GData zeigt Trojaner an (ntuser_mssex.exe)

Larusso · 24.07.2010, 21:43

Noch Probleme ?

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.

comotio · 26.07.2010, 10:11

...Rechner läuft einwandfrei....

Hier OTL.txt:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 26.07.2010 10:32:49 - Run 6
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,78 Gb Total Space | 30,68 Gb Free Space | 13,77% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,32 Gb Free Space | 63,23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 496,32 Mb Total Space | 423,37 Mb Free Space | 85,30% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ******
Current User Name: Admin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG)
PRC - C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG)
PRC - C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files\G DATA\InternetSecurity\AVK\AVK.exe (G Data Software AG)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Razer\DeathAdder\razerhid.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Razer\DeathAdder\razerofa.exe (Razer Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Razer\DeathAdder\razertra.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (GDFwSvc) -- C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (AVKService) -- C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UIUSys) -- C:\Windows\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G DATA Software AG)
DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G DATA Software AG)
DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (PCD5SRVC{3F6A8B78-EC003E00-05040104}) -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (DAdderFltr) -- C:\Windows\System32\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.vanderpluim.de/vanderpluim/Start.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 95 0F 3D 99 ED C9 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.vanderpluim.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4
FF - prefs.js..keyword.URL: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.07.17 17:41:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.21 11:19:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.21 11:19:40 | 000,000,000 | ---D | M]
 
[2009.03.27 20:55:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2010.07.23 16:57:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\i65olv0h.default\extensions
[2010.06.27 10:58:36 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\i65olv0h.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010.06.27 10:58:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\i65olv0h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.19 16:50:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\i65olv0h.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.19 16:50:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\i65olv0h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.11.04 18:06:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\i65olv0h.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.06.15 10:50:04 | 000,001,632 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\i65olv0h.default\searchplugins\live-search.xml
[2010.07.23 16:57:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.21 14:42:13 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010.06.27 10:40:53 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.27 10:40:53 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.27 10:40:53 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.27 10:40:54 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.27 10:40:54 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.21 09:33:51 | 000,411,385 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14242 more lines...
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://vpn.rkish.de/XTSAC.cab (XTSAC Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/3101/defaults/activex/ips/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.19 17:36:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.19 09:21:05 | 000,000,000 | -H-D | C] -- C:\Windows\System32\WindowsPowerShell
[2010.07.19 09:19:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010.07.19 09:19:23 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010.07.19 09:19:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010.07.19 09:19:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2010.07.19 09:19:23 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2010.07.19 09:19:23 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2010.07.19 09:19:22 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010.07.19 09:19:22 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010.07.19 09:19:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010.07.19 09:19:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010.07.19 09:19:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2010.07.19 09:19:19 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010.07.19 09:19:19 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010.07.19 09:19:19 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010.07.19 09:19:19 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010.07.19 09:19:19 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010.07.18 22:08:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp
[2010.07.18 21:58:56 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010.07.18 21:38:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.07.18 21:38:08 | 000,212,480 | -H-- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.07.18 21:33:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2010.07.18 16:33:48 | 000,000,000 | -H-D | C] -- C:\Windows\temp
[2010.07.18 15:10:21 | 000,000,000 | ---D | C] -- C:\iwas
[2010.07.18 14:08:18 | 000,161,792 | -H-- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.07.18 14:08:18 | 000,136,704 | -H-- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.07.18 14:08:18 | 000,031,232 | -H-- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.07.18 14:08:15 | 000,000,000 | -H-D | C] -- C:\Windows\ERDNT
[2010.07.18 14:07:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.07.16 19:20:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2010.07.16 19:20:02 | 000,038,224 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.16 19:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.16 19:19:57 | 000,020,952 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.16 19:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.26 10:31:45 | 006,291,456 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT
[2010.07.26 10:29:19 | 000,080,991 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.26 10:29:17 | 000,080,991 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.07.26 10:27:53 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.26 10:27:53 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.26 10:27:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.26 10:27:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.26 10:27:46 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.23 17:01:43 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.07.23 17:01:43 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.07.23 17:01:38 | 002,732,248 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2010.07.22 14:48:09 | 000,222,874 | ---- | M] () -- C:\Users\Admin\Desktop\fehler.jpg
[2010.07.21 09:33:51 | 000,411,385 | RH-- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.07.19 00:43:05 | 001,503,716 | -H-- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.19 00:43:05 | 000,642,482 | -H-- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.19 00:43:05 | 000,607,470 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.19 00:43:05 | 000,131,828 | -H-- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.19 00:43:05 | 000,108,742 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.18 21:58:51 | 000,000,027 | -H-- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100721-093351.backup
[2010.07.18 21:35:43 | 003,737,904 | R--- | M] () -- C:\Users\Admin\Desktop\ComboFix.exe
[2010.07.18 21:33:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2010.07.17 18:26:54 | 255,007,374 | -H-- | M] () -- C:\Windows\MEMORY.DMP
[2010.07.16 19:20:05 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.02 09:31:47 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
 
========== Files Created - No Company Name ==========
 
[2010.07.22 14:48:09 | 000,222,874 | ---- | C] () -- C:\Users\Admin\Desktop\fehler.jpg
[2010.07.19 09:19:20 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010.07.19 09:19:20 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010.07.19 09:19:20 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010.07.18 21:35:40 | 003,737,904 | R--- | C] () -- C:\Users\Admin\Desktop\ComboFix.exe
[2010.07.18 14:08:18 | 000,256,512 | -H-- | C] () -- C:\Windows\PEV.exe
[2010.07.18 14:08:18 | 000,098,816 | -H-- | C] () -- C:\Windows\sed.exe
[2010.07.18 14:08:18 | 000,080,412 | -H-- | C] () -- C:\Windows\grep.exe
[2010.07.18 14:08:18 | 000,077,312 | -H-- | C] () -- C:\Windows\MBR.exe
[2010.07.18 14:08:18 | 000,068,096 | -H-- | C] () -- C:\Windows\zip.exe
[2010.07.16 19:20:05 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.05 15:06:51 | 000,000,057 | -H-- | C] () -- C:\Windows\lifescan04.ini
[2010.01.30 10:51:44 | 000,007,680 | -H-- | C] () -- C:\Windows\System32\CNMVS6d.DLL
[2009.11.17 12:08:34 | 000,197,424 | -H-- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.08.27 19:13:55 | 000,027,648 | -H-- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.08.08 10:50:19 | 000,110,592 | -H-- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.08.08 10:50:19 | 000,036,608 | -H-- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.06.13 14:17:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.02 08:02:34 | 000,815,104 | -H-- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.06.02 08:02:34 | 000,180,224 | -H-- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.19 13:39:34 | 000,000,683 | -H-- | C] () -- C:\Windows\wiso.ini
[2009.05.02 09:46:13 | 000,168,448 | -H-- | C] () -- C:\Windows\System32\unrar.dll
[2009.03.28 13:48:10 | 000,000,000 | -H-- | C] () -- C:\Windows\OpPrintServer.INI
[2008.10.07 09:13:30 | 000,197,912 | -H-- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.10.25 17:26:10 | 000,005,632 | -H-- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.03.27 04:42:10 | 000,375,296 | -H-- | C] () -- C:\Windows\System32\tx32.dll
[2007.03.27 04:42:02 | 000,000,202 | -H-- | C] () -- C:\Windows\System32\IC32.INI
[2007.03.18 17:27:28 | 000,000,069 | -H-- | C] () -- C:\Windows\Physiologie.ini
[2007.02.05 20:05:26 | 000,000,038 | -H-- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >

--- --- ---

EXTRAS.txt:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 26.07.2010 10:32:49 - Run 6
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,78 Gb Total Space | 30,68 Gb Free Space | 13,77% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,32 Gb Free Space | 63,23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 496,32 Mb Total Space | 423,37 Mb Free Space | 85,30% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *****
Current User Name: Admin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29A06E82-3E18-40E0-BA86-C93ACD78B3B2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3CCB1AF3-63CD-43C9-8515-5F8840FAE731}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3EB73681-FA0F-45E1-AC30-BFC6D7FDE2DA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{48B63AB9-E0B7-43D6-ACF0-4F2AF141B4A5}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{6478DBD6-16FA-4BBE-B7A8-F9F71EB241E9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6B0FF199-1123-44D3-B188-CA44579AE949}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7A544420-90A9-47BB-9B18-5DB8260CF676}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8D8D4292-214F-497A-B255-C33120C8C198}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AE1FEC63-FBDC-48C3-8904-9695A0611917}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E8BC12A2-3ED6-4EBC-A35E-0C176532F3D1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F2D13083-309C-41D5-B4DD-CB698AD99CB6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C148B59-35B4-43ED-8985-7CA41566DA69}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{18B50D12-EE10-4707-A11E-53C194B6097E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{19823631-E523-4B4A-BAF0-894F9EB483C2}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{1DAB2E14-0D12-4FC7-9579-9550E1E57B2F}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{2059AC44-5C2F-44B9-86FF-E5BBFCDFBEB2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{21EE5D0C-FC68-4897-9715-57E56C86D65C}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{2D1F4F88-00DB-4DB7-B5D8-0E314F65454A}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{339A48FF-E27B-4CA4-86BA-CEBDBF199CC2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3516748E-E0FE-44AB-A862-9912BD803D9E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3E785085-14A4-4D84-89A9-B9755E9FBD5D}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe | 
"{41432383-4D3C-4E85-989D-0B85A8879365}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{47B051EE-B7FC-46B6-998A-5C5D4582C602}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{6B601DFE-A59D-4971-8958-B0793BFB79FB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6B7A426F-5C55-4037-9668-74BC0F412B56}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe | 
"{6E4F82CE-DB31-43FA-A259-C64F36857057}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe | 
"{6F583A3B-5CFB-4643-A12D-22260608EA03}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{75C64B8F-89EB-4A0A-A2A1-600CB7C27294}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | 
"{7A449A63-D79C-4E6A-BB0F-14596697BE6B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{7ABE8655-017A-4A5C-8B81-9F8A47B71AEF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{87996FEA-751D-4329-AF09-21A97AB7B80D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{998DC619-6B93-40AE-8425-8D9F25A92CE9}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{A9189066-443A-489F-B567-4FCE17A1F77B}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe | 
"{B8B5B451-7937-42B1-B30F-FFCEB9F03517}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | 
"{BCAA89CF-F20A-4535-87B2-EF8020899B2E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D9FDA152-2C10-49F2-8505-4EB4CE34F014}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{EE856A1F-F661-4435-931F-0C0C971223BA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F164B85B-2B64-4496-A930-8FBEC95526FD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F635F48E-8528-4118-B8AA-DED48C19CC2A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59ACA3F1-AA6C-40BD-942E-BEED6E3EE298}_is1" = NutriGourmet 1.0
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Essentials
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D729E05E-B2B9-4DC4-AF57-47310576EDE0}" = G Data InternetSecurity
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FE6E1AF6-6B88-44FE-8101-84AE6A52B393}" = Windows Live Movie Maker-Betaversion
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Ashampoo PowerUp 2009_is1" = Ashampoo PowerUp 2009
"Canon MP640 series Benutzerregistrierung" = Canon MP640 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CDex" = CDex extraction audio
"ContMedia Lexikon 2007 - Physiologie" = Lexikon 2007 - Physiologie
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint" = Easy-WebPrint
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 4.1 by MixMeister
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"Guild Wars" = GUILD WARS
"Herb-CD" = Herb-CD
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIA Drivers" = NVIDIA Drivers
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 7.0
"Starcraft" = Starcraft
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Video mp3 Extractor_is1" = Video mp3 Extractor
"VLC media player" = VLC media player 0.9.9
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMBackup - Windows Mail Backup_is1" = WMBackup 0.99.15
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Zattoo" = Zattoo 3.3.3 Beta
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.07.2010 06:35:08 | Computer Name = VanDerPluim | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 9.3.3.177, Zeitstempel
 0x4c1d77af, fehlerhaftes Modul Updater.api_unloaded, Version 0.0.0.0, Zeitstempel
 0x4c1d65ab, Ausnahmecode 0xc0000005, Fehleroffset 0x70adda0f,  Prozess-ID 0x1740,
 Anwendungsstartzeit 01cb2989833b65cd.
 
Error - 22.07.2010 06:35:10 | Computer Name = VanDerPluim | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 9.3.3.177, Zeitstempel
 0x4c1d77af, fehlerhaftes Modul Updater.api_unloaded, Version 0.0.0.0, Zeitstempel
 0x4c1d65ab, Ausnahmecode 0xc0000005, Fehleroffset 0x70aca386,  Prozess-ID 0x1740,
 Anwendungsstartzeit 01cb2989833b65cd.
 
Error - 22.07.2010 08:45:58 | Computer Name = VanDerPluim | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 22.07.2010 08:48:12 | Computer Name = VanDerPluim | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 22.07.2010 09:00:09 | Computer Name = VanDerPluim | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 22.07.2010 09:05:28 | Computer Name = VanDerPluim | Source = Perflib | ID = 1010
Description = 
 
Error - 22.07.2010 09:05:29 | Computer Name = VanDerPluim | Source = Perflib | ID = 1008
Description = 
 
Error - 22.07.2010 09:53:18 | Computer Name = VanDerPluim | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 22.07.2010 10:32:38 | Computer Name = VanDerPluim | Source = EventSystem | ID = 4609
Description = 
 
Error - 23.07.2010 10:52:52 | Computer Name = VanDerPluim | Source = MsiInstaller | ID = 11316
Description = 
 
[ OSession Events ]
Error - 27.04.2009 11:52:21 | Computer Name = VanDerPluim | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 871
 seconds with 660 seconds of active time.  This session ended with a crash.
 
Error - 06.05.2009 14:10:02 | Computer Name = VanDerPluim | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 108
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 06.11.2009 11:25:38 | Computer Name = VanDerPluim | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1937
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 06.01.2010 13:48:31 | Computer Name = VanDerPluim | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6742
 seconds with 1380 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2010 13:55:42 | Computer Name = VanDerPluim | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.06.2010 11:40:22 | Computer Name = VanDerPluim | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 100 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19.07.2010 11:19:32 | Computer Name = VanDerPluim | Source = bowser | ID = 8003
Description = 
 
Error - 19.07.2010 11:31:32 | Computer Name = VanDerPluim | Source = bowser | ID = 8003
Description = 
 
Error - 19.07.2010 11:36:33 | Computer Name = VanDerPluim | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 19.07.2010 11:41:28 | Computer Name = VanDerPluim | Source = DCOM | ID = 10010
Description = 
 
Error - 19.07.2010 11:42:39 | Computer Name = VanDerPluim | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 19.07.2010 11:44:10 | Computer Name = VanDerPluim | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 22.07.2010 10:32:25 | Computer Name = VanDerPluim | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 22.07.2010 10:32:25 | Computer Name = VanDerPluim | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 23.07.2010 03:55:00 | Computer Name = VanDerPluim | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 22.07.2010 um 20:11:19 unerwartet heruntergefahren.
 
Error - 26.07.2010 04:27:51 | Computer Name = VanDerPluim | Source = Microsoft-Windows-Eventlog | ID = 22
Description = 
 
 
< End of report >

--- --- ---

Larusso · 26.07.2010, 10:17

Logfile ist sauber

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Java aktualisieren

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).

Schließe alle Browserfenster.
Doppelklicke die JavaRa.exe, um das Programm zu starten.
Die Sprache auswählen, nimm Englisch und klicke "Select".
Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und [b]Remove Sun Download Manager[b].
Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
Rechner neu starten.

Downloade nun Java (Java Runtime Environment (JRE) 6 Update XX) von Oracle und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.

Schritt 2

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch auch dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

Schritt 3

Windows +E Taste drücken --> Rechtsklick über Laufwerk C --> Eigenschaften --> Bereinigen --> weitere Optionen --> Systemwiederherstellung und Schattenkopien bereinigen.

Schritt 4

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.

Schritt 5

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.

Schritt 6

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.

SpywareBlaster
Ein Tutorial zur Verwendung findest Du Hier
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
Hinweis: MBAM ersetzt keine Anti- Viren- Software.
Temp File Cleaner
TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
Ausserdem hilft es Deinen Computer zu beschleunigen.
Du kannst Dir TFC ( by OldTimer ) hier downloaden.
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
Halte Dein System aktuell
Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.
Halte Deine Software aktuell
Der einfachste Weg dafür ist der Secunia Online Software.

Schritt 7

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.

NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
Es spart ausserdem Downloadkapazität.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

comotio · 29.07.2010, 15:49

...so, ein dickes DANKE vorab für die Zeit und Mühe!

Habe alle Schritte von Dir befolgt. Ein Sache gitb es noch: Bei Schritt 1 bekomme ich kein JavaRa Logfile. Er sagt mir zwar das es auf meiner Festplatte sein soll, aber ich habe den PC danacht durchsucht...nix. Hat aber anscheinend alles Richtig gemacht, neues Java ist druf.

Habe mir Dein Schritt 6 ans herz gelegt und die ersten 3 Programme auf dem PC.
System versuche ich immer aktuell zu halten, aber da ich nicht sooo viel Ahnung vom PC habe, klappt es (schätze ich) nicht immer.
Windows ist schon immer auf automatisch download.
IE wird nie benutzt, nur Mozilla. AdblockPlus war auch schon installiert. WOT ist leider nicht mit dem neusten Mozilla kompatibel :-(

PC läuft wie immer einwadnfrei und ich hoffe das ich hier nie wieder was schreiben muss ;-)

Nochmal ein Danke und viel Sonne

Larusso · 29.07.2010, 16:02

JavaRa Log brauche ich nicht.
Also bei mir läuft WOT

Dieses Thema scheint erledigt und wird aus den Abos gelöscht. Solltest Du das Thema erneut benötigen, bitte eine PN an mich.

Jeder andere möge bitte einen eigenen Thread starten.

24.07.2010, 21:43	#31
Larusso /// Selecta Jahrusso	GData zeigt Trojaner an (ntuser_mssex.exe) Noch Probleme ? Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

GData zeigt Trojaner an (ntuser_mssex.exe)

Plagegeister aller Art und deren Bekämpfung: GData zeigt Trojaner an (ntuser_mssex.exe)