11.dll ()
MOD - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Programme\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Programme\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Programme\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Programme\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Programme\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Programme\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Programme\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Programme\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Programme\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Programme\Logitech\Vid HD\phonon4.dll ()
MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll ()


========== Win32 Services (SafeList) ==========

SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()


========== Driver Services (SafeList) ==========

DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LVUVC) Logitech Webcam 500(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (NETGEARUHUB) -- C:\Windows\System32\drivers\NETGEARUHUB.sys (SerComm)
DRV - (NETGEARUHOST) -- C:\Windows\System32\drivers\NETGEARUHOST.sys (SerComm)
DRV - (NETGEARUCOMP) -- C:\Windows\System32\drivers\NETGEARUCOMP.sys (SerComm)
DRV - (PCAMp50) -- C:\Windows\System32\drivers\PCAMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKLM\..\URLSearchHook: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Programme\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\..\URLSearchHook: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Programme\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.19 12:02:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.19 12:02:12 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010.08.28 20:30:48 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Messenger Plus Toolbar) - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Programme\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Messenger Plus Toolbar) - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Programme\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Toolbar) - {B760D5A4-8D24-4CB6-942E-D6BB540AD88C} - C:\Programme\Messenger_Plus\prxtbMess.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - Startup: C:\Users\Lisa.Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7606793A-BB19-49AE-B3F3-41B45FED3179}: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8B84594-FC55-49AE-825B-BCA5D2990B10}: NameServer = 195.34.133.21,195.34.133.22
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lisa.Daniel\AppData\Roaming\ACD Systems\ACDSee\ACD Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Lisa.Daniel\AppData\Roaming\ACD Systems\ACDSee\ACD Hintergrund.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.09.16 08:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011.09.16 05:58:13 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{d8bba5cc-b4c9-11de-aa25-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d8bba5cc-b4c9-11de-aa25-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2011.09.16 08:07:13 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = x1] -- "C:\Users\Lisa.Daniel\AppData\Local\ajg.exe" -a "%1" %* (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011.12.26 21:26:54 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.12.26 21:26:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.26 21:26:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.26 21:26:53 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.12.26 21:26:53 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.12.26 21:26:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.12.26 21:26:53 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.12.26 21:26:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.12.26 21:26:52 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.12.26 21:26:52 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.12.26 21:26:52 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.12.26 21:26:52 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.12.26 21:26:52 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.12.26 21:26:52 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.12.26 21:26:52 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.12.26 21:26:52 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.12.26 21:26:51 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.26 21:26:51 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.26 21:26:51 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.12.26 21:26:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.26 21:26:51 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.12.26 21:26:51 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.12.26 21:26:51 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.12.26 21:26:51 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.12.26 21:26:50 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.26 21:26:50 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.26 21:26:50 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.12.26 21:26:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.12.26 21:26:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.12.26 21:26:50 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.12.26 21:26:50 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.12.26 21:26:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.12.26 21:26:50 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.12.26 21:26:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.12.26 21:26:50 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.12.26 21:26:50 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.12.26 21:26:49 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.12.26 19:56:52 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Users\Lisa.Daniel\AppData\Local\ajg.exe
[2011.12.26 19:34:44 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{8EBF900B-26E0-4E68-8802-DC217D6E7F24}
[2011.12.26 19:34:26 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{B9951FE2-C89B-4809-BF3D-ADF780A6BF6F}
[2011.12.25 19:00:40 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{8737F213-AA94-4BEB-85FF-FEC2212349D2}
[2011.12.25 19:00:29 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{3396E23C-1396-47EB-870B-1530919D582F}
[2011.12.21 15:43:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{E232D97D-2ABA-40FF-B988-0258F18F2324}
[2011.12.21 15:43:31 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{FA9601C8-12EA-4F79-AEE6-24415B77FDF2}
[2011.12.18 18:32:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{0CC4AF84-5E76-4979-8F1C-C82EA2B7D9F4}
[2011.12.18 18:32:42 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{416D8D98-8E0F-4DF2-8EA4-F56F95AF6BFD}
[2011.12.16 15:13:34 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{CE1A89CC-66E2-46C4-93A6-C416E19F7311}
[2011.12.16 15:13:12 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{B669AA1C-6DA9-435A-AAA9-36CD0D5E0FDA}
[2011.12.15 14:51:29 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.15 14:51:29 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.15 14:51:27 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.15 14:51:26 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.15 14:51:25 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.15 14:51:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.13 18:57:12 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{25DB5C77-BB8B-4CBE-959B-45482D575096}
[2011.12.13 18:56:50 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{8F35E9BD-F76E-485B-81E3-F43714EA8E9D}
[2011.12.13 17:08:19 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{1BEBB1FF-BDD2-477F-8D63-B8DC5B90DE03}
[2011.12.13 17:07:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{EB3074E8-B658-414D-9A7F-603F24541FBD}
[2011.12.09 17:02:38 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{157D1DDC-64DA-4424-811F-1E2B92FFCCA2}
[2011.12.09 17:02:17 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{0EF90309-251B-4339-B9E5-297D5227372C}
[2011.12.09 16:50:07 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{0DFA5194-05B3-47FA-A970-BF08BBFF0AD0}
[2011.12.09 16:49:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{2E448198-B33C-49A0-B5D6-9E09AF7A6A36}
[2011.12.08 19:08:33 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{2B37E358-E0D1-43DF-86FA-74D89D423843}
[2011.12.08 19:08:20 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{072F3E2D-DA29-44C0-BD23-9A1C008D0C48}
[2011.12.08 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{5D02E47D-8895-440F-B0B6-9F8F4148A571}
[2011.12.03 13:03:19 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{3A750BDD-2CD5-4F7B-AE5E-B7F99696C249}
[2011.12.03 13:02:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{B76ABAE1-AB29-43D4-A8DB-97DAFCFA4A66}
[2011.12.02 14:45:04 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{714F7CD5-3737-467C-8BDE-AB3FC91C7C17}
[2011.12.02 14:44:43 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{37A57628-5ACB-4381-BC42-58BA6753DA63}
[2011.12.01 19:54:43 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{65BD1F10-AA53-44A2-A6F5-C63616EEE775}
[2011.12.01 19:54:32 | 000,000,000 | ---D | C] -- C:\Users\Lisa.Daniel\AppData\Local\{763E561A-08D9-442F-90FB-298AE05B8799}

========== Files - Modified Within 30 Days ==========

[2011.12.26 21:43:14 | 000,000,000 | ---- | M] () -- C:\Users\Lisa.Daniel\defogger_reenable
[2011.12.26 21:30:54 | 000,086,525 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.26 21:30:48 | 000,013,070 | -HS- | M] () -- C:\Users\Lisa.Daniel\AppData\Local\2f34s54wg8g45fha41046iv1f8x1xvnb7u71q2k0x
[2011.12.26 21:30:48 | 000,013,070 | -HS- | M] () -- C:\ProgramData\2f34s54wg8g45fha41046iv1f8x1xvnb7u71q2k0x
[2011.12.26 21:30:44 | 000,086,525 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.26 21:30:43 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.26 21:29:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 21:29:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 21:29:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.26 21:29:17 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011.12.26 21:29:15 | 3220,447,232 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.26 21:27:01 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.12.26 21:27:01 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.12.26 21:26:54 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.12.26 21:26:54 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.26 21:26:53 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.26 21:26:53 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.12.26 21:26:53 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.12.26 21:26:53 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.12.26 21:26:53 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.12.26 21:26:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.12.26 21:26:52 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.12.26 21:26:52 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.12.26 21:26:52 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.12.26 21:26:52 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.12.26 21:26:52 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.12.26 21:26:52 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.12.26 21:26:52 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.12.26 21:26:52 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.12.26 21:26:52 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.12.26 21:26:51 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.26 21:26:51 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.26 21:26:51 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.12.26 21:26:51 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.26 21:26:51 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.12.26 21:26:51 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.12.26 21:26:51 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.12.26 21:26:51 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.12.26 21:26:50 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.26 21:26:50 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.26 21:26:50 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.12.26 21:26:50 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.12.26 21:26:50 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.12.26 21:26:50 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.12.26 21:26:50 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.12.26 21:26:50 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.12.26 21:26:50 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.12.26 21:26:50 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.12.26 21:26:50 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.12.26 21:26:50 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.12.26 21:26:49 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.12.26 21:10:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.26 19:56:52 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Users\Lisa.Daniel\AppData\Local\ajg.exe
[2011.12.26 17:43:22 | 000,000,104 | ---- | M] () -- C:\Users\Lisa.Daniel\Documents\Computer - Verknüpfung.lnk
[2011.12.22 15:03:20 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.22 15:03:20 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.22 15:03:20 | 000,127,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.22 15:03:20 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.16 14:35:38 | 000,430,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011.12.26 21:43:14 | 000,000,000 | ---- | C] () -- C:\Users\Lisa.Daniel\defogger_reenable
[2011.12.26 21:26:52 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.12.26 19:56:52 | 000,013,070 | -HS- | C] () -- C:\Users\Lisa.Daniel\AppData\Local\2f34s54wg8g45fha41046iv1f8x1xvnb7u71q2k0x
[2011.12.26 19:56:52 | 000,013,070 | -HS- | C] () -- C:\ProgramData\2f34s54wg8g45fha41046iv1f8x1xvnb7u71q2k0x
[2011.12.26 17:43:22 | 000,000,104 | ---- | C] () -- C:\Users\Lisa.Daniel\Documents\Computer - Verknüpfung.lnk
[2011.10.25 17:25:19 | 000,000,680 | ---- | C] () -- C:\Users\Lisa.Daniel\AppData\Local\d3d9caps.dat
[2011.08.04 11:58:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Application Support
[2011.08.04 11:58:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Application
[2011.08.04 11:58:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Applause and Laugher
[2011.08.04 11:58:00 | 000,000,268 | RH-- | C] () -- C:\Users\Lisa.Daniel\AppData\Roaming\Analog Sync
[2011.08.04 11:58:00 | 000,000,268 | RH-- | C] () -- C:\Users\Lisa.Daniel\AppData\Roaming\Analog Swirl
[2011.08.04 11:58:00 | 000,000,268 | RH-- | C] () -- C:\Users\Lisa.Daniel\AppData\Roaming\Analog Pad
[2011.08.04 11:58:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.08.04 11:58:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.08.04 11:58:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.04.16 16:08:25 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.04.16 16:08:25 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.03.08 13:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.03.08 13:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.03.08 13:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.03.08 13:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.03.08 13:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.02.13 11:43:46 | 000,020,480 | ---- | C] () -- C:\Users\Lisa.Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.02 16:21:23 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat
[2010.08.30 18:01:39 | 001,584,053 | ---- | C] () -- C:\Windows\Restaurant Empire II Uninstaller.exe
[2010.08.03 14:46:09 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.07.07 13:44:56 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010.07.07 13:44:30 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010.07.07 13:44:20 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010.05.19 11:53:30 | 000,225,313 | ---- | C] () -- C:\Windows\hpoins40.dat
[2010.01.22 16:38:50 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.01.22 16:38:50 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.01.16 10:49:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.01.16 10:43:03 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.01.16 10:24:26 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.01.02 19:43:49 | 000,000,992 | ---- | C] () -- C:\Windows\hpomdl40.dat.temp
[2009.12.27 12:20:11 | 000,023,239 | ---- | C] () -- C:\Users\Lisa.Daniel\AppData\Roaming\UserTile.png
[2009.10.07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.08.11 10:48:47 | 000,000,042 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2009.08.11 10:47:54 | 000,086,525 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.11 10:47:53 | 000,086,525 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.30 07:19:35 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.07.29 11:33:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.29 11:32:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.29 10:45:55 | 000,014,713 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009.07.28 19:36:51 | 000,632,014 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.28 19:36:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.28 19:36:51 | 000,127,258 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.28 19:36:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.28 09:49:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.05.22 11:04:30 | 000,000,992 | ---- | C] () -- C:\Windows\hpomdl40.dat
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,430,328 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,598,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,716 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.03.21 15:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL

========== LOP Check ==========

[2010.01.16 10:29:44 | 000,000,000 | ---D | M] -- C:\Users\Lisa.Daniel\AppData\Roaming\ACD Systems
[2010.08.23 16:16:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa.Daniel\AppData\Roaming\Janes Realty2
[2010.08.03 14:46:59 | 000,000,000 | ---D | M] -- C:\Users\Lisa.Daniel\AppData\Roaming\Leadertech
[2011.08.04 12:02:05 | 000,000,000 | ---D | M] -- C:\Users\Lisa.Daniel\AppData\Roaming\Nikon
[2011.10.28 18:19:34 | 000,000,000 | ---D | M] -- C:\Users\Lisa.Daniel\AppData\Roaming\OpenOffice.org
[2011.10.22 13:26:09 | 000,000,000 | ---D | M] -- C:\Users\Lisa.Daniel\AppData\Roaming\Origin
[2011.11.15 19:15:17 | 000,000,000 | ---D | M] -- C:\Users\Lisa.Daniel\AppData\Roaming\PhotoScape
[2010.06.02 14:00:23 | 000,000,000 | ---D | M] -- C:\Users\Lisa.Daniel\AppData\Roaming\PlayFirst
[2011.04.16 16:04:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa.Daniel\AppData\Roaming\Samsung
[2010.08.19 11:01:41 | 000,000,000 | ---D | M] -- C:\Users\Lisa.Daniel\AppData\Roaming\Windows Live Writer
[2011.12.26 21:28:21 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011.12.08 17:23:15 | 000,016,360 | ---- | M] ()(C:\Users\Lisa.Daniel\Documents\Zitate etc ?.docx) -- C:\Users\Lisa.Daniel\Documents\Zitate etc ♥.docx
[2011.12.08 17:23:15 | 000,016,360 | ---- | C] ()(C:\Users\Lisa.Daniel\Documents\Zitate etc ?.docx) -- C:\Users\Lisa.Daniel\Documents\Zitate etc ♥.docx

< End of report >

Hoffe ihr könnt mir bei der Beseitigung dieses Plagegeistes helfen.

VG longrunner 68

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code: Alles auswählenAufklappen

ATTFilter

 hier steht das Log
         

Hallo Cosinus,

vielen Dank für die rasche Antwort.
Melde mich, wenn die Scans durch sind!
Malwarebytes läuft gerade, Eset kommt nachher dran.
das dauert aber ein bisschen

vlg longrunner68

Hallo nochmal,

anbei der Malwarebytes Log:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4490

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

27.12.2011 00:07:41
mbam-log-2011-12-27 (00-07-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 371783
Laufzeit: 1 Stunde(n), 26 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Mit dem ESET Scanner hab ich aber ein Problem.

Ich kann den IE nur ohne Add Ons starten (sonst kommt sofort die Viruswarnung und das Öffnen wird unterdrückt). Wenn ich aber den Scanner ohne AddOns im IE starte, lässt er sich von mir nicht öffnen (Das Startbild wird nicht geladen). Hoffe das ist verständlich beschrieben.

Kannst Du trotzdem helfen?

VG longrunner68

Zitat:

Kannst Du trotzdem helfen?

Ja. Du hast eine völlig veraltete Version von Malwarebytes verwendet.
Lad das Setup von Malwarebytes neu runter, installier es und denk nochmal an ein Signaturupdate. Dann einen Vollscan wiederholen.

Vielen Dank Arne
und sorry, dass ich dich mit einem alten Log von Malware unnötig beschäftigt habe.
Habe malware auf dem infizierten PC jetzt aktualisiert und der Vollscan läuft gerade.
Zwei Fragen bevor ich etwas falsch mache:
1)soll ich infizierte dateien sofort bereinigen oder dir vorab die log datei schicken?
2) soll ich die AdOns, die du geschickt hast alle installieren? Oder erst auf deine Antwort zu dem Malware Scan warten?

Vielen Dank nochmal für die Unterstützung
Robert
longrunner 68

Hallo,

anbei der log von malwarebytes

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7622

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

27.12.2011 13:47:09
mbam-log-2011-12-27 (13-47-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|I:\|)
Durchsuchte Objekte: 411625
Laufzeit: 1 Stunde(n), 24 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
c:\Users\xxxx\AppData\Local\ajg.exe (Trojan.ExeShell.Gen) -> 5632 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\20W6RLKX65 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\xxxxx\AppData\Local\ajg.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\xxxxx\AppData\Local\ajg.exe (Trojan.ExeShell.Gen) -> Delete on reboot.
         

schaut für einen laien wie mich eigentlich ganz gut aus.

Habt ihr noch tipps für mich?

vlg robert
longrunner68

Zitat:

Datenbank Version: 7622

Nööö
Du hast zwar Malwarebytes' Programmversion aktuell aber nicht die Signaturen. Das musst du machen und danach darfst du den Vollscan erneut wiederholen.

Hallo Arne,

in meinem ersten Eintrag hab ich ja mich ja als DAU geoutet. Jetzt weißt Du ja, dass ich nicht untertrieben habe.....

aber jetzt hab ichs....hoffe ich

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122703

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

27.12.2011 20:27:20
mbam-log-2011-12-27 (20-27-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 413682
Laufzeit: 1 Stunde(n), 19 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (w5Y) Good: (exefile) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\lisa.daniel\AppData\Local\Temp\kna0.9973328309673872.exe
         

Vielleicht noch eine Info:

Nach dem Neustart nach dem letzten Scan waren die meisten Probleme schon beseitigt: eine Sache war aber noch lästig: alle Programme (bis auf IE) haben sich nur "als Administrator" öffnen lassen.

Bin schon gespannt wie´s weitergeht.

VG Robert

ESET solltest du auch scannen lassen

Hallo Arne,

hab den ESET Scan durchlaufen lassen.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

Mehr war in der log.txt nicht

Ist das so korrekt?

VG Robert

Du hast mit Sicherheit das hier überlesen:

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

OK Arne, Du hattest recht

jetzt das ESET log

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8d12110cf020d044ba94098aab022e1d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-29 05:13:31
# local_time=2011-12-29 06:13:31 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=256 16777215 100 0 63163780 63163780 0 0
# compatibility_mode=1797 16775165 100 94 26507 100687885 76876 0
# compatibility_mode=5892 16776573 100 100 4151 162705306 0 0
# compatibility_mode=8192 67108863 100 0 84669 84669 0 0
# scanned=249657
# found=2
# cleaned=0
# scan_time=6233
C:\Users\Lisa.Daniel\AppData\Local\Temp\~!#5E8B.tmp	a variant of Win32/Injector.MPH trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Lisa.Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\3a56555c-4cef8da5	a variant of Win32/Kryptik.YEO trojan (unable to clean)	00000000000000000000000000000000	I
         

aber beim 2. anlauf mach ich immer alles richtig - oder?

vg robert

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code: Alles auswählenAufklappen

ATTFilter

 hier steht das Log
         

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code: Alles auswählenAufklappen

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Klick auf .
• Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Glaub das hab ich

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 29.12.2011 23:44:16 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = c:\Users\xxxxx\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 52,97% Memory free
6,21 Gb Paging File | 4,23 Gb Available in Paging File | 68,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 354,49 Gb Free Space | 61,00% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,73 Gb Free Space | 18,20% Space Free | Partition Type: FAT32
Drive E: | 5,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 14,83 Gb Total Space | 10,64 Gb Free Space | 71,78% Space Free | Partition Type: FAT32
 
Computer Name: xxxx | User Name: xxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\xxxxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\PSIService.exe ()
         

Bin schon gespannt wie´s weitergeht

VG Robert Dau