GVU-Trojaner mit Wasseraufnahme, Windows Vista x32

raggaman9 · 18.08.2012, 17:48

Liebe Freunde,

Seit vorhin hat die "Gesellschaft zur Verfolgung von Urheberrechtsverletzungen" meinen Rechner als Geisel genommen und hätte gerne 100€ von mir.

Zur Zeit benutze ich den Rechner aus dem abgesicherten Modus mit Netzwerktreibern, in diesem Modus sind auch die Logs erstellt.

Die Entfernung mit einer Kaspersky-Recue-CD [hxxp://www.chip.de/news/GVU-Trojaner-Webcam-Erpresser-entfernen_54761623.html] wurde bereits erfolglos versucht.

Hier das OTL-Log:

Code:

ATTFilter

OTL logfile created on: 18.08.2012 18:01:10 - Run 1
OTL by OldTimer - Version 3.2.58.0     Folder = C:\Users\praxis\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 77,95% Memory free
6,22 Gb Paging File | 5,78 Gb Available in Paging File | 92,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,31 Gb Total Space | 49,17 Gb Free Space | 26,39% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 35,68 Gb Free Space | 14,48% Space Free | Partition Type: NTFS
 
Computer Name: PRAXIS-PC | User Name: praxis | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.18 17:57:51 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\praxis\Desktop\OTL.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.10.03 16:42:26 | 000,094,208 | ---- | M] () -- d:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2006.09.14 09:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR 3.61 Multi\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.16 19:47:42 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.23 19:32:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.17 10:50:27 | 000,224,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc)
SRV - [2011.11.18 15:51:12 | 003,673,944 | ---- | M] () [Auto | Stopped] -- D:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2011.11.07 21:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011.11.07 21:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011.01.28 06:03:32 | 000,270,176 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010.12.22 21:58:10 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Stopped] -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2009.09.18 18:48:28 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008.11.28 16:50:22 | 002,195,720 | ---- | M] () [Auto | Stopped] -- D:\Tobit ClipInc\Server\ClipInc-Server.exe -- (ClipInc001)
SRV - [2008.08.27 02:52:14 | 000,159,744 | ---- | M] () [Auto | Stopped] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.03.18 06:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.29 02:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007.03.06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007.02.22 16:26:20 | 000,086,016 | ---- | M] (Contour Design, Inc.) [Auto | Stopped] -- C:\Program Files\Contour Shuttle\ShuttleEngine.exe -- (ShuttleEngine)
SRV - [2007.02.10 15:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- d:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.12.17 10:50:32 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011.12.17 10:50:32 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2011.12.17 10:50:32 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011.12.17 10:50:31 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011.12.17 10:50:31 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011.12.17 10:50:31 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011.12.17 10:50:31 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011.12.17 10:50:31 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2010.10.10 19:04:38 | 000,244,224 | ---- | M] (10Moons Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TridVid6010.sys -- (TridVid)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.04.09 13:38:30 | 000,110,592 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.04.09 13:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.04.09 13:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.09 13:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.09 13:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.09 13:38:30 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.09.24 06:26:00 | 007,585,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.06.30 13:56:12 | 000,917,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.06.09 10:45:08 | 001,748,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.05.02 07:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.04.28 19:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.04.28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.04.02 09:38:12 | 000,046,744 | ---- | M] (Aventail Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\odptdi.sys -- (Odptdi)
DRV - [2008.03.21 06:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.16 01:01:06 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.02.01 01:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.01.23 06:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007.11.29 19:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.10.19 00:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.10.02 21:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2006.10.11 05:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.07.20 09:49:22 | 000,330,276 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2005.01.07 15:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2002.12.17 05:41:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msi.com.tw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BCAB16CB-47FC-4A4F-8DB6-953BD60FB526}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=616163&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=7d6d94d0-e71d-4a71-9969-c08ef18e3238&apn_ptnrs=%5EABT&apn_sauid=1218EB80-1D53-4471-A6E6-782AD94FDB4B&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: d:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2240: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2298: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1348: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: d:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2011.12.17 10:50:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.23 19:32:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.25 23:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.05 19:06:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.02.22 17:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.23 19:32:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.25 23:34:49 | 000,000,000 | ---D | M]
 
[2010.11.25 19:03:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\praxis\AppData\Roaming\mozilla\Extensions
[2010.11.25 19:03:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\praxis\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.03 19:08:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\praxis\AppData\Roaming\mozilla\Firefox\Profiles\9sbucs7w.default\extensions
[2010.07.05 22:27:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\praxis\AppData\Roaming\mozilla\Firefox\Profiles\9sbucs7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.11 16:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.09.15 17:50:52 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
[2012.07.23 19:32:12 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.03 10:07:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.03 10:07:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.03 10:07:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.03 10:07:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.03 10:07:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.03 10:07:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_14)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.30.3.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EBD1AA0-84BA-4C3B-BED2-373E3146582C}: NameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B9AA9B7-D294-4060-8213-0C4646EC863A}: DhcpNameServer = 172.30.3.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5ED8BBA-07CC-41FA-B14D-59D8ABA2A073}: DhcpNameServer = 10.129.32.1 10.111.81.129
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0e1f557d-2d50-11df-9cff-8233fcbc3fc8}\Shell - "" = AutoRun
O33 - MountPoints2\{0e1f557d-2d50-11df-9cff-8233fcbc3fc8}\Shell\AutoRun\command - "" = E:\DPFMate.exe
O33 - MountPoints2\{22927ac6-b8c1-11df-997f-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{22927ac6-b8c1-11df-997f-00a0c6000000}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a253200-44dc-11e1-8897-0024216adda2}\Shell - "" = AutoRun
O33 - MountPoints2\{9a253200-44dc-11e1-8897-0024216adda2}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cecac345-32d9-11e1-9d8e-0024216adda2}\Shell - "" = AutoRun
O33 - MountPoints2\{cecac345-32d9-11e1-9d8e-0024216adda2}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dda03041-6295-11df-ad6b-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{dda03041-6295-11df-ad6b-00a0c6000000}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{dede626b-2f15-11e1-9418-0024216adda2}\Shell - "" = AutoRun
O33 - MountPoints2\{dede626b-2f15-11e1-9418-0024216adda2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e8a64a6e-2889-11e1-8b37-0024216adda2}\Shell - "" = AutoRun
O33 - MountPoints2\{e8a64a6e-2889-11e1-8b37-0024216adda2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e8a64a7e-2889-11e1-8b37-0024216adda2}\Shell - "" = AutoRun
O33 - MountPoints2\{e8a64a7e-2889-11e1-8b37-0024216adda2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{eab3c27e-e88c-11e1-ae96-0024216adda2}\Shell - "" = AutoRun
O33 - MountPoints2\{eab3c27e-e88c-11e1-ae96-0024216adda2}\Shell\AutoRun\command - "" = E:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.18 17:58:19 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Users\praxis\Desktop\OTL.exe
[2012.08.18 17:37:54 | 000,000,000 | ---D | C] -- C:\Users\praxis\AppData\Roaming\Malwarebytes
[2012.08.18 17:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.18 17:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.18 17:36:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[8 C:\Users\praxis\Documents\*.tmp files -> C:\Users\praxis\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.18 17:57:51 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\praxis\Desktop\OTL.exe
[2012.08.18 17:56:10 | 000,000,000 | ---- | M] () -- C:\Users\praxis\defogger_reenable
[2012.08.18 17:42:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.18 17:40:31 | 000,070,118 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.08.18 17:40:31 | 000,070,118 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.08.18 17:40:29 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.18 17:34:45 | 001,311,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.18 17:34:44 | 002,809,472 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.18 17:34:44 | 000,845,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.18 17:34:44 | 000,763,906 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.18 17:28:18 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.18 17:28:18 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.18 16:12:11 | 000,001,742 | ---- | M] () -- C:\Users\praxis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.18 16:03:23 | 000,185,856 | ---- | M] () -- C:\Users\praxis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.18 15:46:59 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.16 03:23:55 | 000,425,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[8 C:\Users\praxis\Documents\*.tmp files -> C:\Users\praxis\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.18 17:56:10 | 000,000,000 | ---- | C] () -- C:\Users\praxis\defogger_reenable
[2012.08.18 16:12:11 | 000,001,742 | ---- | C] () -- C:\Users\praxis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.18 16:12:10 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.07.15 00:20:41 | 002,627,049 | ---- | C] () -- C:\Users\praxis\Kapselvorbereitung.jpg
[2012.04.14 07:38:44 | 000,081,920 | -HS- | C] () -- C:\Users\praxis\ehthumbs_vista.db
[2011.09.10 15:53:30 | 000,050,055 | ---- | C] () -- C:\Users\praxis\Stundenabrechnungsbogen.eml
[2011.09.10 15:53:30 | 000,000,708 | ---- | C] () -- C:\Users\praxis\Teil 1.2
[2011.08.26 12:04:02 | 000,004,096 | -H-- | C] () -- C:\Users\praxis\AppData\Local\keyfile3.drm
[2011.08.19 01:03:33 | 000,043,095 | ---- | C] () -- C:\Users\praxis\IMGP8619.jpeg
[2011.08.19 01:03:33 | 000,001,431 | ---- | C] () -- C:\Users\praxis\Teil 1.3
[2011.01.04 17:39:29 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VendorCmdRW.dll
[2010.12.18 17:45:57 | 000,197,120 | ---- | C] () -- C:\Windows\System32\lame.exe
[2010.05.18 19:59:10 | 000,001,794 | ---- | C] () -- C:\Users\praxis\AppData\Roaming\SAS7_000.DAT
[2010.01.18 21:45:19 | 000,000,552 | ---- | C] () -- C:\Users\praxis\AppData\Local\d3d8caps.dat
[2009.10.15 19:17:10 | 000,130,520 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.09.30 10:56:50 | 000,001,356 | ---- | C] () -- C:\Users\praxis\AppData\Local\d3d9caps.dat
[2009.09.15 17:03:42 | 000,185,856 | ---- | C] () -- C:\Users\praxis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.22 23:16:37 | 000,070,118 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.12.22 23:10:52 | 000,070,118 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== LOP Check ==========
 
[2009.11.01 13:36:00 | 000,000,000 | ---D | M] -- C:\Users\praxis\AppData\Roaming\Amazon
[2009.09.23 15:23:45 | 000,000,000 | ---D | M] -- C:\Users\praxis\AppData\Roaming\Aventail
[2010.03.26 17:47:58 | 000,000,000 | ---D | M] -- C:\Users\praxis\AppData\Roaming\CD-LabelPrint
[2012.07.02 14:28:11 | 000,000,000 | ---D | M] -- C:\Users\praxis\AppData\Roaming\concept design
[2009.11.25 04:17:53 | 000,000,000 | ---D | M] -- C:\Users\praxis\AppData\Roaming\FileZilla
[2009.12.26 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\praxis\AppData\Roaming\Given Imaging
[2010.12.04 12:47:10 | 000,000,000 | ---D | M] -- C:\Users\praxis\AppData\Roaming\IrfanView
[2010.05.18 19:34:35 | 000,000,000 | ---D | M] -- C:\Users\praxis\AppData\Roaming\Nuance
[2009.09.15 21:11:30 | 000,000,000 | ---D | M] -- C:\Users\praxis\AppData\Roaming\OpenOffice.org
[2011.05.21 14:48:29 | 000,000,000 | ---D | M] -- C:\Users\praxis\AppData\Roaming\phonostar GmbH
[2010.12.22 22:00:52 | 000,000,000 | ---D | M] -- C:\Users\praxis\AppData\Roaming\ProtectDisc
[2009.09.14 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\praxis\AppData\Roaming\Protector Suite
[2011.12.17 10:51:05 | 000,000,000 | ---D | M] -- C:\Users\praxis\AppData\Roaming\T-Mobile
[2010.11.25 19:02:59 | 000,000,000 | ---D | M] -- C:\Users\praxis\AppData\Roaming\Thunderbird
[2010.02.08 22:13:22 | 000,000,000 | ---D | M] -- C:\Users\praxis\AppData\Roaming\Tobit
[2010.03.29 22:09:47 | 000,000,000 | ---D | M] -- C:\Users\praxis\AppData\Roaming\Ulead Systems
[2010.05.18 18:00:56 | 000,000,000 | ---D | M] -- C:\Users\praxis\AppData\Roaming\Vodafone
[2012.08.17 15:50:44 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 929 bytes -> C:\Users\praxis\Stundenabrechnungsbogen.eml:OECustomProperty
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:F35A93AD

< End of report >

Die beiden anderen als Anhang einzufügen hat leider nicht geklappt, da das Anhänge-Fenster sich immer aufgehängt hat.. sry dafür.

Hier die Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 18.08.2012 18:01:10 - Run 1
OTL by OldTimer - Version 3.2.58.0     Folder = C:\Users\praxis\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 77,95% Memory free
6,22 Gb Paging File | 5,78 Gb Available in Paging File | 92,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,31 Gb Total Space | 49,17 Gb Free Space | 26,39% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 35,68 Gb Free Space | 14,48% Space Free | Partition Type: NTFS
 
Computer Name: PRAXIS-PC | User Name: praxis | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26766BA4-1596-4F72-BED5-CAADBCC99906}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2B83E2E4-0519-4CD3-B22A-81A6BC64C5D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{69D5CD6A-6568-4044-B07A-7D6985A749A2}" = lport=22002 | protocol=6 | dir=in | name=mobile | 
"{720829BC-3676-48E0-A0D8-D8429E588136}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8814178B-118D-452C-909A-D23BB506A31C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8EFC0F5A-1616-48FD-AE32-4B40F3995F87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BCBC24DC-8264-455F-9F5F-662F801232DB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E0438815-849F-4D4F-B2BE-15497888DDCB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E2F0378E-AC23-43BD-9E25-ABF9D319AFD9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0984F747-5EA2-4980-B30F-DE2D8B919AC2}" = protocol=6 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe | 
"{2D72CC00-6EEC-45F9-95C0-E550DA83AB0F}" = protocol=17 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe | 
"{30F77730-C8EF-4945-9DB6-8643B56E96FD}" = protocol=6 | dir=in | app=d:\tobit clipinc\player\radiorecorder.exe | 
"{36744B0F-B8C5-42FE-BC7B-8E7B9A960BCB}" = protocol=17 | dir=in | app=h:\mobilepraxis.exe | 
"{5CBCC03E-D249-4D8B-B255-6F64C89466B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{761314C9-292C-4D94-AD6E-610575999FBB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7848032C-A54F-4CE4-B025-FC0BB7BACA13}" = protocol=17 | dir=in | app=d:\tobit clipinc\server\clipinc-server.exe | 
"{9CCD0D22-6EF9-490A-B6AD-97EE43DF9FB8}" = protocol=6 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe | 
"{C77A233D-D35E-4430-959B-08D6BE183E60}" = protocol=6 | dir=in | app=d:\tobit clipinc\player\clipinc-player.exe | 
"{D41D428D-AF7A-497B-8BBD-8AEE2C7C6A21}" = dir=in | app=d:\program files\homecinema\powerdirector\pdr8.exe | 
"{DA0DE36B-B29B-4AFE-A976-E0759C21D9C0}" = protocol=6 | dir=in | app=d:\tobit clipinc\server\clipinc-server.exe | 
"{E7CE49D2-BB25-480D-AB77-1C74E3ACCCF6}" = protocol=17 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe | 
"{EB4EA58C-F202-4FE6-AB66-122F6F9A98FE}" = protocol=17 | dir=in | app=d:\tobit clipinc\player\clipinc-player.exe | 
"{F3AF3256-8C66-45B7-BED1-5BB1928B6060}" = protocol=17 | dir=in | app=d:\tobit clipinc\player\radiorecorder.exe | 
"{FAECAE93-BAF3-4529-BA57-8E7ABB8ED915}" = protocol=6 | dir=in | app=h:\mobilepraxis.exe | 
"{FD9BCD5F-946E-45E7-B295-E726F6701A31}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{3568C63F-180A-4492-A5F6-B0B6C5F86545}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{3BCC4E64-5722-47F7-B787-ABB48E287DB8}D:\program files\dradio-recorder\phonostar.exe" = protocol=6 | dir=in | app=d:\program files\dradio-recorder\phonostar.exe | 
"TCP Query User{9024B393-0B69-4558-A5F9-EAA70E3F13F4}D:\program files\concept design\onlinetv 5\onlinetv.exe" = protocol=6 | dir=in | app=d:\program files\concept design\onlinetv 5\onlinetv.exe | 
"TCP Query User{C29B4040-DE48-4062-B706-3A5FC6DC6DFE}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{D2459FD8-42A5-4DBA-B388-2F7AD100E7F0}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{1934E401-ED31-4BE9-8A54-7B17DD425C4E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{2C781385-955F-467E-A1CB-5D977A94C76E}D:\program files\dradio-recorder\phonostar.exe" = protocol=17 | dir=in | app=d:\program files\dradio-recorder\phonostar.exe | 
"UDP Query User{4BD33F72-9C4A-4DEE-B73E-3A7AFEEBBF5F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{952E78B9-7387-4B8A-AF95-A2D340190AFC}D:\program files\concept design\onlinetv 5\onlinetv.exe" = protocol=17 | dir=in | app=d:\program files\concept design\onlinetv 5\onlinetv.exe | 
"UDP Query User{DC39E3A2-CDD0-42E7-AD4F-1D6524FC8D6A}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.2
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CC340A6-E2E8-4986-B4F6-300055258684}" = Aventail OnDemand Proxy Agent
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FF76A1B-13C9-4336-BBCF-B007A745B065}" = Video Grabber  Driver Setup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{5081528F-5DD5-49BA-8213-9A6A13502497}" = Sentinel System Driver 5.41.1 (32-bit)
"{51ADFD15-6B63-4F8E-8076-F4E31FFEE32A}" = Contour Shuttle
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5BF5331F-E271-4A1F-AF5D-30A93EFF2584}_is1" = concept/design onlineTV 6
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7148F0A8-6813-11D6-A77B-00B0D0142140}" = Java 2 Runtime Environment, SE v1.4.2_14
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}" = Dolby Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}" = Vodafone Mobile Connect Lite
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A68575CE-050E-4E1F-A053-58BE8D9DE7AB}" = ArcSoft MediaImpression 2
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE06076-DB3F-4936-8864-249A7B2AA662}" = Intel(R) Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel(R) Architecture
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"AudibleDownloadManager" = Audible Download Manager
"AVIcodec" = AVIcodec (remove only)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"CD-DVD Druckerei 7_is1" = DATA BECKER CD-DVD Druckerei 7
"CodedColor Toolbox_is1" = CodedColor Toolbox 1.0
"Digitale Bibliothek 4" = Digitale Bibliothek 4
"D-i-v-X - AVI Codec Pack Pro" = D-i-v-X AVI Codec Pack Pro 2.4.0
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.2
"FileZilla Client" = FileZilla Client 3.2.8
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"Internet Manager" = Internet Manager
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft NetShow Tools 2.0" = Windows Media Tools 4.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NortonPCCheckup" = Norton PC Checkup
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Tobit ClipInc Server" = WDR RadioRecorder
"Tobit Radio.fx Server 1" = WDR RadioRecorder
"Tobit Radio.fx Server 16" = hr2 RadioRecorder
"Tobit Radio.fx Server 4" = SWR RadioRecorder
"Tobit Radio.fx Server 8" = SR RadioRecorder
"VLC media player" = VLC media player 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"HyperDoc®-WEB-Global" = HyperDoc®-WEB-Global
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.08.2012 11:28:33 | Computer Name = praxis-PC | Source = MSSQL$SQLEXPRESS | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
 sqlctr.ini for this instance, and ensure that the instance login account has correct
 registry permissions.
 
Error - 18.08.2012 11:28:40 | Computer Name = praxis-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 18.08.2012 11:28:48 | Computer Name = praxis-PC | Source = MSSQL$SQLEXPRESS | ID = 9003
Description = The log scan number (73:232:1) passed to log scan in database 'msdb'
 is not valid. This error may indicate data corruption or that the log file (.ldf)
 does not match the data file (.mdf). If this error occurred during replication,
 re-create the publication. Otherwise, restore from backup if the problem results
 in a failure during startup. 
 
Error - 18.08.2012 11:28:49 | Computer Name = praxis-PC | Source = MSSQL$SQLEXPRESS | ID = 3414
Description = An error occurred during recovery, preventing the database 'msdb' 
(database ID 4) from restarting. Diagnose the recovery errors and fix them, or restore
 from a known good backup. If errors are not corrected or expected, contact Technical
 Support.
 
Error - 18.08.2012 11:28:51 | Computer Name = praxis-PC | Source = MSSQL$SQLEXPRESS | ID = 8355
Description = Server-level event notifications can not be delivered. Either Service
 Broker is disabled in msdb, or msdsb failed to start. Event notifications in other
 databases could be affected as well. Bring msdb online, or enable Service Broker.
 
 
Error - 18.08.2012 11:29:50 | Computer Name = praxis-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.08.2012 11:34:41 | Computer Name = praxis-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 18.08.2012 11:34:41 | Computer Name = praxis-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 18.08.2012 11:34:41 | Computer Name = praxis-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 18.08.2012 11:42:40 | Computer Name = praxis-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 18.08.2012 11:43:51 | Computer Name = praxis-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 18.08.2012 11:29:51 | Computer Name = praxis-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.08.2012 11:32:52 | Computer Name = praxis-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 18.08.2012 11:42:18 | Computer Name = praxis-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 18.08.2012 um 17:40:59 unerwartet heruntergefahren.
 
Error - 18.08.2012 11:42:32 | Computer Name = praxis-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 18.08.2012 11:42:40 | Computer Name = praxis-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 18.08.2012 11:42:43 | Computer Name = praxis-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 18.08.2012 11:42:45 | Computer Name = praxis-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 18.08.2012 11:43:52 | Computer Name = praxis-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 18.08.2012 11:43:52 | Computer Name = praxis-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 18.08.2012 11:44:05 | Computer Name = praxis-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >

Und hier die Gmer.txt:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-18 18:33:53
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1
Running: 2hqk1438.exe; Driver: C:\Users\praxis\AppData\Local\Temp\pxriapow.sys


---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[1212] ntdll.dll!LdrLoadDll               775F9378 5 Bytes  JMP 6B5DB52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1212] kernel32.dll!LockResource + C      76B66B0B 7 Bytes  JMP 6B88B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1212] kernel32.dll!VirtualAllocEx + 54   76B6AF70 7 Bytes  JMP 6B88B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1212] GDI32.dll!SetStretchBltMode + 256  7770745C 7 Bytes  JMP 6B88B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                               tcpipBM.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                               odptdi.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Vielen Dank für eure Hilfe, ich hoffe, das hat jetzt alles geklappt mit den Code-tags.

t'john · 19.08.2012, 18:06

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.) 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{BCAB16CB-47FC-4A4F-8DB6-953BD60FB526}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=616163&p={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "Ask.com" 
FF - prefs.js..browser.search.order.1: "Ask.com" 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163" 
FF - prefs.js..browser.search.selectedEngine: "Ask.com" 
FF - prefs.js..browser.startup.homepage: "http://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE" 
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=7d6d94d0-e71d-4a71-9969-c08ef18e3238&apn_ptnrs=%5EABT&apn_sauid=1218EB80-1D53-4471-A6E6-782AD94FDB4B&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" 
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found 
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. 
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) 
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.) 
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) 
O16 - DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_14) 
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{0e1f557d-2d50-11df-9cff-8233fcbc3fc8}\Shell - "" = AutoRun 
O33 - MountPoints2\{0e1f557d-2d50-11df-9cff-8233fcbc3fc8}\Shell\AutoRun\command - "" = E:\DPFMate.exe 
O33 - MountPoints2\{22927ac6-b8c1-11df-997f-00a0c6000000}\Shell - "" = AutoRun 
O33 - MountPoints2\{22927ac6-b8c1-11df-997f-00a0c6000000}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{9a253200-44dc-11e1-8897-0024216adda2}\Shell - "" = AutoRun 
O33 - MountPoints2\{9a253200-44dc-11e1-8897-0024216adda2}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{cecac345-32d9-11e1-9d8e-0024216adda2}\Shell - "" = AutoRun 
O33 - MountPoints2\{cecac345-32d9-11e1-9d8e-0024216adda2}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{dda03041-6295-11df-ad6b-00a0c6000000}\Shell - "" = AutoRun 
O33 - MountPoints2\{dda03041-6295-11df-ad6b-00a0c6000000}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{dede626b-2f15-11e1-9418-0024216adda2}\Shell - "" = AutoRun 
O33 - MountPoints2\{dede626b-2f15-11e1-9418-0024216adda2}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{e8a64a6e-2889-11e1-8b37-0024216adda2}\Shell - "" = AutoRun 
O33 - MountPoints2\{e8a64a6e-2889-11e1-8b37-0024216adda2}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{e8a64a7e-2889-11e1-8b37-0024216adda2}\Shell - "" = AutoRun 
O33 - MountPoints2\{e8a64a7e-2889-11e1-8b37-0024216adda2}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{eab3c27e-e88c-11e1-ae96-0024216adda2}\Shell - "" = AutoRun 
O33 - MountPoints2\{eab3c27e-e88c-11e1-ae96-0024216adda2}\Shell\AutoRun\command - "" = E:\Windows\CHECK\DriveNavigator.exe 
O33 - MountPoints2\E\Shell - "" = AutoRun 
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence 
[2012.08.18 17:40:31 | 000,070,118 | ---- | M] () -- C:\ProgramData\nvModes.dat 
[2012.08.18 17:40:31 | 000,070,118 | ---- | M] () -- C:\ProgramData\nvModes.001 
[2012.08.18 17:40:29 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad 
[2012.08.18 16:12:11 | 000,001,742 | ---- | M] () -- C:\Users\praxis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
@Alternate Data Stream - 929 bytes -> C:\Users\praxis\Stundenabrechnungsbogen.eml:OECustomProperty 
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:F35A93AD 
[2012.08.18 15:46:59 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

raggaman9 · 20.08.2012, 07:54

Vielen Dank für die schnelle Hilfe!
Muss ehrlich zugeben, dass ich das Problem mittlerweile auf wahrscheinlich unkluge, aber faule Art und Weise "gelöst" habe, daher aber umso mehr nochmal:
Danke, dass du dich damit beschäftigt hast.

t'john · 20.08.2012, 14:34

Und zwar wie?

raggaman9 · 21.08.2012, 17:03

Mit Malwarebytes eine Datei namens "ctfmon.ink" gefunden, die zwar wohl automatisch startete, aber nicht in msconfig auftauchte, das ganze gegoogelt, anschließend gelöscht.
Ist mir schon klar, dass das wahrscheinlich keine Lösung ist, soweit ich das ganze verstehe, beinhaltet der otl-code ja zusätzlich noch updates für so ziemlich alles was verantwortlich ist für den Schlamassel, das ist hier natürlich nicht drin

. War allerdings der Rechner von meinem Vater, und eine kurzfristige "Lösung" musste her.. vielen Dank für die Mühe nochmal.

t'john · 21.08.2012, 17:41

Da sind keine Updates im OTL fix.

Der Rechner wird wieder gesperrt werden.
Wenn noch Rootkits dazukommen kannst du dann Neuaufsetzen oder dir das Bankkonto leerraeumen lassen.

raggaman9 · 21.08.2012, 19:17

Ist der Fix in der Art wie du ihn vorher gepostet hast noch benutzbar oder müsste ich jetzt alles nochmal neu scannen weil mit dem Rechner in der Zwischenzeit gearbeitet wurde?

t'john · 22.08.2012, 00:25

Du kannst ihn so benutzen.

t'john · 05.10.2012, 02:31

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

20.08.2012, 14:34	#4
t'john /// Helfer-Team	GVU-Trojaner mit Wasseraufnahme, Windows Vista x32 Und zwar wie? __________________ Mfg, t'john Das TB unterstützen

21.08.2012, 17:41	#6
t'john /// Helfer-Team	GVU-Trojaner mit Wasseraufnahme, Windows Vista x32 Da sind keine Updates im OTL fix. Der Rechner wird wieder gesperrt werden. Wenn noch Rootkits dazukommen kannst du dann Neuaufsetzen oder dir das Bankkonto leerraeumen lassen. __________________ --> GVU-Trojaner mit Wasseraufnahme, Windows Vista x32

22.08.2012, 00:25	#8
t'john /// Helfer-Team	GVU-Trojaner mit Wasseraufnahme, Windows Vista x32 Du kannst ihn so benutzen. __________________ Mfg, t'john Das TB unterstützen

GVU-Trojaner mit Wasseraufnahme, Windows Vista x32

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner mit Wasseraufnahme, Windows Vista x32