HAllo,

bin neu hier und hab mir mal durchgelesen wie ich Your Protection wieder entfernen kann.
Habe nach der Anleitung alles gemacht nur beim vollstaändigen Scannen des Pc`s bleibt der Scanner immer hängen und ich merke auch das Your Protection noch drauf ist weil der PC anzeigt das Sicherheitscenter wäre aus aber ich bekomme es nicht an.
Was kann ich noch tun?

Danke schonmal im vorraus.

Gruß
Scheider

Hallo und

Dann poste mal OTL Logfiles:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

OTL logfile created on: 12.04.2010 11:53:34 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Scheid\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 126,17 Gb Free Space | 64,60% Space Free | Partition Type: NTFS
Drive D: | 93,78 Gb Total Space | 93,67 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRIVAT
Current User Name: Scheid
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\franz.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\MAGIX\PC_Check_Tuning_2010\MxTray.exe ()
PRC - C:\Programme\Norman\Nse\Bin\Nsesvc.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA)
PRC - C:\Programme\Norman\Npc\Bin\nuaa.exe (Norman ASA)
PRC - C:\Programme\Norman\Npc\Bin\npcsvc32.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\nvoy.exe (Norman ASA)
PRC - C:\Programme\Norman\ngs\bin\nprosec.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA)
PRC - C:\Programme\Norman\nvc\bin\Nvcoas.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\Njeeves.exe (Norman ASA)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NVCScheduler) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (nsesvc) -- C:\Program Files\Norman\Nse\bin\NSESVC.EXE (Norman ASA)
SRV - (Scheduler) -- C:\Program Files\Norman\Npm\Bin\scheduler.exe (Norman ASA)
SRV - (NUAA) -- C:\Program Files\Norman\npc\bin\nuaa.exe (Norman ASA)
SRV - (NPC) -- C:\Program Files\Norman\npc\bin\npcsvc32.exe (Norman ASA)
SRV - (NVOY) -- C:\Program Files\Norman\npm\bin\nvoy.exe (Norman ASA)
SRV - (NPROSECSVC) -- C:\Program Files\Norman\Ngs\Bin\Nprosec.exe (Norman ASA)
SRV - (eLoggerSvc6) -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe (Norman ASA)
SRV - (Norman ZANDA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe (Norman ASA)
SRV - (nvcoas) -- C:\Program Files\Norman\Nvc\bin\nvcoas.exe (Norman ASA)
SRV - (Norman NJeeves) -- C:\Program Files\Norman\Npm\bin\NJEEVES.EXE (Norman ASA)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (OsdService) -- C:\Programme\C&E\OSD\OsdService\OsdService.exe ()
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (cpuz132) -- File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (Ndiskio) -- C:\Programme\Norman\Nse\Bin\Ndiskio.sys (Norman ASA)
DRV - (NvcMFlt) -- C:\Windows\System32\drivers\nvcv32mf.sys (Norman ASA)
DRV - (NPROSEC) -- C:\Programme\Norman\ngs\bin\nprosec.sys (Norman ASA)
DRV - (NGS) -- c:\Programme\Norman\ngs\bin\ngs.sys (Norman ASA)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (DiskSec) -- C:\Windows\System32\drivers\disksec.sys (MAGIX)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Corporation)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (CEBFilter) -- C:\Programme\C&E\OSD\OsdService\cebuffer.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (CEIO) -- C:\Programme\C&E\OSD\OsdService\ceio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cKBFilter) -- C:\Programme\C&E\OSD\OsdService\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SCR3xx USB Smart Card Reader) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (STC2DFU) -- C:\Windows\System32\drivers\Stc2Dfu.sys (SCM Microsystems Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = go.gmx.net/homehxxp://www.gmx.net/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.gmx.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 92 4B A1 4B 7B CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "GMX Suche"
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "WEB.DE Suche"
FF - prefs.js..browser.search.order.3: "1und1 Suche"
FF - prefs.js..browser.search.order.4: "amazon.de"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.gmx.net"
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/suchbox/gmxsuche?su="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.06 14:42:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.09 16:06:59 | 000,000,000 | ---D | M]

[2010.01.20 15:26:47 | 000,000,000 | ---D | M] -- C:\Users\Scheid\AppData\Roaming\mozilla\Extensions
[2010.04.12 10:27:41 | 000,000,000 | ---D | M] -- C:\Users\Scheid\AppData\Roaming\mozilla\Firefox\Profiles\9tar9nvm.default\extensions
[2010.01.20 15:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Scheid\AppData\Roaming\mozilla\Firefox\Profiles\9tar9nvm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.09 10:13:43 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Scheid\AppData\Roaming\mozilla\Firefox\Profiles\9tar9nvm.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.02.09 11:45:21 | 000,000,000 | ---D | M] (GMX Firefox Addon) -- C:\Users\Scheid\AppData\Roaming\mozilla\Firefox\Profiles\9tar9nvm.default\extensions\{C473DC2B-895F-4E11-B8BF-FF28DFD62829}
[2010.02.12 13:09:13 | 000,005,591 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\9tar9nvm.default\searchplugins\1und1-suche.xml
[2010.02.12 13:09:13 | 000,001,371 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\9tar9nvm.default\searchplugins\amazonde.xml
[2010.02.12 13:09:13 | 000,010,605 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\9tar9nvm.default\searchplugins\gmx-suche.xml
[2010.02.12 13:09:13 | 000,005,588 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\9tar9nvm.default\searchplugins\webde-suche.xml
[2010.02.16 17:05:20 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.02.09 10:13:23 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.02.09 10:13:23 | 000,000,000 | ---D | M] (GMX Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{C473DC2B-895F-4E11-B8BF-FF28DFD62829}
[2009.12.22 05:57:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.12.22 05:57:54 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.12.22 05:57:54 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.12.22 05:57:54 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.12.22 05:57:54 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{70dcab92-ebe7-11de-991d-00030d987e70}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.12 11:52:20 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Scheid\Desktop\OTL.exe
[2010.04.12 11:40:26 | 121,175,904 | ---- | C] (AVG Technologies) -- C:\Users\Scheid\Desktop\avg_ipw_stf_all_90_800a2779.exe
[2010.04.12 09:48:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.12 09:48:07 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.12 09:46:25 | 000,217,032 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.04.12 09:46:25 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.04.12 09:46:20 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.04.12 09:46:15 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Doctor
[2010.04.12 09:46:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\PC Tools
[2010.04.12 09:46:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools
[2010.04.12 09:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.04.12 09:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.04.12 09:27:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.04.12 09:26:57 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.04.12 09:26:57 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.04.12 09:26:57 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.04.12 09:26:57 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.04.12 09:26:53 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.04.12 09:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.04.12 09:24:43 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.04.09 16:06:49 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.04.09 09:07:17 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.04.09 09:07:15 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.08 16:03:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2010.04.08 16:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.08 15:57:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.08 15:45:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.04.08 15:44:36 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.04.08 15:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.04.08 14:58:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live
[2010.04.08 14:52:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.04.08 14:49:55 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Your Protection
[2010.04.08 09:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2010.04.08 09:58:16 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\docXConverter logs
[2010.04.06 10:58:20 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\KK Verträge
[2010.04.06 09:11:14 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.04.01 08:59:54 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.04.01 08:59:54 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.04.01 08:59:54 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.04.01 08:59:54 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.04.01 08:59:53 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.04.01 08:59:53 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.04.01 08:59:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.04.01 08:59:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.04.01 08:59:53 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.04.01 08:59:53 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.04.01 08:59:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.04.01 08:59:53 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.04.01 08:59:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.04.01 08:59:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.04.01 08:59:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.03.30 09:36:47 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Meisterbafög
[2010.03.29 17:50:20 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Sanikonzept
[2010.03.26 18:56:18 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\DVDVideoSoft
[2010.03.26 18:56:06 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.03.26 18:56:06 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.03.26 13:09:00 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Wochenspiegel
[2010.03.23 11:05:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Nero
[2010.03.17 15:29:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\S2
[2010.03.17 15:29:45 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\S2
[2010.03.17 15:25:55 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010.03.17 15:25:54 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010.03.17 15:25:54 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010.03.17 15:25:45 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010.03.17 15:25:45 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010.03.17 15:25:44 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010.03.17 15:25:43 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010.03.17 15:25:43 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010.03.17 15:25:42 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010.03.17 15:25:42 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010.03.17 15:23:48 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft
[2010.03.15 09:59:28 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010.02.12 15:17:01 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe13BE.dll
[2010.02.01 11:20:06 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\IMPLODE.DLL
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.12 11:53:00 | 001,572,864 | ---- | M] () -- C:\Users\****\NTUSER.DAT
[2010.04.12 11:52:24 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\****Desktop\OTL.exe
[2010.04.12 11:43:24 | 121,175,904 | ---- | M] (AVG Technologies) -- C:\Users\****\Desktop\avg_ipw_stf_all_90_800a2779.exe
[2010.04.12 10:15:58 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\PCCT - MAGIX AG.job
[2010.04.12 10:10:02 | 001,478,112 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.12 10:10:02 | 000,644,304 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.12 10:10:02 | 000,600,640 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.12 10:10:02 | 000,132,540 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.12 10:10:02 | 000,109,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.12 10:09:23 | 058,823,525 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.04.12 10:05:40 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.12 10:05:40 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.12 10:05:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.12 10:05:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.12 10:05:33 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.12 10:04:34 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{558a828b-e74d-11de-b2b0-00030d987e70}.TMContainer00000000000000000001.regtrans-ms
[2010.04.12 10:04:34 | 000,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{558a828b-e74d-11de-b2b0-00030d987e70}.TM.blf
[2010.04.12 10:04:33 | 003,663,774 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db
[2010.04.12 09:48:12 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Franz.lnk
[2010.04.12 09:32:42 | 276,200,447 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.04.12 08:54:17 | 000,001,887 | ---- | M] () -- C:\Users\****\Adobe Reader 9.lnk
[2010.04.09 16:25:09 | 000,538,624 | ---- | M] () -- C:\Users\****\Desktop\********.XLS
[2010.04.08 10:02:17 | 000,010,584 | ---- | M] () -- C:\Users\****\AppData\Roaming\docXConverter (3).ini
[2010.04.08 09:59:01 | 000,000,134 | -H-- | M] () -- C:\Users\****\AppData\Roaming\lakerda1967.sys
[2010.04.07 09:31:17 | 000,010,560 | ---- | M] () -- C:\Users\****\Documents\Barmer GEK wg ********.docx
[2010.03.31 11:02:16 | 000,010,340 | ---- | M] () -- C:\Users\****\Documents\Reps Schuhaus German.xlsx
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.26 18:20:18 | 000,010,882 | ---- | M] () -- C:\Users\****\Documents\***********.docx
[2010.03.18 15:06:41 | 000,021,956 | ---- | M] () -- C:\Users\****\****.jpg
[2010.03.15 09:59:30 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.03.15 09:59:28 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010.03.15 09:59:28 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010.03.15 09:59:11 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.12 09:48:12 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Franz.lnk
[2010.04.12 09:46:25 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010.04.12 09:46:25 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010.04.12 09:46:20 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010.04.12 09:28:48 | 276,200,447 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.04.12 08:54:17 | 000,001,887 | ---- | C] () -- C:\Users\*****\Adobe Reader 9.lnk
[2010.04.08 09:58:16 | 000,000,134 | -H-- | C] () -- C:\Users\****\AppData\Roaming\lakerda1967.sys
[2010.04.08 09:58:00 | 000,010,584 | ---- | C] () -- C:\Users\****\AppData\Roaming\docXConverter (3).ini
[2010.04.07 09:29:38 | 000,010,560 | ---- | C] () -- C:\Users\****\Documents\Barmer GEK wg Friedrich.docx
[2010.03.31 10:59:24 | 000,010,340 | ---- | C] () -- C:\Users\****\Documents\Reps Schuhaus German.xlsx
[2010.03.26 18:20:18 | 000,010,882 | ---- | C] () -- C:\Users\*****\Documents\Schreiben Dr. Steinke.docx
[2010.03.18 15:06:09 | 000,021,956 | ---- | C] () -- C:\Users\****\Firma.jpg
[2010.02.12 15:17:01 | 000,001,993 | ---- | C] () -- C:\Users\****\Sony Ericsson PC Suite 6.0.lnk
[2010.02.08 18:21:15 | 000,017,089 | ---- | C] () -- C:\Users\*****\AppData\Roaming\UserTile.png
[2010.02.01 11:20:17 | 000,245,830 | ---- | C] () -- C:\Windows\System32\PAEDUS.DLL
[2010.02.01 11:20:08 | 000,122,880 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2010.02.01 11:20:07 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2010.02.01 11:20:05 | 000,079,360 | ---- | C] () -- C:\Windows\System32\Sockdlls.dll
[2010.02.01 11:20:05 | 000,063,488 | ---- | C] () -- C:\Windows\System32\EZTW32.DLL
[2010.02.01 11:20:02 | 000,303,616 | ---- | C] () -- C:\Windows\System32\TX32.DLL
[2010.02.01 11:20:02 | 000,000,150 | ---- | C] () -- C:\Windows\System32\IC32.INI
[2010.01.25 17:23:45 | 000,003,584 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.20 15:41:12 | 000,000,455 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2010.01.20 15:33:19 | 000,000,104 | ---- | C] () -- C:\Users\*****\Systemsteuerung - Verknüpfung.lnk
[2010.01.15 11:46:13 | 000,010,763 | ---- | C] () -- C:\Users\*****\AppData\Roaming\SmarThruOptions.xml
[2010.01.15 11:45:48 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2010.01.15 11:45:47 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SamFaxPort.dll
[2010.01.15 11:45:36 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2010.01.15 11:45:29 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2010.01.06 12:38:19 | 000,000,094 | ---- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat
[2009.12.12 20:55:57 | 000,000,046 | ---- | C] () -- C:\Windows\PCCT.INI
[2009.12.12 20:48:30 | 000,524,288 | -HS- | C] () -- C:\Users\*****\NTUSER.DAT{558a828b-e74d-11de-b2b0-00030d987e70}.TMContainer00000000000000000002.regtrans-ms
[2009.12.12 20:48:30 | 000,524,288 | -HS- | C] () -- C:\Users\****\NTUSER.DAT{558a828b-e74d-11de-b2b0-00030d987e70}.TMContainer00000000000000000001.regtrans-ms
[2009.12.12 20:48:30 | 000,065,536 | -HS- | C] () -- C:\Users\****\NTUSER.DAT{558a828b-e74d-11de-b2b0-00030d987e70}.TM.blf
[2009.12.12 20:47:05 | 000,262,144 | -H-- | C] () -- C:\Users\****\NTUSER.DAT.efr.LOG1
[2009.12.12 20:47:05 | 000,000,000 | -H-- | C] () -- C:\Users\*****\NTUSER.DAT.efr.LOG2
[2009.12.12 20:18:50 | 000,000,111 | ---- | C] () -- C:\Windows\installation.ini
[2009.12.12 20:16:53 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.12.12 19:23:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.12 18:15:20 | 000,027,430 | ---- | C] () -- C:\Users\*****\AppData\Roaming\nvModes.001
[2009.12.12 16:28:01 | 000,027,430 | ---- | C] () -- C:\Users\*****\AppData\Roaming\nvModes.dat
[2009.12.12 15:35:29 | 000,000,680 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2009.12.12 15:35:28 | 001,572,864 | ---- | C] () -- C:\Users\*****\NTUSER.DAT
[2009.12.12 15:35:28 | 000,786,432 | -HS- | C] () -- C:\Users\*****\NTUSER.DAT.bak
[2009.12.12 15:35:28 | 000,524,288 | -HS- | C] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.12.12 15:35:28 | 000,524,288 | -HS- | C] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.12.12 15:35:28 | 000,262,144 | -H-- | C] () -- C:\Users\*****\ntuser.dat.LOG1
[2009.12.12 15:35:28 | 000,065,536 | -HS- | C] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009.12.12 15:35:28 | 000,000,020 | -HS- | C] () -- C:\Users\*****\ntuser.ini
[2009.12.12 15:35:28 | 000,000,000 | -H-- | C] () -- C:\Users\*****\ntuser.dat.LOG2
[2009.05.11 02:00:00 | 000,011,264 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2009.05.11 01:59:58 | 000,147,456 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2009.05.11 01:59:58 | 000,027,136 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2009.05.11 01:59:56 | 000,010,752 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2009.03.05 07:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008.01.15 04:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2007.06.21 11:49:24 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007.03.20 15:08:54 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sst1cl3.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.22 22:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003.07.25 14:32:18 | 000,030,793 | ---- | C] () -- C:\Windows\System32\crtslv.dll
[2002.03.13 17:46:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[1998.05.04 12:02:44 | 000,028,160 | ---- | C] () -- C:\Windows\System32\PEADUTIL.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMPFC5A2B2
< End of report >

OTL Extras logfile created on: 12.04.2010 11:53:34 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 126,17 Gb Free Space | 64,60% Space Free | Partition Type: NTFS
Drive D: | 93,78 Gb Total Space | 93,67 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRIVAT
Current User Name: ****
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C3DAA32-1EB4-4319-A5F3-96479AA9ED03}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{21AFBACC-9340-4171-B8BD-E07E6891A569}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2B3AAF7E-A272-4AF8-B2ED-2EAA6005EFCB}" = lport=139 | protocol=6 | dir=in | app=system |
"{3468DF5C-552B-4ACD-A7C1-47711A22F0B5}" = lport=137 | protocol=17 | dir=in | app=system |
"{67D8C11B-EA4E-45AE-B1F3-37CA810FB5F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{6CC60400-826A-4E9F-8C96-0E099C84DAE7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8D18B5CD-23BA-428F-B7C7-64FB5DFE5CDD}" = rport=137 | protocol=17 | dir=out | app=system |
"{99666E66-595C-41F0-A143-6DAD1855D07D}" = lport=138 | protocol=17 | dir=in | app=system |
"{A64A6D79-092D-4774-9318-14191850DA96}" = rport=445 | protocol=6 | dir=out | app=system |
"{D79C5782-EEF8-43F5-B88A-BABAEC6B3C75}" = rport=138 | protocol=17 | dir=out | app=system |
"{FEDD0447-78E5-4424-A4B0-D2E2CA62FDF4}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{090743C5-5F0C-4D03-85D9-9A55E3425034}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{09374934-88A7-4263-9C15-D5187856827F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{145C938C-8AAF-456F-A030-03EC87412BC4}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{2F04C8E7-6280-4EEE-AF4D-59A8726E1AAA}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |
"{3895FDFA-DAE7-466A-9AE6-46BB314566C1}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
"{4B14727E-510E-4C50-A509-A81620A7E532}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{60FDF2C5-71DA-425B-821C-1295C664C0E5}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{6B091F0F-DC05-4189-A82A-9544AAD21371}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6C8DB00C-204C-43AF-9C0D-4B67FBC83DF1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{74AA2C84-1AEA-41DD-8407-FA502486E38E}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe |
"{7DA96566-E645-4D56-880A-EED9A9A0F89C}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{A9B87B1D-6D4A-443E-8DBA-6D7F2FE7CFA8}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{BFFFBE37-FEA4-43DF-B684-AC88A5C59B48}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{D077C360-F956-47AD-82D0-93043FB5E32D}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |
"{D6F26E8F-0829-44FD-B567-874927F1F885}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E607366D-574B-41F0-8005-8C47273A7377}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
"{E70CB343-5743-4417-B0C6-9C50D2B4D5A7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F4417A7D-EC1A-4CC6-9EBC-5EA8A75D4FA4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{73B582BA-0716-4B06-AE4D-E1CAB96086A8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{7866ABB5-D25E-4031-B43B-262FAD9AB622}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{25614CFD-4E49-4EFF-B44E-3C6D3D9DFC5F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{F44CD691-7349-4DA5-8BBF-D7E1B50D0AFD}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0DE6C47F-57C9-43FB-930B-2094428BEBB3}_is1" = TTDPatch 2.5 beta 9
"{0F5C38CB-DCA7-44E0-A654-26121331557A}" = GMX Update
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1C1DF401-0A3E-49C8-85AD-EB3C9F82A275}" = 3531-W-I32-D SATARAID5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{36C89170-50E2-4F76-B4EA-F4450D85781F}" = PAEDUS 10.0
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AF27589-0FA3-4BB0-8609-8F0135B1D9F6}" = Firefox 3.6 GMX Edition
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7EABFCD9-9F26-4E2C-A762-73ABE2C54E95}" = SCR3xx USB Smart Card Reader
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{96AFCF8B-3C53-49A2-8456-E637021B1031}" = Nero 8 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A36B158D-8E9D-4BD3-8BDA-4B5EDC9C2E8C}" = Norman Security Suite
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF204E20-C29C-4434-BCFE-D9BAF76CEF8D}" = Sun ODF Plugin for Microsoft Office 3.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB863CFD-6889-47B0-9D79-492DE0D07EE7}" = OSDInstall
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF748561-FFFE-11D3-A06B-00E02939A7B3}" = dakota.le
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firefox 3.6 GMX Edition" = Firefox 3.6 GMX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"GMX Update" = GMX Update
"MAGIX PC Check & Tuning 2010 D" = MAGIX PC Check & Tuning 2010 5.0.22.687 (D)
"MAGIX Screenshare D" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenTTD" = OpenTTD 0.6.1
"S2TNG" = Die Siedler II - Die nächste Generation
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SmarThru PC Fax" = SmarThru PC Fax
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Spyware Doctor" = Spyware Doctor 7.0
"ST6UNST #1" = T&T medilogic 4.6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12.04.2010 05:45:19 | Computer Name = privat | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/12 11:45:19] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 192.168.2.101 --------------------------------------------------------

Warning
message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll
File
quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM'
on host 'PRIVAT'.

Error - 12.04.2010 05:46:17 | Computer Name = privat | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/12 11:46:17] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 192.168.2.101 --------------------------------------------------------

Warning
message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll
File
quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM'
on host 'PRIVAT'.

Error - 12.04.2010 05:47:18 | Computer Name = privat | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/12 11:47:18] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 192.168.2.101 --------------------------------------------------------

Warning
message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll
File
quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM'
on host 'PRIVAT'.

Error - 12.04.2010 05:49:18 | Computer Name = privat | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/12 11:49:18] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 192.168.2.101 --------------------------------------------------------

Warning
message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll
File
quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM'
on host 'PRIVAT'.

Error - 12.04.2010 05:50:19 | Computer Name = privat | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/12 11:50:19] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 192.168.2.101 --------------------------------------------------------

Warning
message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll
File
quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM'
on host 'PRIVAT'.

Error - 12.04.2010 05:51:17 | Computer Name = privat | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/12 11:51:17] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 192.168.2.101 --------------------------------------------------------

Warning
message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll
File
quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM'
on host 'PRIVAT'.

Error - 12.04.2010 05:52:18 | Computer Name = privat | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/12 11:52:18] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 192.168.2.101 --------------------------------------------------------

Warning
message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll
File
quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM'
on host 'PRIVAT'.

Error - 12.04.2010 05:54:18 | Computer Name = privat | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/12 11:54:18] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 192.168.2.101 --------------------------------------------------------

Warning
message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll
File
quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM'
on host 'PRIVAT'.

Error - 12.04.2010 05:55:19 | Computer Name = privat | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/12 11:55:19] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 192.168.2.101 --------------------------------------------------------

Warning
message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll
File
quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM'
on host 'PRIVAT'.

Error - 12.04.2010 05:56:17 | Computer Name = privat | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/12 11:56:17] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 192.168.2.101 --------------------------------------------------------

Warning
message: Virus missing: Virus name: 'TXT/JunkFile.AM' File infected: C:/ProgramData/_VOIDmfeklnmal.dll
File
quarantined: C:/ProgramData/_VOIDmfeklnmal.dll Login information: User 'SYSTEM'
on host 'PRIVAT'.

[ System Events ]
Error - 08.03.2010 02:41:35 | Computer Name = privat | Source = Service Control Manager | ID = 7034
Description =

Error - 08.03.2010 02:41:42 | Computer Name = privat | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 08.03.2010 09:16:16 | Computer Name = privat | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 08.03.2010 09:16:29 | Computer Name = privat | Source = Service Control Manager | ID = 7000
Description =

Error - 08.03.2010 09:16:29 | Computer Name = privat | Source = Service Control Manager | ID = 7000
Description =

Error - 08.03.2010 09:16:29 | Computer Name = privat | Source = Service Control Manager | ID = 7034
Description =

Error - 09.03.2010 04:02:58 | Computer Name = privat | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 09.03.2010 04:04:12 | Computer Name = privat | Source = Service Control Manager | ID = 7000
Description =

Error - 09.03.2010 04:04:12 | Computer Name = privat | Source = Service Control Manager | ID = 7000
Description =

Error - 09.03.2010 04:04:12 | Computer Name = privat | Source = Service Control Manager | ID = 7034
Description =


< End of report >

Zitat:

C:\Users\****\AppData\Roaming\lakerda1967.sys

Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

Hier das Ergebnis von Virustotal

a-squared 4.5.0.50 2010.04.12 -
AhnLab-V3 5.0.0.2 2010.04.10 -
AntiVir 7.10.6.62 2010.04.12 -
Antiy-AVL 2.0.3.7 2010.04.12 -
Authentium 5.2.0.5 2010.04.12 -
Avast 4.8.1351.0 2010.04.12 -
Avast5 5.0.332.0 2010.04.12 -
AVG 9.0.0.787 2010.04.12 -
BitDefender 7.2 2010.04.12 -
CAT-QuickHeal 10.00 2010.04.12 -
ClamAV 0.96.0.3-git 2010.04.12 -
Comodo 4575 2010.04.12 -
DrWeb 5.0.2.03300 2010.04.12 -
eSafe 7.0.17.0 2010.04.11 -
eTrust-Vet 35.2.7420 2010.04.12 -
F-Prot 4.5.1.85 2010.04.12 -
F-Secure 9.0.15370.0 2010.04.12 -
Fortinet 4.0.14.0 2010.04.12 -
GData 19 2010.04.12 -
Ikarus T3.1.1.80.0 2010.04.12 -
Jiangmin 13.0.900 2010.04.12 -
Kaspersky 7.0.0.125 2010.04.12 -
McAfee-GW-Edition 6.8.5 2010.04.12 -
Microsoft 1.5605 2010.04.12 -
NOD32 5020 2010.04.12 -
Norman 6.04.11 2010.04.12 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.11 -
PCTools 7.0.3.5 2010.04.12 -
Prevx 3.0 2010.04.12 -
Rising 22.43.00.04 2010.04.12 -
Sophos 4.52.0 2010.04.12 -
Sunbelt 6166 2010.04.12 -
Symantec 20091.2.0.41 2010.04.12 -
TheHacker 6.5.2.0.259 2010.04.12 -
TrendMicro 9.120.0.1004 2010.04.12 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.12.2272 2010.04.12 -
VirusBuster 5.0.27.0 2010.04.12 -
weitere Informationen
File size: 134 bytes
MD5...: 981e00043c35548945a20bd4bf07e39f
SHA1..: e53f65b3812e9f8ba2bf276d8f6c6978a5556826
SHA256: 21aca2eef6234a7a579f2153b47308606123580b818cb148fadf2ca94ee1039e
ssdeep: 3:cl2UoSUC7qA2akQ5OlPIqGqw7rYlyIWc6igpCusJ7BdhBn:eoQT5OwTrHIWc6F
Cus1rhBn
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!

Ich wollte den Link haben. Bitte lad die Datei mal bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html

Hab mal versucht antivir 10 zu installieren schmiert aber jedes mal ab ( Blue screen)
Was soll ich noch machen?

Hab den Link geschickt.

Mach nen Durchgang mit CF, das nimmt uns Arbeit ab:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

ComboFix 10-04-11.06 - Scheid 12.04.2010 16:20:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1783 [GMT 2:00]
ausgeführt von:: C:\Users\Scheid\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Im Speicher befindliches AV aktiv.

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\hpe13BE.dll
C:\Users\Scheid\FAVORI~1\_favdata.dat
C:\Users\Scheid\Favorites\_favdata.dat
C:\Windows\_VOIDcdsmyprbqw
C:\Windows\system32\_VOIDbloxiigpuh.dll
C:\Windows\system32\_VOIDbpwfvinixo.dll
C:\Windows\system32\_VOIDhwqmnmpdep.dat
C:\Windows\system32\_VOIDiwtutmsxir.dll
C:\Windows\system32\_VOIDnjbjuijtqx.dat
C:\Windows\system32\_VOIDnosnqbvqrf.dat
C:\Windows\system32\_VOIDqciecxyaqp.dat
C:\Windows\system32\_VOIDrckcnvpnop.dat
C:\Windows\system32\_VOIDtjpwgqfdkj.dll
C:\Windows\system32\_VOIDtlmwprnbdk.dll
C:\Windows\system32\_VOIDxdahsddqbu.dll
C:\Windows\system32\SHELLLNK.TLB

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy__VOIDCDSMYPRBQW
-------\Legacy__VOIDd.sys
-------\Service__VOIDcdsmyprbqw
-------\Service__VOIDd.sys


((((((((((((((((((((((( Dateien erstellt von 2010-03-12 bis 2010-04-12 ))))))))))))))))))))))))))))))
.

2010-04-12 14:26:48 . 2010-04-12 14:26:48 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-04-12 14:26:47 . 2010-04-12 14:29:50 -------- d-----w- C:\Users\Scheid\AppData\Local\temp
2010-04-12 13:41:50 . 2010-04-12 13:41:53 -------- d-----w- C:\sh4ldr
2010-04-12 13:41:50 . 2010-04-12 13:41:50 -------- d-----w- C:\Program Files\Enigma Software Group
2010-04-12 13:40:21 . 2010-04-12 13:41:56 -------- d-----w- C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-04-12 07:48:09 . 2010-03-29 13:24:58 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-04-12 07:48:07 . 2010-03-29 13:24:46 20824 ----a-w- C:\Windows\system32\drivers\mbam.sys
2010-04-12 07:46:25 . 2010-03-10 09:36:36 217032 ----a-w- C:\Windows\system32\drivers\PCTCore.sys
2010-04-12 07:46:25 . 2009-11-23 11:54:20 88040 ----a-w- C:\Windows\system32\drivers\PCTAppEvent.sys
2010-04-12 07:46:20 . 2010-02-05 07:25:38 70408 ----a-w- C:\Windows\system32\drivers\pctplsg.sys
2010-04-12 07:46:15 . 2010-04-12 07:46:24 -------- d-----w- C:\Program Files\Spyware Doctor
2010-04-12 07:46:15 . 2010-04-12 07:46:21 -------- d-----w- C:\Program Files\Common Files\PC Tools
2010-04-12 07:46:15 . 2010-04-12 07:46:15 -------- d-----w- C:\Users\Scheid\AppData\Roaming\PC Tools
2010-04-12 07:46:15 . 2010-04-12 07:46:15 -------- d-----w- C:\ProgramData\PC Tools
2010-04-12 07:26:57 . 2010-03-01 07:05:19 124784 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2010-04-12 07:26:57 . 2010-02-16 11:24:01 60936 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2010-04-12 07:26:57 . 2009-05-11 09:49:28 51992 ----a-w- C:\Windows\system32\drivers\avgntdd.sys
2010-04-12 07:26:57 . 2009-05-11 09:49:28 17016 ----a-w- C:\Windows\system32\drivers\avgntmgr.sys
2010-04-12 07:26:53 . 2010-04-12 07:26:53 -------- d-----w- C:\ProgramData\Avira
2010-04-12 07:26:53 . 2010-04-12 07:26:53 -------- d-----w- C:\Program Files\Avira
2010-04-12 07:24:43 . 2010-04-12 07:24:45 -------- d-----w- C:\Program Files\CCleaner
2010-04-09 07:07:17 . 2010-04-09 07:08:14 -------- d-----w- C:\Program Files\trend micro
2010-04-09 07:07:15 . 2010-04-09 07:08:16 -------- d-----w- C:\rsit
2010-04-08 14:03:44 . 2010-04-08 14:03:44 -------- d-----w- C:\Users\Scheid\AppData\Roaming\Malwarebytes
2010-04-08 14:01:35 . 2010-04-08 14:01:35 -------- d-----w- C:\ProgramData\Malwarebytes
2010-04-08 13:57:27 . 2010-04-12 07:54:36 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-08 13:45:27 . 2010-04-08 13:45:27 -------- dc-h--w- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-08 13:44:36 . 2010-04-08 13:45:32 -------- d-----w- C:\Program Files\Lavasoft
2010-04-08 13:44:36 . 2010-04-08 13:44:36 -------- d-----w- C:\ProgramData\Lavasoft
2010-04-08 12:58:00 . 2010-04-08 12:58:00 -------- d-----w- C:\Program Files\Common Files\Windows Live
2010-04-08 12:49:55 . 2010-04-09 08:20:13 -------- d-----w- C:\Users\Scheid\AppData\Roaming\Your Protection
2010-04-08 07:58:16 . 2010-04-08 07:58:16 -------- d-----w- C:\ProgramData\eSellerate
2010-04-06 07:11:14 . 2010-02-12 10:32:56 293376 ----a-w- C:\Windows\system32\browserchoice.exe
2010-03-26 16:56:06 . 2010-03-26 16:56:18 -------- d-----w- C:\Program Files\Common Files\DVDVideoSoft
2010-03-26 16:56:06 . 2010-03-26 16:56:13 -------- d-----w- C:\Program Files\DVDVideoSoft
2010-03-23 09:05:27 . 2010-03-23 09:05:27 -------- d-----w- C:\Users\Scheid\AppData\Roaming\Nero
2010-03-17 13:29:50 . 2010-03-17 16:50:35 -------- d-----w- C:\Users\Scheid\AppData\Local\S2
2010-03-17 13:25:43 . 2005-05-26 14:34:52 2297552 ----a-w- C:\Windows\system32\d3dx9_26.dll
2010-03-17 13:23:48 . 2010-03-17 13:23:48 -------- d-----w- C:\Program Files\Ubisoft
2010-03-15 07:59:28 . 2010-03-15 07:59:28 12464 ----a-w- C:\Windows\system32\avgrsstx.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 14:28:31 . 2009-12-18 10:42:17 -------- d-----w- C:\Program Files\Norman
2010-04-12 13:55:21 . 2009-12-12 22:22:58 644304 ----a-w- C:\Windows\system32\perfh007.dat
2010-04-12 13:55:21 . 2009-12-12 22:22:58 132540 ----a-w- C:\Windows\system32\perfc007.dat
2010-04-12 13:48:41 . 2009-12-12 14:43:11 -------- d-----w- C:\ProgramData\avg9
2010-04-12 13:41:54 . 2010-04-12 13:41:54 110080 ----a-r- C:\Users\Scheid\AppData\Roaming\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconF7A21AF7.exe
2010-04-12 13:41:54 . 2010-04-12 13:41:54 110080 ----a-r- C:\Users\Scheid\AppData\Roaming\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconD7F16134.exe
2010-04-12 13:40:13 . 2009-12-12 17:25:38 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-09 14:06:55 . 2009-12-12 19:39:41 -------- d-----w- C:\Program Files\Common Files\Adobe
2010-04-08 13:07:30 . 2009-12-12 14:43:17 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2010-04-08 12:59:20 . 2010-04-08 12:59:20 53248 ----a-w- C:\Users\Scheid\AppData\Roaming\Your Protection\Uninstall.exe
2010-04-08 12:59:20 . 2010-04-08 12:59:20 40960 ----a-w- C:\Users\Scheid\AppData\Roaming\Your Protection\urpext.dll
2010-04-08 12:59:20 . 2010-04-08 12:59:20 21504 ----a-w- C:\Users\Scheid\AppData\Roaming\Your Protection\urphook.dll
2010-04-08 07:59:01 . 2010-04-08 07:58:16 134 ---ha-w- C:\Users\Scheid\AppData\Roaming\lakerda1967.sys
2010-04-08 07:59:01 . 2010-04-08 07:58:16 134 ---ha-w- C:\Users\Scheid\AppData\Roaming\lakerda1967.sys
2010-04-08 07:58:16 . 2010-04-08 07:58:16 360580 ----a-w- C:\ProgramData\eSellerate\eSellerateEngine.dll
2010-04-08 07:58:16 . 2010-04-08 07:58:16 279172 ----a-w- C:\ProgramData\eSellerate\eWebClient.dll
2010-04-07 09:47:43 . 2010-01-19 15:27:17 -------- d-----w- C:\Program Files\medilogic
2010-03-15 07:59:30 . 2009-12-12 14:43:24 242696 ----a-w- C:\Windows\system32\drivers\avgtdix.sys
2010-03-15 07:59:28 . 2009-12-12 14:43:20 29512 ----a-w- C:\Windows\system32\drivers\avgmfx86.sys
2010-03-15 07:59:11 . 2009-12-12 14:43:21 216200 ----a-w- C:\Windows\system32\drivers\avgldx86.sys
2010-03-11 08:19:09 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail
2010-03-11 08:03:59 . 2010-02-05 16:14:39 -------- d-----w- C:\ProgramData\Microsoft Help
2010-03-01 12:58:32 . 2009-12-12 13:36:17 105824 ----a-w- C:\Users\Scheid\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-01 11:23:28 . 2010-02-26 15:29:10 -------- d-----w- C:\Program Files\Microsoft Works
2010-03-01 11:03:17 . 2010-03-01 11:03:17 -------- d-----w- C:\Users\Scheid\AppData\Roaming\SunODFPluginforMicrosoftOffice
2010-03-01 10:51:55 . 2010-03-01 10:51:55 -------- d-----w- C:\Program Files\Sun
2010-03-01 10:45:20 . 2010-03-01 10:45:20 -------- d-----w- C:\Users\Scheid\AppData\Roaming\Softplicity
2010-03-01 09:53:45 . 2010-02-16 15:05:43 -------- d-----w- C:\Program Files\OpenOffice.org 3
2010-02-26 16:14:56 . 2010-02-16 15:15:46 1 ----a-w- C:\Users\Scheid\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-26 15:28:39 . 2006-11-02 12:37:34 -------- d-----w- C:\Program Files\MSBuild
2010-02-26 15:27:19 . 2010-02-26 15:27:19 -------- d-----w- C:\Program Files\Microsoft.NET
2010-02-26 15:23:22 . 2010-02-26 15:23:21 -------- d-----w- C:\Program Files\Microsoft Visual Studio 8
2010-02-25 16:14:21 . 2010-02-25 16:14:21 0 ---ha-w- C:\Windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-23 06:39:13 . 2010-04-01 06:59:54 916480 ----a-w- C:\Windows\system32\wininet.dll
2010-02-23 06:33:45 . 2010-04-01 06:59:53 71680 ----a-w- C:\Windows\system32\iesetup.dll
2010-02-23 06:33:45 . 2010-04-01 06:59:53 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2010-02-23 04:55:36 . 2010-04-01 06:59:53 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2010-02-22 15:56:58 . 2010-02-22 15:56:58 -------- d-----w- C:\ProgramData\WindowsSearch
2010-02-22 09:39:37 . 2010-02-22 09:39:34 -------- d-----w- C:\Program Files\OpenTTD
2010-02-22 09:37:24 . 2010-02-22 09:37:05 -------- d-----w- C:\ProgramData\WinZip
2010-02-20 23:06:41 . 2010-03-11 08:00:15 24064 ----a-w- C:\Windows\system32\nshhttp.dll
2010-02-20 23:05:14 . 2010-03-11 08:00:14 30720 ----a-w- C:\Windows\system32\httpapi.dll
2010-02-20 20:53:34 . 2010-03-11 08:00:14 411648 ----a-w- C:\Windows\system32\drivers\http.sys
2010-02-16 15:24:12 . 2010-01-15 14:59:32 -------- d-----w- C:\Users\Scheid\AppData\Roaming\SoftGrid Client
2010-02-16 15:15:42 . 2010-02-16 15:15:42 -------- d-----w- C:\Users\Scheid\AppData\Roaming\OpenOffice.org
2010-02-16 15:05:26 . 2010-02-16 15:05:26 -------- d-----w- C:\Program Files\Common Files\Java
2010-02-16 15:04:48 . 2010-02-16 15:05:09 411368 ----a-w- C:\Windows\system32\deploytk.dll
2010-02-16 15:04:45 . 2010-02-16 15:04:45 -------- d-----w- C:\Program Files\Java
2010-02-12 13:21:34 . 2010-02-12 13:21:34 0 ---ha-w- C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-12 13:20:26 . 2010-02-12 13:20:26 -------- d-----w- C:\ProgramData\Avanquest Bluetooth SDK
2010-02-12 13:20:10 . 2010-02-12 13:20:10 -------- d-----w- C:\ProgramData\BVRP Software
2010-02-12 13:16:39 . 2010-02-12 13:16:39 -------- d-----w- C:\ProgramData\Sony Ericsson
2010-02-12 13:16:39 . 2010-02-12 13:16:39 -------- d-----w- C:\Program Files\Sony Ericsson
2010-02-12 13:16:39 . 2009-12-12 14:06:54 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-02-04 15:53:47 . 2010-04-08 13:45:27 2954656 -c--a-w- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-01-26 10:32:53 . 2010-02-09 08:12:37 2739773 -c--a-w- C:\ProgramData\{B8D53BEA-6377-4E04-8901-F6960C01E454}\Firefox-3.6-GMX-Edition.exe
2010-01-25 12:00:35 . 2010-02-24 08:01:17 471552 ----a-w- C:\Windows\system32\secproc_isv.dll
2010-01-25 12:00:35 . 2010-02-24 08:01:11 152576 ----a-w- C:\Windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 . 2010-02-24 08:01:11 152064 ----a-w- C:\Windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 . 2010-02-24 08:01:16 471552 ----a-w- C:\Windows\system32\secproc.dll
2010-01-25 11:58:52 . 2010-02-24 08:01:11 332288 ----a-w- C:\Windows\system32\msdrm.dll
2010-01-25 08:21:20 . 2010-02-24 08:01:12 526336 ----a-w- C:\Windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 . 2010-02-24 08:01:11 346624 ----a-w- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 . 2010-02-24 08:01:11 518144 ----a-w- C:\Windows\system32\RMActivate.exe
2010-01-25 08:21:18 . 2010-02-24 08:01:11 347136 ----a-w- C:\Windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 . 2010-02-24 08:01:31 2048 ----a-w- C:\Windows\system32\tzres.dll
2010-01-19 15:26:06 . 2010-01-19 15:26:06 74752 ----a-w- C:\Windows\ST6UNST.EXE
2010-01-14 08:09:51 . 2010-01-06 10:29:10 73728 ----a-w- C:\ProgramData\T-Home\MeineSoftware\updater\nfs.corestorage.dll
2010-01-14 08:09:51 . 2010-01-06 10:29:09 171152 ----a-w- C:\ProgramData\T-Home\MeineSoftware\updater\meinesoftwareupdate.exe
2008-10-31 07:59:52 . 2008-10-31 07:59:52 8192 --sha-w- C:\Windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 12:01:54 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01:54 1230080 ----a-w- C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 12:01:54 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 12:01:54 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2009-04-10 22:28:04 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 02:23:32 1008184]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 12:37:58 174872]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 14:21:52 246504]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 10:44:34 31072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 23:57:28 35760]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 13:57:56 948672]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2010-03-09 07:40:26 1286608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Scheid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=C:\Users\Scheid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3170 Scan2PC]
2009-06-11 23:10:18 503808 ----a-w- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 13:57:56 948672 ----a-r- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57:28 35760 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17:14 3342336 ----a-w- C:\Program Files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GMX Update]
2009-10-16 13:16:35 2229632 ----a-w- C:\Program Files\GMX\LiveUpdate\m2LUTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57:24 153136 ----a-w- C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]
2009-10-07 12:39:07 189824 ----a-w- C:\Program Files\Norman\Npm\Bin\Zlh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPCTray]
2009-10-07 13:16:43 128328 ----a-w- C:\Program Files\Norman\Npc\Bin\npc_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2009-12-09 14:49:38 606208 ----a-w- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 09:17:12 434176 ----a-w- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b2,29,8a,c7,52,7b,ca,01

R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 07:28:01 135336]
R2 OsdService;OsdService;C:\Program Files\C&E\OSD\OsdService\OsdService.exe [2007-09-03 16:01:50 53248]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\system32\DRIVERS\s1018bus.sys [2009-03-25 15:48:00 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15:48:00 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 15:48:00 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 15:48:00 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 15:48:00 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s1018obex.sys [2009-03-25 15:48:00 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\system32\DRIVERS\s1018unic.sys [2009-03-25 15:48:00 109864]
R3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;C:\Windows\system32\DRIVERS\SCR3XX2K.sys [2006-11-07 03:35:00 47488]
R3 STC2DFU;STCII DFU Adapter;C:\Windows\system32\DRIVERS\Stc2Dfu.SYS [2004-10-24 23:04:00 7796]
S0 DiskSec;Magix Volume Filter Driver; [x]
S0 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\DRIVERS\Si3531.sys [2009-02-05 17:38:24 212520]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\System32\Drivers\avgldx86.sys [2010-03-15 07:59:11 216200]
S1 AvgTdiX;AVG Free Network Redirector;C:\Windows\System32\Drivers\avgtdix.sys [2010-03-15 07:59:30 242696]
S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2009-10-07 14:01:32 25032]
S1 NPROSEC;Norman Security driver;C:\Program Files\Norman\Ngs\Bin\nprosec.sys [2009-10-07 14:02:26 56136]
S2 avg9emc;AVG Free E-mail Scanner;C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-15 07:59:12 916760]
S2 avg9wd;AVG Free WatchDog;C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-15 07:59:15 308064]
S2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2009-10-13 10:24:28 24168]
S2 NPROSECSVC;Norman Security service;C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [2009-10-07 13:02:03 124232]
S2 NVOY;Norman Resource Provider;C:\Program Files\Norman\npm\bin\nvoy.exe [2009-10-07 13:04:02 128328]
S2 OMSI download service;Sony Ericsson OMSI download service;C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 10:23:26 90112]
S2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2007-08-13 19:51:12 5120]
S3 CEBFilter;CEBFilter;C:\Program Files\C&E\OSD\OsdService\cebuffer.sys [2007-09-04 15:20:00 5120]
S3 CEIO;CEIO;C:\Program Files\C&E\OSD\OsdService\ceio.sys [2007-08-31 15:18:06 4608]
S3 cKBFilter;cKBFilter;C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys [2007-08-31 13:22:26 7168]
S3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-01-08 12:38:30 46592]
S3 NPC;Norman Parental Control;C:\Program Files\Norman\npc\bin\npcsvc32.exe [2009-10-07 13:16:27 419200]
S3 nsesvc;Norman Scanner Engine Service;C:\Program Files\Norman\Nse\bin\NSESVC.EXE [2009-11-23 13:47:18 283976]
S3 NUAA;Norman User Activity Agent;C:\Program Files\Norman\npc\bin\nuaa.exe [2009-10-07 13:54:30 124232]
S3 NvcMFlt;NvcMFlt;C:\Windows\system32\DRIVERS\nvcv32mf.sys [2009-10-09 12:06:44 23392]
S3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2009-10-07 12:19:07 197960]
S3 Scheduler;Norman Scheduler Service;C:\Program Files\Norman\Npm\Bin\scheduler.exe [2009-10-07 13:59:27 132424]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-04-12 C:\Windows\Tasks\PCCT - MAGIX AG.job
- C:\PROGRA~1\MAGIX\PC_CHE~1\MxTray.exe [2009-12-12 18:17:18 . 2010-02-16 11:02:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.gmx.net
uSearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SmarThru4 Als HTML speichern - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Auswahl erfassen - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Markierten Text speichern - C:\Program Files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
LSP: C:\Program Files\Norman\npc\bin\nlf.dll
FF - ProfilePath - C:\Users\Scheid\AppData\Roaming\Mozilla\Firefox\Profiles\9tar9nvm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.gmx.net
FF - prefs.js: keyword.URL - hxxp://go.gmx.net/suchbox/gmxsuche?su=
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("general.useragent.extra.cck", "(GMX)");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

Ähm, das Log ist nicht vollständig! Bitte komplett nachreichen!!


Du kannst aber schonmal das hier machen:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:



3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:

Code: Alles auswählenAufklappen

ATTFilter

Folders to delete:
C:\sh4ldr
C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP

Files to delete:
C:\Users\Scheid\AppData\Roaming\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconF7A21AF7.exe
C:\Users\Scheid\AppData\Roaming\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconD7F16134.exe
C:\Users\Scheid\AppData\Roaming\lakerda1967.sys
         

4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken

Doch das ist alle was in der Combofix.txt drin ist.
Den Rest probiere ich jetzt aus.

Wirklich nichts übersehen?
Das Log hört irgendwie so abrupt auf!