HiJackFree findet einige suspekte Einträge

Durango · 06.03.2012, 19:44

Hier das Logfile:
HiJackFree Logfile v4.5
Scan gespeichert um 19:38:10, am 06.03.2012
Betriebssystem: Windows Vista32 Service Pack 2 (Windows NT 6.0.6002)
MSIE: Internet Explorer v 9.0 Service Pack 2 (9.0.8112.16421)

Aktive Prozesse:
C:\Windows\System32\smss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SLsvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\conime.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\VSSVC.exe
C:\Program Files\Emsisoft HiJackFree\a2HiJackFree.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ask.com Deutschland - die andere Suchmaschine
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} -
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} -
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O7 - Regedit - Aktiv
O8 - Extra Kontextmenü Eintrag: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - C:\Program Files\Internet Explorer\Custom\eBay.ico
O9 - Extra "Tools" menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - C:\Program Files\Internet Explorer\Custom\eBay.ico
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra "Tools" menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra "Tools" menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFBAR.ICO
O10 - Unbekannte Winsock LSP Datei: C:\Windows\system32\wpclsp.dll
O10 - Unbekannte Winsock LSP Datei: C:\Windows\system32\wpclsp.dll
O10 - Unbekannte Winsock LSP Datei: C:\Windows\system32\wpclsp.dll
O10 - Unbekannte Winsock LSP Datei: C:\Windows\system32\wpclsp.dll
O10 - Unbekannte Winsock LSP Datei: C:\Windows\system32\wpclsp.dll
O10 - Unbekannte Winsock LSP Datei: C:\Windows\system32\wpclsp.dll
O10 - Unbekannte Winsock LSP Datei: C:\Windows\system32\wpclsp.dll
O10 - Unbekannte Winsock LSP Datei: C:\Windows\system32\wpclsp.dll
O10 - Unbekannte Winsock LSP Datei: C:\Windows\system32\wpclsp.dll
O14 - IERESET.INF: SearchAssistant=
O14 - IERESET.INF: CustomizeSearch=
O21 - ShellServiceObjectDelayLoad: WebCheck -
O22 - SharedTaskScheduler: Component Categories cache daemon - C:\Windows\system32\browseui.dll
O23 - Dienst: Emsisoft Anti-Malware 6.0 - Service - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Dienst: Anwendungserfahrungdienst - C:\Windows\system32\svchost.exe
O23 - Dienst: Gatewaydienst auf Anwendungsebene - C:\Windows\System32\alg.exe
O23 - Dienst: Anwendungsinformationsdienst - C:\Windows\system32\svchost.exe
O23 - Dienst: Apple Mobile Device - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Dienst: Windows-Audiodienst - C:\Windows\System32\svchost.exe
O23 - Dienst: Windows-Audiodienst - C:\Windows\System32\svchost.exe
O23 - Dienst: Intelligenter Hintergrundübertragungsdienst - C:\Windows\System32\svchost.exe
O23 - Dienst: Dienst "Bonjour" - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Dienst: Computersuchdienst-DLL - C:\Windows\System32\svchost.exe
O23 - Dienst: Microsoft Smartcard-Zertifikatpropagierungsdienst - C:\Windows\system32\svchost.exe
O23 - Dienst: Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Dienst: Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
O23 - Dienst: COMSysApp - C:\Windows\system32\dllhost.exe
O23 - Dienst: Kryptografiedienste - C:\Windows\system32\svchost.exe
O23 - Dienst: DFSR - C:\Windows\system32\DFSR.exe
O23 - Dienst: DHCP Clientdienst - C:\Windows\system32\svchost.exe
O23 - Dienst: DNS-Client-API-DLL - C:\Windows\system32\svchost.exe
O23 - Dienst: Dienst für automatische Konfiguration verkabelter Netzwerke - C:\Windows\system32\svchost.exe
O23 - Dienst: Microsoft EAPHost-Dienst - C:\Windows\System32\svchost.exe
O23 - Dienst: Windws Media Center-Empfängerdienst - C:\Windows\ehome\ehRecvr.exe
O23 - Dienst: Windows Media Center-Planerdienst - C:\Windows\ehome\ehsched.exe
O23 - Dienst: Startprogramm für Windows Media Center - C:\Windows\\system32\svchost.exe
O23 - Dienst: ReadyBoost-Dienst - C:\Windows\system32\svchost.exe
O23 - Dienst: Ereignisprotokollierungsdienst - C:\Windows\System32\svchost.exe
O23 - Dienst: EventSystem - C:\Windows\system32\svchost.exe
O23 - Dienst: WS-Suchdienst - C:\Windows\system32\svchost.exe
O23 - Dienst: Dienst zur Funktionssuche-Ressourcenveröffentlichung - C:\Windows\system32\svchost.exe
O23 - Dienst: Windows-Dienst für Schriftartencache - C:\Windows\system32\svchost.exe
O23 - Dienst: Windows Presentation Foundation-Host - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
O23 - Dienst: Google Update Service (gupdate) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Dienst: Google Update-Dienst (gupdatem) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Dienst: HID-Dienst - C:\Windows\system32\svchost.exe
O23 - Dienst: Schlüsselverwaltungsdienst - C:\Windows\System32\svchost.exe
O23 - Dienst: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
O23 - Dienst: Canon Inkjet Printer/Scanner/Fax Extended Survey Program - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Dienst: IKE-Erweiterung - C:\Windows\system32\svchost.exe
O23 - Dienst: PnP-X-IP-Busauflistungs-DLL - C:\Windows\system32\svchost.exe
O23 - Dienst: Dienst, der IPv6-Konnektivität über ein IPv4-Netzwerk bietet. - C:\Windows\System32\svchost.exe
O23 - Dienst: iPod-Dienst - C:\Program Files\iPod\bin\iPodService.exe
O23 - Dienst: KeyIso - C:\Windows\system32\lsass.exe
O23 - Dienst: KtmRm - C:\Windows\System32\svchost.exe
O23 - Dienst: Serverdienst-DLL - C:\Windows\system32\svchost.exe
O23 - Dienst: Arbeitsstationsdienst-DLL - C:\Windows\System32\svchost.exe
O23 - Dienst: Ressourcen für Verbindungsschicht-Topologieerkennung - C:\Windows\System32\svchost.exe
O23 - Dienst: TCPIP-NetBios-Transportdienste-DLL - C:\Windows\system32\svchost.exe
O23 - Dienst: Media Center-Ressourcen - C:\Windows\system32\svchost.exe
O23 - Dienst: Multimediaklassen-Planungsdienst - C:\Windows\system32\svchost.exe
O23 - Dienst: Windows-Firewall-API - C:\Windows\system32\svchost.exe
O23 - Dienst: MSDTC - C:\Windows\System32\msdtc.exe
O23 - Dienst: iSCSI-Ermittlungs-API - C:\Windows\system32\svchost.exe
O23 - Dienst: Internationale Meldungen für Windows® Installer - C:\Windows\system32\msiexec
O23 - Dienst: Microsoft Antimalware Service - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
O23 - Dienst: Quarantäne-Agent-Dienstlaufzeit - C:\Windows\System32\svchost.exe
O23 - Dienst: Nero BackItUp Scheduler 3 - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Dienst: Anmeldedienst-DLL - C:\Windows\system32\lsass.exe
O23 - Dienst: Netzwerkverbindungs-Manager - C:\Windows\System32\svchost.exe
O23 - Dienst: Benutzeroberfläche zur Netzwerkprofilverwaltung - C:\Windows\System32\svchost.exe
O23 - Dienst: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Dienst: Definitionsupdatebeschreibungen - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
O23 - Dienst: NLA (Network Location Awareness) 2 - C:\Windows\System32\svchost.exe
O23 - Dienst: NMIndexingService - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Dienst: Netzwerkspeicherschnittstellen-RPC-Server - C:\Windows\system32\svchost.exe
O23 - Dienst: NVIDIA Display Driver Service - C:\Windows\system32\nvvsvc.exe
O23 - Dienst: Microsoft Office Diagnostics Service - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O23 - Dienst: Office Source Engine - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Dienst: Peer-zu-Peer-Dienste - C:\Windows\System32\svchost.exe
O23 - Dienst: Peer-zu-Peer-Dienste - C:\Windows\System32\svchost.exe
O23 - Dienst: Programmkompatibilitäts-Assistent-Dienst - C:\Windows\system32\svchost.exe
O23 - Dienst: Leistungsprotokolle und -warnungen - C:\Windows\System32\svchost.exe
O23 - Dienst: PLFlash DeviceIoControl Service - C:\Windows\system32\IoctlSvc.exe
O23 - Dienst: Plug & Play-Dienst (Benutzermodus) - C:\Windows\system32\svchost.exe
O23 - Dienst: Peer-zu-Peer-Dienste - C:\Windows\System32\svchost.exe
O23 - Dienst: Peer-zu-Peer-Dienste - C:\Windows\System32\svchost.exe
O23 - Dienst: Richtlinienspeicher-DLL - C:\Windows\system32\svchost.exe
O23 - Dienst: ProfSvc - C:\Windows\system32\svchost.exe
O23 - Dienst: Standardanbieter für den geschützten Speicher - C:\Windows\system32\lsass.exe
O23 - Dienst: ProtexisLicensing - C:\Windows\system32\PSIService.exe
O23 - Dienst: Windows NT - C:\Windows\\system32\svchost.exe
O23 - Dienst: RAS-Verwaltung für automatisches Wählen - C:\Windows\system32\svchost.exe
O23 - Dienst: RAS-Verbindungsverwaltung - C:\Windows\system32\svchost.exe
O23 - Dienst: Dynamischer Schnittstellen-Manager - C:\Windows\system32\svchost.exe
O23 - Dienst: RemoteRegistry - C:\Windows\system32\svchost.exe
O23 - Dienst: Cyberlink RichVideo Service(CRVS) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Dienst: Rpc Locator - C:\Windows\system32\locator.exe
O23 - Dienst: Sandboxie Service - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Dienst: Smartcard-Ressourcenverwaltungsserver - C:\Windows\system32\svchost.exe
O23 - Dienst: Aufgabenplanungsdienst - C:\Windows\system32\svchost.exe
O23 - Dienst: Microsoft Smartcard-Zertifikatpropagierungsdienst - C:\Windows\system32\svchost.exe
O23 - Dienst: Microsoft® Windows-Sicherungsdienst - C:\Windows\system32\svchost.exe
O23 - Dienst: Secunia PSI Agent - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Dienst: Secunia Update Agent - C:\Program Files\Secunia\PSI\sua.exe
O23 - Dienst: Benachrichtigungsdienst für Systemereignisse - C:\Windows\system32\svchost.exe
O23 - Dienst: Terminaldienstekonfigurationdienst - C:\Windows\System32\svchost.exe
O23 - Dienst: Microsoft NAT-Hilfskomponenten - C:\Windows\System32\svchost.exe
O23 - Dienst: Windows-Shelldienste-DLL - C:\Windows\System32\svchost.exe
O23 - Dienst: Skype Updater - C:\Program Files\Skype\Updater\Updater.exe
O23 - Dienst: Microsoft-Softwarelizenzierungsdienst - C:\Windows\system32\SLsvc.exe
O23 - Dienst: Software-Benutzerschnittstellen-Benachrichtigungsdienst - C:\Windows\system32\svchost.exe
O23 - Dienst: SNMP-Trap - C:\Windows\System32\snmptrap.exe
O23 - Dienst: SSDP-Dienst-DLL - C:\Windows\system32\svchost.exe
O23 - Dienst: Ermöglicht die Verwendung von SSTP (Secure Socket Tunneling-Protokoll), um eine Verbindung mit Remotecomputern herzustellen (über VPN). - C:\Windows\system32\svchost.exe
O23 - Dienst: Digitalbildgerätedienst - C:\Windows\system32\svchost.exe
O23 - Dienst: Softwareanbieter für Microsoft® Volumeschattenkopie-Dienst - C:\Windows\System32\svchost.exe
O23 - Dienst: Superfetch-Diensthost - C:\Windows\system32\svchost.exe
O23 - Dienst: Microsoft Tablet PC-Eingabedienst - C:\Windows\System32\svchost.exe
O23 - Dienst: Microsoft(R) Windows(R) Telefonieserver - C:\Windows\System32\svchost.exe
O23 - Dienst: TBS-Dienst - C:\Windows\System32\svchost.exe
O23 - Dienst: Terminalserver-Remoteverbindungs-Manager - C:\Windows\System32\svchost.exe
O23 - Dienst: Windows-Shelldienste-DLL - C:\Windows\System32\svchost.exe
O23 - Dienst: Multimediaklassen-Planungsdienst - C:\Windows\system32\svchost.exe
O23 - Dienst: Erkennung interaktiver Dienste - C:\Windows\system32\UI0Detect.exe
O23 - Dienst: UPnP-Gerätehost - C:\Windows\system32\svchost.exe
O23 - Dienst: Messenger USN Journal Reader-Service für freigegebene Ordner - C:\Program Files\Windows Live\Messenger\usnsvc.exe
O23 - Dienst: Desktopfenster-Manager - C:\Windows\System32\svchost.exe
O23 - Dienst: Virtueller Datenträgerdienst - C:\Windows\System32\vds.exe
O23 - Dienst: Microsoft® Volumeschattenkopie-Dienst - C:\Windows\system32\vssvc.exe
O23 - Dienst: Windows-Zeitdienst - C:\Windows\system32\svchost.exe
O23 - Dienst: Windows-Sofortverbindung - Konfigurationsregistrierungsstellendienst - C:\Windows\System32\svchost.exe
O23 - Dienst: WcsPlugInService-DLL - C:\Windows\system32\svchost.exe
O23 - Dienst: Web DAV-Dienst-DLL - C:\Windows\system32\svchost.exe
O23 - Dienst: Ereignissammlungsdienst - C:\Windows\system32\svchost.exe
O23 - Dienst: Problemberichte und -lösungen - C:\Windows\System32\svchost.exe
O23 - Dienst: Windows-Fehlerberichterstattungsdienst - C:\Windows\System32\svchost.exe
O23 - Dienst: Ressourcenmodul - C:\Windows\System32\svchost.exe
O23 - Dienst: Windows HTTP-Dienste - C:\Windows\system32\svchost.exe
O23 - Dienst: WMI - C:\Windows\system32\svchost.exe
O23 - Dienst: WSMan-Dienst - C:\Windows\System32\svchost.exe
O23 - Dienst: DLL für den automatischen Windows-WLAN-Konfigurationsdienst - C:\Windows\system32\svchost.exe
O23 - Dienst: Windows Live Setup Service - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Dienst: Adapter für den WMI-Leistungsreverseadapter - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Dienst: Windows Media Player-Netzwerkfreigabedienst - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Dienst: Jugendschutz - C:\Windows\system32\svchost.exe
O23 - Dienst: Enumerator für tragbare Geräte - C:\Windows\system32\svchost.exe
O23 - Dienst: wpffontcache_v0400.exe - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
O23 - Dienst: Windows-Sicherheitscenterdienst - C:\Windows\System32\svchost.exe
O23 - Dienst: Microsoft Windows Search-Indexerstellung - C:\Windows\system32\SearchIndexer.exe
O23 - Dienst: Windows Update-Agent - C:\Windows\system32\svchost.exe
O23 - Dienst: Windows Driver Foundation - Benutzermodus-Treiberframeworkdienst - C:\Windows\system32\svchost.exe
O23 - Dienst: X10 Device Network Service - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Ich hoffe ihr könnt mir sagen ob mein Pc sauber ist.
Im Anhang ist die Auswertung von Emisoft.

cosinus · 07.03.2012, 01:05

Bitte beachten

=> http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html

Durango · 07.03.2012, 12:35

Ist kein HijackThis sonder Hijackfree von Emisoft
Die schritte werde ich dann heute abarbeiten
danke schon mal im voruas

cosinus · 07.03.2012, 12:47

Zitat:

Ist kein HijackThis sonder Hijackfree von Emisoft

Das ist völlig irrelevant, denn die Logs von HJT und HiJackFree sind zu oberflächlich
Und hier steht auch nirgends, dass man ungefragt irgendwelche Logs von HiJackFree posten soll

Durango · 07.03.2012, 13:50

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Chef at 13:42:20 on 2012-03-07
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tim\Downloads\Desktop\dds.com
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp
uDefault_Page_URL = hxxp://www.aldi.com/
mDefault_Page_URL = hxxp://www.aldi.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - Ask Toolbar
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
mRun: [<NO NAME>]

.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0 - Deutsch
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP560 series Benutzerregistrierung
Canon MP560 series MP Drivers
Canon Utilities My Printer
CCleaner
Compatibility Pack für 2007 Office System
Corel MediaOne
CorelDRAW Essential Edition 3
CyberLink MediaShow
CyberLink PhotoNow
CyberLink PowerDirector
CyberLink PowerDVD
CyberLink PowerProducer
CyberLink YouCam
DE
Defraggler
devolo dLAN-Konfigurationsassistent
devolo dLAN Wireless extender Konfiguration
devolo EasyShare
devolo Informer
Dolby Control Center
Emsisoft Anti-Malware
GIMP 2.6.11
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java Auto Updater
Java(TM) 6 Update 31
MakeDisc
Malwarebytes Anti-Malware Version 1.60.1.1000
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Antimalware
Microsoft Antimalware Service DE-DE Language Pack
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Security Client
Microsoft Security Client DE-DE Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [DEU]
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
Mozilla Firefox 10.0.2 (x86 de)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
NVIDIA Drivers
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.93
Sandboxie 3.64 (32-bit)
Secunia PSI (2.0.0.4002)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Skype™ 5.8
swMSM
Synaptics Pointing Device Driver
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update Manager
VCRedistSetup
Windows Live Anmelde-Assistent
Windows Live Fotogalerie
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Writer
WinRAR
X10 Hardware(TM)
.
==== End Of File ===========================

Defogger habe ich auch gemacht.
Mit GMER hatte ich Probleme soll ich es nochmal versuchen?

cosinus · 07.03.2012, 14:43

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Durango · 07.03.2012, 14:49

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-07 14:43:29
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000032 WDC_WD32 rev.11.0
Running: oqv7w04i.exe; Driver: C:\Users\Chef\AppData\Local\Temp\pfdcipow.sys

---- System - GMER 1.0.15 ----

Code A134FBFC ZwTraceEvent
Code A134FBFB NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!NtTraceEvent 82839326 2 Bytes JMP A134FC00
.text ntkrnlpa.exe!NtTraceEvent + 3 82839329 2 Bytes [B1, 1E] {MOV CL, 0x1e}
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8CE00320, 0x3F7257, 0xE8000020]
.text win32k.sys!EngTransparentBlt + 8C05 980F2429 5 Bytes JMP A134F980
.text win32k.sys!XFORMOBJ_iGetXform + 456B 980FFF2C 5 Bytes JMP A134F5C0
.text win32k.sys!XFORMOBJ_iGetXform + 70E6 98102AA7 5 Bytes JMP A134F700
.text win32k.sys!EngGradientFill + 60DE 9814341D 5 Bytes JMP A134F8E0
.text win32k.sys!EngMulDiv + 4D41 98149D70 5 Bytes JMP A134F660
.text win32k.sys!EngMulDiv + 8C2C 9814DC5B 5 Bytes JMP A134F520
.text win32k.sys!EngStrokePath + 5FF 981570F4 5 Bytes JMP A134FA20
.text win32k.sys!EngAlphaBlend + 8893 9816E3C0 5 Bytes JMP A134F3E0
.text win32k.sys!EngAlphaBlend + 9B1D 9816F64A 5 Bytes JMP A134F480
.text win32k.sys!STROBJ_vEnumStart + 4728 98186DA9 5 Bytes JMP A134FAC0
.text win32k.sys!CLIPOBJ_bEnum + 24A 981AABC4 5 Bytes JMP A134F840
.text win32k.sys!EngLineTo + A0F 981CCC07 5 Bytes JMP A134F7A0
.text win32k.sys!EngLineTo + DCF7 981D9EEF 5 Bytes JMP A134FB60

da oben ist GMER hat beim zweiten mal geklappt werde jetzt die anderen punkte abarbeiten

cosinus · 07.03.2012, 15:05

Und die Logs beim nächsten Mal in CODE-Tags posten!

Durango · 07.03.2012, 16:15

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.07.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Chef :: ***-PC-HOME [Administrator]

07.03.2012 14:53:47
mbam-log-2012-03-07 (14-53-47).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 408867
Laufzeit: 1 Stunde(n), 14 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.27.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Chef :: ***-PC-HOME [Administrator]

27.02.2012 16:32:36
mbam-log-2012-02-27 (16-32-36).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 405451
Laufzeit: 1 Stunde(n), 13 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7982

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

19.10.2011 19:32:20
mbam-log-2011-10-19 (19-32-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 354832
Laufzeit: 1 Stunde(n), 1 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Mal ne Frage warum steht in dem log administrator obwohl ich mit einem eingeschränkten benutzerkonto arbeite?
Oder ist es weil ich den scan als admin gemacht habe?
eset läuft
Aber es gab ein probleme da stand windows defender ist eingeschaltet obwohl er deaktiviert war/ist.
Das war auch ein Problem von mir denn der ließ sich nicht einschalten.

Durango · 07.03.2012, 18:23

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d98380436d6c09428952f5dc30247434
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-07 05:08:05
# local_time=2012-03-07 06:08:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 81778 168666933 0 0
# compatibility_mode=8192 67108863 100 0 4226 4226 0 0
# scanned=181585
# found=0
# cleaned=0
# scan_time=5880

Das mit dem Text über Ausführen hat nicht geklappt, habe es daher von Hand gesucht.Ich hoffe das macht nichts.
Und wie siehts momentan aus?
Falls es relevant wäre sind die letzten mir in Erinnerung gebliebenen Viren auf meinem Pc Smitfraud -c und Trojan Spyeyes .Dies war aber vor einem halben Jahr ca.

Laut Hijackfree habe ich Rogue Software und einen Trojaner , welche sich als Windows Defender ausgeben.
Aber du hast ja schon gesagt das Programm arbeitet nur oberflächlich.

cosinus · 07.03.2012, 22:35

Alles unauffällig
Nimm mal nicht alles ernst was in sog. "Hijackthis/HIjackFree" Logs so drinsteht
Was genau ist an Problemen offen? Warum genau hast du Logs erstellt?

Zitat:

Laut Hijackfree habe ich Rogue Software und einen Trojaner , welche sich als Windows Defender ausgeben.

Und wieso muss ich erraten welchen Eintrag du da meinst?

Durango · 08.03.2012, 07:03

Also der Windows Defender lässt sich nicht aktivieren.
Wenn ich Dateien suche oder ein Antivirenprogramm oder ähnliches öffne geht die cpu Auslastung auf 100%.
Un ich wurde letztens auf eine Filehosting Seite umgeleitet.
Und die Prozesse wechseln andauernd. Mal sind beim Systemstart 50 mal 44.
Die Auswetung von Hijackfree poste ich heute Nachmittag

cosinus · 08.03.2012, 10:42

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Durango · 08.03.2012, 16:35

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 08.03.2012 16:02:58 - Run 1
OTL by OldTimer - Version 3.2.36.1     Folder = C:\Users\***\Downloads\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,25 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 56,66% Memory free
4,71 Gb Paging File | 3,76 Gb Available in Paging File | 79,80% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,27 Gb Total Space | 211,35 Gb Free Space | 74,88% Space Free | Partition Type: NTFS
Drive D: | 15,81 Gb Total Space | 5,33 Gb Free Space | 33,74% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC-HOME | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.08 16:00:46 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\Desktop\OTL.exe
PRC - [2012.02.06 13:24:20 | 000,451,856 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieCtrl.exe
PRC - [2012.02.06 13:24:18 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security 

Client\msseces.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security 

Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security 

Client\Antimalware\MsMpEng.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media 

Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media 

Player\wmpnscfg.exe
PRC - [2006.11.02 13:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.12.12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program 

Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.06 13:24:18 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program 

Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.01.22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- C:\Program Files\Emsisoft 

Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011.07.29 10:30:30 | 000,994,360 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe 

-- (Secunia PSI Agent)
SRV - [2011.07.29 10:30:28 | 000,399,416 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe 

-- (Secunia Update Agent)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program 

Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft 

Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.02.10 17:01:49 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- 

(IJPLMSVC)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows 

Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- 

(ProtexisLicensing)
SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [Disabled | Stopped] -- C:\Programme\Common Files\X10

\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] --  -- (MpKsl27788c8f)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (EagleXNt)
DRV - [2012.02.06 13:24:16 | 000,133,392 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- 

C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011.11.02 10:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- 

C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011.05.19 13:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- 

C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- 

C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- 

C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32

\drivers\psi_mf.sys -- (PSI)
DRV - [2010.08.12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- 

C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010.08.12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- 

C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- 

C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.04.11 06:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- 

C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2008.09.29 21:29:00 | 007,593,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- 

C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.09.25 08:28:06 | 001,332,576 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- 

C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2008.09.05 12:20:20 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- 

C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.08.25 02:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- 

C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.08.18 17:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32

\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008.01.21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- 

C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007.07.31 10:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- 

C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.02.07 16:57:20 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\system32

\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2006.11.30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- 

C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 09:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- 

C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}

&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 

hxxp://www.aldi.com/
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

hxxp://www.google.de/
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID 

value found
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-

B5405DE63B64} /f >Nul 2>Nul = 
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\..\SearchScopes\{021186AE-E959-4792-BA57-92875F35CD63}: "URL" = 

hxxp://suche.t-online.de/cgi-bin/swl?br=ie7&q={searchTerms}
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\..\SearchScopes\{4964498B-0F3A-49AC-813F-EBD0755CF702}: "URL" = 

hxxp://suche.lycos.de/cgi-bin/pursuit?query={searchTerms}
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = 

hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe=

{outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\..\SearchScopes\{9341FA50-1FB8-4D53-B22D-C41D1C607EB0}: "URL" = 

hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}

&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=9cc45af8-0108-46c1-8bdf-ce96f295e433&apn_sauid=CCFED42C-A2F0-

433F-8766-9813CB77E75F
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\..\SearchScopes\{9AFF167F-708D-429D-9A9C-E7BB4A91CA01}: "URL" = 

hxxp://suche.t-online.de/cgi-bin/swl?br=ie7&q={searchTerms}
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\..\SearchScopes\{AD01FD83-36F1-4E1E-869F-17063F2DD47A}: "URL" = 

hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\..\SearchScopes\{B034B203-E14A-40AA-AD2F-6A8F2A61AB4E}: "URL" = 

hxxp://de.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\..\SearchScopes\{D1A7FCFE-5F16-4535-83AA-44CE6725DF25}: "URL" = 

hxxp://de.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\..\SearchScopes\{EEFB3302-44E5-45B4-93F7-429391EA3FB7}: "URL" = 

hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: 

"ProxyEnable" = 0
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: 

"ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 

hxxp://www.aldi.com/
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

hxxp://de.ask.com/?l=dis&o=1586&gct=hp
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID 

value found
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1001\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-

B5405DE63B64} /f >Nul 2>Nul = 
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = 

hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe=

{outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1001\..\SearchScopes\{9341FA50-1FB8-4D53-B22D-C41D1C607EB0}: "URL" = 

hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}

&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=9cc45af8-0108-46c1-8bdf-ce96f295e433&apn_sauid=CCFED42C-A2F0-

433F-8766-9813CB77E75F
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1001\..\SearchScopes\{9AFF167F-708D-429D-9A9C-E7BB4A91CA01}: "URL" = 

hxxp://suche.t-online.de/cgi-bin/swl?br=ie7&q={searchTerms}
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1001\..\SearchScopes\{AD01FD83-36F1-4E1E-869F-17063F2DD47A}: "URL" = 

hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1001\..\SearchScopes\{D1A7FCFE-5F16-4535-83AA-44CE6725DF25}: "URL" = 

hxxp://de.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: 

"ProxyEnable" = 0
IE - HKU\S-1-5-21-2913689183-3215750361-1296766834-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: 

"ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.0.1.20090924050608
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, 

Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, 

Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0

\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows 

Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99

\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99

\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla 

Firefox\components [2012.02.23 16:18:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins 

[2012.01.24 15:23:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program 

Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program 

Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
 
[2009.12.27 11:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.02.25 15:04:41 | 000,000,000 | ---D | M] (No name found) -- 

C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\t7crmq12.default\extensions
[2011.05.17 12:12:44 | 000,002,333 | ---- | M] () -- 

C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\t7crmq12.default\searchplugins\askcom.xml
[2012.03.03 18:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.03 18:49:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000

-0031-ABCDEFFEDCBA}
[2012.02.23 16:18:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla 

firefox\components\browsercomps.dll
[2012.03.03 18:49:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla 

firefox\plugins\npdeployJava1.dll
[2012.02.23 16:17:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.23 16:17:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.23 16:17:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.23 16:17:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.23 16:17:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.23 16:17:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.02 19:28:58 | 000,441,607 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15181 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun 

Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft 

shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-

009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-

4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2913689183-3215750361-1296766834-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-

4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe 

(SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe 

(Microsoft Corporation)
O7 - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 

LogonHoursAction = 2
O7 - HKU\S-1-5-21-2913689183-3215750361-1296766834-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 

DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2913689183-3215750361-1296766834-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 

NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2913689183-3215750361-1296766834-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 

LogonHoursAction = 2
O7 - HKU\S-1-5-21-2913689183-3215750361-1296766834-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 

DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft 

Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - 

hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-

25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows 

Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - 

C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12

\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft 

Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11

\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java 

Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java 

Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java 

Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java 

Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F601577A-DCC5-4A71-819A-37B3068B271B}: DhcpNameServer = 

192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows 

Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole 

DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole 

DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft 

shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft 

shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows 

Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web 

Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web 

Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll 

(Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll 

(Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11

\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{0d9abf38-d0c9-11dd-8286-002220032172}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O33 - MountPoints2\{46dffdd1-c1c9-11df-a778-002220032172}\Shell\AutoRun\command - "" = F:\bootcd\wintools\autorun.exe
O33 - MountPoints2\{46dffdf5-c1c9-11df-a778-002220032172}\Shell\AutoRun\command - "" = F:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk - 

C:\Programme\Secunia\PSI\psi_tray.exe - (Secunia)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe 

Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0

\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application 

Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: avgnt - hkey= - key= -  File not found
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Programme\Canon\Canon IJ Network Scan 

Utility\CNMNSUT.exe (CANON INC.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe 

(Sun Microsystems, Inc.)
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe 

(CyberLink Corp.)
MsConfig - StartUpReg: UpdatePDRShortCut - hkey= - key= - C:\Program 

Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdatePPShortCut - hkey= - key= - C:\Program 

Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%

\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32

\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.07 16:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.06 15:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.03.06 15:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.03.06 15:26:57 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012.03.06 14:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012.03.06 14:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012.02.26 16:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.02.26 16:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.02.26 16:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.02.25 16:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.02.25 16:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.02.25 15:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.02.25 15:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.02.25 14:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.02.18 21:33:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Origin
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.08 16:05:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-

EB211B637804}.job
[2012.03.08 15:58:37 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.08 15:58:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-

A289-439d-8115-601632D005A0
[2012.03.08 15:58:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-

A289-439d-8115-601632D005A0
[2012.03.08 15:58:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.08 15:58:12 | 2414,145,536 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.07 18:52:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.07 18:44:59 | 000,070,673 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.03.07 13:41:56 | 000,001,976 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.03.07 13:36:18 | 000,000,000 | ---- | M] () -- C:\Users\Chef\defogger_reenable
[2012.03.06 19:44:06 | 000,000,108 | ---- | M] () -- C:\index.ini
[2012.03.06 15:57:13 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.03.02 19:28:58 | 000,441,607 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.03.01 17:02:50 | 000,277,245 | ---- | M] () -- C:\Users\***\AppData\Local\census.cache
[2012.03.01 17:02:17 | 000,233,252 | ---- | M] () -- C:\Users\***\AppData\Local\ars.cache
[2012.03.01 16:44:53 | 000,000,036 | ---- | M] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2012.02.27 16:26:12 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.25 13:57:09 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.25 13:57:09 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.25 13:57:09 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.25 13:57:09 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.15 15:50:38 | 000,362,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\Chef\*.tmp files -> C:\Users\Chef\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.07 13:36:18 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.03.06 16:00:40 | 000,000,108 | ---- | C] () -- C:\index.ini
[2012.03.06 15:57:13 | 000,000,892 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.03.06 14:26:28 | 000,001,976 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.03.01 17:02:50 | 000,277,245 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache
[2012.03.01 17:02:17 | 000,233,252 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache
[2012.03.01 16:44:53 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2012.02.25 15:23:52 | 000,000,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2010.09.16 20:39:28 | 000,006,144 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2011.11.24 19:59:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.02.25 15:04:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.05 18:14:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.02.25 15:10:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.02.25 15:09:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2009.02.01 09:07:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Phase6
[2008.12.23 13:23:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2008.12.23 09:43:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2009.12.27 11:38:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.11.25 17:03:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VSRevoGroup
[2010.11.27 18:37:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2008.12.23 13:21:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2008.12.22 22:40:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2009.03.07 11:18:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2012.02.18 12:14:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.02.18 18:49:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2012.03.07 19:21:14 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.08 16:05:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-

EB211B637804}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.09.14 20:39:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2012.02.26 16:09:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2008.12.23 09:25:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Corel
[2008.12.23 09:28:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink
[2011.11.24 19:59:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.02.25 15:04:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.12.22 22:44:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2008.12.23 11:07:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2011.03.23 17:39:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield Installation Information
[2008.12.23 00:15:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.09.09 23:40:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2010.09.14 19:23:45 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2009.12.27 11:02:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2008.12.23 00:00:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero
[2012.01.05 18:14:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.02.25 15:10:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.02.25 15:09:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2009.02.01 09:07:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Phase6
[2009.02.01 09:06:03 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM
[2008.12.23 13:23:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2008.12.23 09:43:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2009.12.27 11:38:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.11.25 17:03:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VSRevoGroup
 
< %APPDATA%\*.exe /s >
[2009.11.29 18:41:28 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-

8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- 

C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- 

C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- 

C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- 

C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- 

C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.05.10 04:22:58 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=961859CA0A8D18B4242EF222092D337D -- 

C:\Windows\System32\DriverStore\FileRepository\machine.inf_31486222\AGP440.sys
[2008.05.10 04:22:58 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=961859CA0A8D18B4242EF222092D337D -- 

C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22176_none_ba56dc4ed801d4e5\AGP440.sys
[2008.05.10 04:14:24 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=EB0082AE6173905ADBDB2D19AEEA976A -- 

C:\Windows\System32\DriverStore\FileRepository\machine.inf_7997c13a\AGP440.sys
[2008.05.10 04:14:24 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=EB0082AE6173905ADBDB2D19AEEA976A -- 

C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20832_none_b897de16dabe6bfb\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- 

C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.08.13 12:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- 

C:\Windows\System32\drivers\atapi.sys
[2008.08.13 12:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- 

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.08.13 12:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- 

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- 

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- 

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.08.13 12:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- 

C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- 

C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program 

Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- 

C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- 

C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- 

C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- 

C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- 

C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- 

C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- 

C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- 

C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- 

C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- 

C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- 

C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2008.08.18 17:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- 

C:\Windows\System32\drivers\nvstor32.sys
[2008.08.18 17:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- 

C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_de3b0723\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- 

C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12

\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- 

C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- 

C:\Windows\winsxs\x86_microsoft-windows-

s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- 

C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32

\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- 

C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- 

C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- 

C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- 

C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- 

C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' 

Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- 

C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- 

C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- 

C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- 

C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- 

C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641

\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32

\drivers\MpNWMon.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.09.10 15:30:06 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32

\dxtmsft.dll
[2011.09.10 15:30:06 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32

\dxtrans.dll
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

--- --- ---

Durango · 08.03.2012, 16:38

Code:

ATTFilter

 OTL Extras logfile created on: 08.03.2012 16:02:58 - Run 1
OTL by OldTimer - Version 3.2.36.1     Folder = C:\Users\***\Downloads\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,25 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 56,66% Memory free
4,71 Gb Paging File | 3,76 Gb Available in Paging File | 79,80% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,27 Gb Total Space | 211,35 Gb Free Space | 74,88% Space Free | Partition Type: NTFS
Drive D: | 15,81 Gb Total Space | 5,33 Gb Free Space | 33,74% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC-HOME | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2913689183-3215750361-1296766834-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AC187F4-DF9A-4799-B86E-BDC9246D84CD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{265D4343-89A2-4102-B7E6-1E2B6CBA98D6}" = lport=12346 | protocol=6 | dir=in | app=c:\program files\devolo\easyshare\easyshare.exe | 
"{2833968D-E79C-4459-9C04-D07E39D14993}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3293B81D-B000-462C-9B67-841E0D99298A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F8AD2DA-10A7-4B12-A20E-3B5F5F70F244}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{409EF558-0A03-4E01-8FD5-949E0D0A4F48}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6B2A9889-AFCA-42D2-A8FB-65DE40CD2861}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6E71330D-46B2-4505-AF00-ACF0A247502B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{78B3CCAF-D060-42AE-9173-755AAB1AE14D}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"{848BB4FD-C5CE-4376-AD89-E1A500EAE03E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{859982A9-A06E-421D-A3AE-6579E5F2FECF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{97A3D9FC-7076-4925-A9BD-E3488842CBCB}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"{A19CBF16-799D-4F70-ACA9-F4C2A355E23D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B486C5C0-0E2A-4738-A8C1-A475B03D5EB7}" = lport=12345 | protocol=17 | dir=in | app=c:\program files\devolo\easyshare\easyshare.exe | 
"{FDE23D62-AC8F-4F75-AF1B-FED95281C63D}" = lport=19375 | protocol=17 | dir=in | app=c:\program files\devolo\dlanwlancfg\dlanwlancfg.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{183838B8-0261-45E2-8C5B-2DFBDFE19011}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{198F0265-A4B7-4A16-B9EE-E551D233E850}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{32291A54-22C9-452B-8436-831618D993E3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3E6E8000-951C-44CA-A821-EAAB39F87B0E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{489A6FFF-4B07-4A34-910F-B4C3B2702D42}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{4B9931F7-F7C2-4048-9899-69ABE967A045}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{53FD7E44-28FC-4EEB-BDED-A4415FB8F338}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5CEA5F1F-09C7-4435-9274-7B40949F3C90}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{6D559B95-F9BF-4B4D-917A-DABB51CF21E1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{71B01916-0182-4506-8DA9-56221B6B9899}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{74DD8E62-F7AE-426A-8625-8D1304856242}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{858DCDBF-2E5E-429A-BC54-338D901306BA}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{85E5A319-667E-455C-BFF0-401C49F264E9}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{A35ED15C-97DD-471F-A84C-18CC5750B0B9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F308EA8C-7587-4FAA-9144-29A0EDC7AA59}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{065D1149-BAED-45BE-BE93-C0A6AA7F0660}C:\users\chef\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\chef\temp\teamviewer\version4\teamviewer.exe | 
"TCP Query User{1A59BB4D-BB4E-40BF-AD93-CB46F5FCA652}C:\users\tim\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\tim\temp\teamviewer\version4\teamviewer.exe | 
"TCP Query User{9D601813-806A-46AC-BA41-18E7C9A5E559}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{B643D96D-31F1-42F3-AA55-B54A4F5C1F73}C:\users\tim\appdata\local\programs\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\tim\appdata\local\programs\opera\opera.exe | 
"TCP Query User{C5D7BF1D-0CDA-4FA2-9BFD-0C2FFB1EFD17}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{FAC47965-8B87-4C4F-9E41-5E485F73CF03}C:\program files\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe | 
"UDP Query User{0B36A3D9-E468-4DC5-A700-A8E016BA4A23}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{50331ABD-C51F-421F-884E-52A2AF44F62E}C:\users\tim\appdata\local\programs\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\tim\appdata\local\programs\opera\opera.exe | 
"UDP Query User{7731FA27-2EDE-4B2C-B89D-B5E2209C27F7}C:\users\tim\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\tim\temp\teamviewer\version4\teamviewer.exe | 
"UDP Query User{97B87606-B0E3-4ABD-98D7-22775A5B8FD0}C:\users\chef\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\chef\temp\teamviewer\version4\teamviewer.exe | 
"UDP Query User{99D14861-6799-4E46-ADBE-C72E3576F515}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{A4A428ED-EAD0-4857-B22D-F412CDCD9980}C:\program files\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8410B358-107A-4FB7-AB2B-6FD952F15A8F}" = Nero 8 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dlanwlancfg" = devolo dLAN Wireless extender Konfiguration
"dslmon" = devolo Informer
"easyshare" = devolo EasyShare
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIA Drivers" = NVIDIA Drivers
"Revo Uninstaller" = Revo Uninstaller 1.93
"Sandboxie" = Sandboxie 3.64 (32-bit)
"Secunia PSI" = Secunia PSI (2.0.0.4002)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)

Habe noch eine Frage:
Was bedeuten diese Hosts ?
Soweit ich das bis jetzt sehe haben fast alle die gleichen.
Ansonsten schonmal danke für die bisherige Hilfe.

07.03.2012, 01:05	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	HiJackFree findet einige suspekte Einträge Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html __________________ __________________

07.03.2012, 15:05	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	HiJackFree findet einige suspekte Einträge Und die Logs beim nächsten Mal in CODE-Tags posten! __________________ Logfiles bitte immer in CODE-Tags posten

HiJackFree findet einige suspekte Einträge

Log-Analyse und Auswertung: HiJackFree findet einige suspekte Einträge