Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.04.2011, 21:07   #1
alohawhite
 
Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL - Standard

Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL



Hallo Experten,

ich habe mir "Windows Recovery" eingefangen und habe zum Glück Euer Posting zur Entfernung hier im Forum gefunden (http://www.trojaner-board.de/96741-w...entfernen.html).

Ich bin so vorgegangen wie Ihr dort beschreibt (Malwarebyte nutzen), habe nur OTHelper nicht ausgeführt, weil nach dem Neustart sich Windows Recovery nicht mehr gemeldet hat. Allerdings war der Bildschirm schwarz, alle Dateien & Verknüpfungen bis auf den Papierkorb weg, ebenso fehlt die Schnellstartleiste.

Nach einen OTL Scan wie von Euch beschrieben (http://www.trojaner-board.de/85104-o...-oldtimer.html) sind zumindest die Dateien und Verknüpfungen wieder auf dem Desktop. Auch schaut mein Benutzerkonto wieder so waus wie früher. Es fehlt weiterhin das Hintergrundbild und alle Dateien und Verknüfungen auf dem Desktop sowie meine Daten in meinem Benutzerkonto erscheinen wie sonst verborgene Daten ("milchig"). Lediglich die Malewareverlinkung auf dem Desktop ist normal. Bei fast allen ist bei Eigenschaften "vrsteckt" aktiviert. Ich habe es testweise bei einigen deaktiviert - manche sehen wieder "normal" aus, manche nicht...

Zum Schluss habe ich eben gesehen, dass noch eine "Windows Recovery" Verküpfung auf dem Desktop habe. Sie ist mit der Dtatei "C:\ProgramData\47374088.exe" verküpft. Diese extisiert sogar noch - aber soweit ich das erkenne nicht als .exe, sondern ohne Endung. Auch sind noch zwei ähnliche Dateien im Folder zu finden: "~47374088" und "~47374088r"

2 Fragen hätte ich:
- Ist mein System wieder "sauber"?
- Was kann ich tun, dass die Daten auf dem Desktop und in meinem KOnto wieder vernünftig aussehen?

Anbei die Logs von Malwarebyte und 2x OTL

Ich bedanke mich schon jetzt ganz herzlich für Eure Hilfe. Bereits die zwei oben zitierten Postings haben verhindert, dass ich einen Herzinfarkt bekommen habe :-)! Ihr macht einen Superjob!

######################
Malwarebyte
######################
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6368

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

15.04.2011 19:36:09
mbam-log-2011-04-15 (19-36-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 425552
Laufzeit: 3 Stunde(n), 23 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XjFfFSETuJNIM (Trojan.Agent) -> Value: XjFfFSETuJNIM -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\xjfffsetujnim.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Office\AppData\Local\Temp\wsecxmoanr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Office\AppData\Local\Temp\err.log17055667 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Office\AppData\Roaming\Adobe\plugs\kb17058912.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Office\AppData\Roaming\Adobe\plugs\kb17059114.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Office\AppData\Roaming\Adobe\plugs\kb17059426.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Office\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


########################
OTL.txt
########################OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.04.2011 20:19:13 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113,97 Gb Total Space | 19,23 Gb Free Space | 16,87% Space Free | Partition Type: NTFS
Drive D: | 110,94 Gb Total Space | 13,48 Gb Free Space | 12,15% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\lxeacoms.exe ( )
PRC - C:\Programme\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
PRC - C:\Programme\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Programme\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Sitecom\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Sitecom\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
PRC - C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Programme\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\ThreatFire\TFWAH.dll (PC Tools)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (lxea_device) -- C:\Windows\System32\lxeacoms.exe ( )
SRV - (lxeaCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe ()
SRV - (sesvc) -- C:\Program Files\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Realtek11nSU) -- C:\Programme\Sitecom\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (PCLEPCI) -- C:\Windows\System32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TfSysMon) -- C:\Windows\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\Windows\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\rtl8192su.sys (Realtek Semiconductor Corporation )
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (emAudio) -- C:\Windows\System32\drivers\emAudio.sys (Pinnacle Systems GmbH)
DRV - (DCamUSBEMPIA) -- C:\Windows\System32\drivers\emDevice.sys (eMPIA Technology, Inc.)
DRV - (FiltUSBEMPIA) -- C:\Windows\System32\drivers\emFilter.sys (eMPIA Technology, Inc.)
DRV - (ScanUSBEMPIA) -- C:\Windows\System32\drivers\emScan.sys (eMPIA Technology, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {9A752782-D706-479b-98F8-3F66BF921692}:7.7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.myheritage.com/?orig=ds&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.02.28 19:44:29 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.25 00:12:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.25 00:12:04 | 000,000,000 | ---D | M]
 
[2008.11.14 19:02:16 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2011.04.14 22:31:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\m7az4pnm.default\extensions
[2011.03.07 21:38:24 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\m7az4pnm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.07 21:38:25 | 000,000,000 | -H-D | M] (Hyperwords) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\m7az4pnm.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2011.03.07 21:38:24 | 000,000,000 | -H-D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\m7az4pnm.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011.03.07 21:38:37 | 000,002,884 | -H-- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\m7az4pnm.default\searchplugins\hyperwords.xml
[2010.06.04 12:40:51 | 000,001,330 | -H-- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\m7az4pnm.default\searchplugins\wikipedia-en.xml
[2010.12.26 16:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.06.04 10:12:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.26 09:04:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008.11.17 11:14:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008.12.03 19:18:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.04.08 22:58:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.08.20 20:29:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.11.26 18:17:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.01 20:24:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.06.04 10:12:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.26 09:04:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.02.28 19:44:29 | 000,000,000 | -H-D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.14 20:32:44 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.14 20:32:44 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.14 20:32:44 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.14 20:32:44 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.14 20:32:44 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.04 20:52:09 | 000,000,794 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 87.238.137.85 www.fc-bayern.de
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ThreatFire] C:\Programme\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: &NeoTrace It! - C:\Programme\NeoTrace Express\NTXcontext.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office 2007\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: coupe.de ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.92.87 62.109.123.6 213.191.92.86
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.13 20:40:48 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3eac02ea-a9b5-11de-8710-001dba815c64}\Shell - "" = AutoRun
O33 - MountPoints2\{3eac02ea-a9b5-11de-8710-001dba815c64}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{4667081a-9c8d-11de-8dfe-001dba815c64}\Shell\AutoRun\command - "" = F:\filmstart.bat
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun\Autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck turegopt) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.15 20:17:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.04.15 15:19:17 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2011.04.15 15:19:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.15 15:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.15 15:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.15 15:18:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.15 15:18:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.15 14:24:02 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.01 20:53:42 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.03.24 21:03:46 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.24 21:03:46 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010.12.04 19:16:09 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeacoin.dll
[2010.12.04 19:10:52 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeainpa.dll
[2010.12.04 19:10:52 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEAhcp.dll
[2010.12.04 19:10:52 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeaiesc.dll
[2010.12.04 19:10:51 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeaserv.dll
[2010.12.04 19:10:51 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeausb1.dll
[2010.12.04 19:10:51 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeapmui.dll
[2010.12.04 19:10:51 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxealmpm.dll
[2010.12.04 19:10:50 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeahbn3.dll
[2010.12.04 19:10:50 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeaih.exe
[2010.12.04 19:10:49 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeacomc.dll
[2010.12.04 19:10:49 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeacoms.exe
[2010.12.04 19:10:49 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeacomm.dll
[2010.12.04 19:10:48 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeacfg.exe
[2 C:\Users\****\Desktop\*.tmp files -> C:\Users\****\Desktop\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.15 20:17:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.04.15 19:57:01 | 000,001,122 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3178056050-1462097278-2480878310-1003UA.job
[2011.04.15 19:51:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.15 19:47:41 | 000,702,080 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.15 19:47:41 | 000,648,372 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.15 19:47:41 | 000,155,888 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.15 19:47:41 | 000,127,068 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.15 19:41:30 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.15 19:41:07 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.15 19:41:07 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.15 19:40:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.15 15:19:05 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.15 15:10:28 | 001,006,778 | -H-- | M] () -- C:\Users\****\Desktop\hallo.exe
[2011.04.15 15:04:56 | 001,006,778 | -H-- | M] () -- C:\Users\****\Desktop\rkill.com
[2011.04.15 14:38:50 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~47374088
[2011.04.15 14:38:49 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~47374088r
[2011.04.15 14:37:31 | 000,000,392 | -H-- | M] () -- C:\ProgramData\47374088
[2011.04.15 14:24:03 | 000,000,583 | -H-- | M] () -- C:\Users\****\Desktop\Windows Recovery.lnk
[2011.04.15 14:10:06 | 000,223,744 | -H-- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.15 14:09:56 | 000,000,349 | -H-- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.04.15 14:09:34 | 000,004,082 | -H-- | M] () -- C:\Users\****\Desktop\1426 Bewerberliste(2).zip
[2011.04.14 20:57:02 | 000,001,070 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3178056050-1462097278-2480878310-1003Core.job
[2011.04.11 18:41:58 | 000,042,704 | -H-- | M] () -- C:\Users\****\Desktop\Übung Beispielem.pdf
[2011.03.27 11:45:12 | 000,002,032 | -H-- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat
[2011.03.27 10:04:55 | 000,001,785 | -H-- | M] () -- C:\Users\****\Desktop\Avira DE-Cleaner.lnk
[2011.03.19 15:11:39 | 000,781,275 | -H-- | M] () -- C:\Users\****\ROPO in der Reisebranche - Eine Analyse des Kaufverhaltens in der Touristik.pdf
[2011.03.16 20:56:59 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2 C:\Users\****\Desktop\*.tmp files -> C:\Users\****\Desktop\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.15 15:19:05 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.15 15:10:18 | 001,006,778 | -H-- | C] () -- C:\Users\****\Desktop\hallo.exe
[2011.04.15 15:04:40 | 001,006,778 | -H-- | C] () -- C:\Users\****\Desktop\rkill.com
[2011.04.15 14:38:49 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~47374088r
[2011.04.15 14:38:49 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~47374088
[2011.04.15 14:24:03 | 000,000,583 | -H-- | C] () -- C:\Users\****\Desktop\Windows Recovery.lnk
[2011.04.15 14:23:40 | 000,000,392 | -H-- | C] () -- C:\ProgramData\47374088
[2011.04.15 14:09:34 | 000,004,082 | -H-- | C] () -- C:\Users\****\Desktop\1426 Bewerberliste(2).zip
[2011.04.11 18:41:48 | 000,042,704 | -H-- | C] () -- C:\Users\****\Desktop\Übung Beispielem.pdf
[2011.04.01 20:52:34 | 000,001,122 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3178056050-1462097278-2480878310-1003UA.job
[2011.04.01 20:52:33 | 000,001,070 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3178056050-1462097278-2480878310-1003Core.job
[2011.03.27 10:04:55 | 000,001,785 | -H-- | C] () -- C:\Users\****\Desktop\Avira DE-Cleaner.lnk
[2011.03.19 15:11:39 | 000,781,275 | -H-- | C] () -- C:\Users\****\ROPO in der Reisebranche - Eine Analyse des Kaufverhaltens in der Touristik.pdf
[2010.12.04 19:16:11 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeavs.dll
[2010.12.04 19:16:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeagcfg.dll
[2010.12.04 19:15:59 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeacuir.dll
[2010.12.04 19:15:58 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeacui.dll
[2010.12.04 19:13:21 | 000,049,152 | ---- | C] () -- C:\Windows\System32\LXEAPMON.DLL
[2010.12.04 19:13:21 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXEAFXPU.DLL
[2010.12.04 19:13:01 | 004,485,120 | ---- | C] () -- C:\Windows\System32\LXEAoem.dll
[2010.12.04 19:11:08 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxearwrd.ini
[2010.12.04 19:10:53 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXEAinst.dll
[2010.12.04 19:10:50 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeains.dll
[2010.12.04 19:10:50 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeainsb.dll
[2010.12.04 19:10:50 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxeainsr.dll
[2010.12.04 19:10:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeajswr.dll
[2010.12.04 19:10:49 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeacu.dll
[2010.12.04 19:10:49 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeagrd.dll
[2010.12.04 19:10:49 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeacub.dll
[2010.12.04 19:10:49 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeacur.dll
[2010.12.04 19:09:00 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXEAsmr.dll
[2010.12.04 19:08:59 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEAsm.dll
[2010.06.15 00:15:55 | 000,495,104 | ---- | C] () -- C:\Windows\System32\CBPRED.DLL
[2010.06.15 00:15:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\paradise.dll
[2009.12.09 21:31:19 | 000,025,773 | -H-- | C] () -- C:\Users\****\AppData\Roaming\UserTile.png
[2009.08.19 09:59:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.19 09:59:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.13 20:40:48 | 000,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll
[2009.08.13 20:40:48 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2009.08.13 20:40:48 | 000,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll
[2009.08.13 20:40:48 | 000,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll
[2009.08.13 20:40:48 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2009.01.19 18:02:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.01.07 09:22:50 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.01.07 09:21:57 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.12.20 23:32:16 | 000,000,074 | -H-- | C] () -- C:\Windows\tm.ini
[2008.12.03 15:12:25 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\grcauth2.dll
[2008.12.03 15:12:25 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\grcauth1.dll
[2008.12.03 15:12:25 | 000,000,100 | -H-- | C] () -- C:\Windows\System32\prsgrc.dll
[2008.12.03 15:09:12 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2008.12.03 15:09:11 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2008.11.30 22:17:58 | 000,037,376 | ---- | C] () -- C:\Windows\unlite.exe
[2008.11.25 18:05:04 | 000,695,578 | ---- | C] () -- C:\Windows\System32\unins000.exe
[2008.11.25 18:05:04 | 000,001,072 | ---- | C] () -- C:\Windows\System32\unins000.dat
[2008.11.17 13:21:20 | 000,335,872 | ---- | C] () -- C:\Windows\System32\ldf252.dll
[2008.11.17 12:38:31 | 000,230,377 | ---- | C] () -- C:\Windows\System32\XXCOPY16.EXE
[2008.11.15 16:02:07 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.11.15 15:39:41 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.14 19:23:01 | 000,223,744 | -H-- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.14 19:12:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.14 18:57:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.14 18:15:12 | 000,002,032 | -H-- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat
[2008.08.09 14:10:45 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008.07.10 21:07:09 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.07.10 21:07:09 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll
[2008.07.10 21:07:08 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.07.10 21:07:08 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.07.10 21:07:08 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.07.10 21:07:08 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.07.10 21:07:08 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.07.10 21:07:08 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.07.10 21:04:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.07.10 11:22:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.04.17 10:08:56 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.01.21 09:15:58 | 000,702,080 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,155,888 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,846,496 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,648,372 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,127,068 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2008.12.20 23:38:32 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\AAV
[2008.12.22 18:41:35 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ACD Systems
[2010.10.17 11:29:50 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Canon
[2010.06.19 23:45:36 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Decisioneering
[2010.07.26 16:31:19 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Esuwg
[2008.12.17 11:52:12 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2009.10.13 13:03:20 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Free Monitor for Google
[2008.11.17 16:21:34 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\InterVideo
[2009.01.07 09:27:07 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\MAGIX
[2008.11.23 20:44:24 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\myphotobook
[2009.09.23 13:31:57 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Nokia
[2009.09.10 12:47:18 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\PC Suite
[2009.12.09 21:31:19 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\PeerNetworking
[2009.08.13 21:02:17 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\proDAD
[2010.12.07 21:00:07 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\S300-S400 Series
[2011.04.15 19:38:18 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29
 
< End of report >
         
--- --- ---




##################
Extra.txt
##################OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.04.2011 20:19:13 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113,97 Gb Total Space | 19,23 Gb Free Space | 16,87% Space Free | Partition Type: NTFS
Drive D: | 110,94 Gb Total Space | 13,48 Gb Free Space | 12,15% Space Free | Partition Type: NTFS
 
Computer Name: ****| User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office 2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe" "%1" ()
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01678E37-5E03-4469-A954-C4257FEBAED7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{091CB9E0-F08C-4017-9F2F-740A0E2EE133}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1BA3273B-15F1-409E-AD13-1CF9686E7ECC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3388CA16-8DE7-4A91-8140-95C2D036E316}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{340C600A-EDDF-48DE-85F4-E1C12A1C85CF}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{5175F0C7-75AC-4FD3-BB31-6833C025C9AA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6D9DC392-8865-4182-974B-59A28CFD6FE0}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{9D78771D-8DB8-4A06-9331-A98C54CFA63F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A6DA3B37-36FC-4E73-B91B-361D9747EE96}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A8A95C39-7036-42D8-A59B-85C9251D7F1C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AE5EF06A-AB20-4FA7-9BBB-ABEFA6373454}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B4DE46BC-C5D2-4521-B691-040756AA74CA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 2007\office12\outlook.exe | 
"{B5E8B9E7-5B64-433E-BB93-1D89EB2743DA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C6E19DBB-D9C2-4584-8E51-F7B8EA68F7EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F693DC77-E1CF-4373-9D3C-5A9FEE4D2B2C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FFCE21CE-B5F1-4066-9B51-D29619F9672B}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A62BA5-95E9-4D47-BF06-941EC0DD7158}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{01465BDA-1B69-4177-BAD0-C740C2E26CA4}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{04D41C17-CA88-4628-BB7D-C179C87EE51B}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{057A1101-883B-4C7D-9C7D-69A0609AB3CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office 2007\office12\onenote.exe | 
"{0CC80CC5-08EE-497C-A7FC-EA87F4566DC2}" = protocol=17 | dir=in | app=c:\program files\sitecom\11n usb wireless lan utility\rtwlan.exe | 
"{0F220284-5822-4237-9D86-4B39E70C6DA2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0F2F9491-0ECA-4A91-8C68-28309E6EE6F7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{1A2C4BF7-0447-4826-BEC9-C2ECB06779A1}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe | 
"{2410352A-FD27-4443-B7EE-678AD3A4BB19}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2E392F43-002E-46FC-8A15-701EFC6C1D1B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe | 
"{4140F0F7-F971-4F3C-9968-D8574B8FD836}" = protocol=6 | dir=in | app=c:\program files\sitecom\11n usb wireless lan utility\rtwlan.exe | 
"{52B03D4D-8903-4398-85C3-7F8271C98314}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5444C2D1-4FD1-4166-902F-B30FB581C9CA}" = dir=in | app=c:\windows\system32\lxeacoms.exe | 
"{5693A02F-FA62-4D8F-BACB-8C62921396E5}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{5A034AA3-F31D-437A-917D-E9A7F4937C93}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5CFA07B2-5F8B-47E0-99DC-D5E17DEBA524}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe | 
"{6421A2FD-73E2-47E7-B951-75C5D980EED0}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe | 
"{65589103-7E29-45CF-AE57-68CC1396BFFB}" = dir=in | app=c:\windows\system32\lxeacoms.exe | 
"{7007E052-88C1-4E42-846A-3840558E2195}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{729BECCB-E36E-4C79-ADD4-68A9A5BDCA4B}" = protocol=6 | dir=in | app=c:\program files\microsoft office 2007\office12\onenote.exe | 
"{746F36C3-51B6-478E-8438-A19E32F81B28}" = protocol=17 | dir=in | app=c:\program files\lexmark s300-s400 series\lxeafax.exe | 
"{7BF09761-E1B0-468E-80DA-0571AE4AF668}" = dir=in | app=c:\windows\system32\lxeacoms.exe | 
"{7D9A6BC2-7304-4EBD-82B3-8A44615BF353}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe | 
"{84669E1F-E2E2-4F35-A2C2-93EC33A8F394}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{8A6BF6F2-79B3-46C1-BB6C-0F22A2F54405}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A1FFFA66-3DCC-4213-99A0-CE38874F48E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A2FAD5CF-9132-4274-9F41-9898BA1D5182}" = protocol=6 | dir=in | app=c:\program files\lexmark s300-s400 series\lxeafax.exe | 
"{A7524271-521A-4F3F-9F4C-134DF79E34D8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B64C1020-0F62-485C-971B-65EAA3184979}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{BE79C0D1-B39B-4DC0-A3B0-C0FBAC4AF29E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CB2CDB19-9FB5-4E36-A881-40A70F0DEC05}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CE800600-3892-4BD9-9965-0AA29191F4FC}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe | 
"{D059E94B-4C8B-4F00-A31F-92502BAA66E4}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe | 
"{D0EC33B8-442D-42B2-941B-1F5F10191171}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{D55F1F0D-EAC7-47C5-80D9-815132DD5BC3}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe | 
"{D72C9EFB-7740-4D86-88A1-6C9E22D272B8}" = protocol=17 | dir=in | app=c:\program files\microsoft office 2007\office12\onenote.exe | 
"{DF93EF1C-5C0B-47D1-BA5A-0ADC506D4EA8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E2520143-362F-4838-AD3E-188188DF9C9D}" = protocol=17 | dir=in | app=c:\program files\microsoft office 2007\office12\onenote.exe | 
"TCP Query User{2792FE20-B3A4-43C8-A823-A91A59581380}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{313EE17F-C5D3-4EF3-B26E-B091F45D0EF1}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{7A0CE97F-5175-47CB-9151-903CEF20A878}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{99C6A051-A0F8-4E19-A7D3-8542F1C3BF78}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{B0525753-A312-40FD-8069-2A6E52C7CD1C}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{E02AD014-287F-4C93-8715-22EA4F254C43}C:\program files\spssinc\paswstatistics17\paswstat.exe" = protocol=6 | dir=in | app=c:\program files\spssinc\paswstatistics17\paswstat.exe | 
"TCP Query User{F60C2386-7D59-4B87-9CE0-6F585B78D7AD}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{FF3E360F-84D5-4B6B-BA83-AC80A208578E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{079AF0F3-D1A9-40C1-BC89-7DE95AA7EEBA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{12C275AE-E819-4D5B-AF9D-0159B93CC431}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{1A1580D3-4192-4FE2-AF32-E7F2E51998DA}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{1BCA717A-804D-453C-AD0C-3F19A8ABDCA0}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{6B36687E-A96B-45D2-A4E5-D8EC8168D20A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{848A8198-9161-43B6-A6D9-4CDC354C92D3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{88325290-C5BB-40BC-8A59-CCA40937A6E9}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{B1E5D579-A84B-4117-A716-DBA9FC04E569}C:\program files\spssinc\paswstatistics17\paswstat.exe" = protocol=17 | dir=in | app=c:\program files\spssinc\paswstatistics17\paswstat.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0E286BDA-8683-409E-A684-C75FEB1B1965}" = Crystal Ball 7
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2ECDE974-69D9-47A9-9EB0-10EC49F8468A}" = PASW Statistics 17.0
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = 
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{8C4F56A2-03D5-441B-B911-EC2604622D58}" = FormsForWeb® Filler
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903A0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99A89BD2-21DF-43EB-9024-9A4040F167F5}" = SPSS 16.0 für Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = Sitecom 11n USB Wireless LAN Driver and Utility
"{9D669429-A2E4-4793-B7A0-283D259F39AF}" = Adobe Photoshop Lightroom 2.5
"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DDC2B636-4F9F-4241-9B15-4DF12C97CF4A}" = Studio 11
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E58A0BB1-1FA1-40DC-AFA4-2C86D0A3B879}" = locr GPS Photo
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5FB4B71-6301-11D4-9AD1-00A0C9B0C5F6}" = InfoBibliothek
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ACDSee" = ACDSee
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Crystal Ball 2000" = Crystal Ball 2000
"dt icon module" = 
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.1.3.1
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free DVD Video Burner_is1" = Free DVD Video Burner version 1.1
"Free Monitor for Google_is1" = Free Monitor for Google 2.5
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.1
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Updater" = Google Updater
"gtfirstboot Setting Request" = 
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"JDownloader" = JDownloader
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"Lynx Web Browser_is1" = Lynx 2.8.5rel.1
"MAGIX Video deluxe silver - BILD.de D" = MAGIX Video deluxe silver - BILD.de 8.0.2.7 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketingTools" = VAIO Marketing Tools
"MFU Module" = 
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MOOS Project Viewer" = MOOS Project Viewer
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"myphotobook" = myphotobook 3.6
"NeoTrace Express 3.25" = NeoTrace Express 3.25
"Pixelspeed_Layouter" = Pixelspeed Layouter 
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"Secunia PSI" = Secunia PSI
"ShadowExplorer_is1" = ShadowExplorer 0.7
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TopStyle Lite (Version 1.5)" = TopStyle Lite (Version 1.5)
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XXConsole" = XXConsole: Super Console Generator ver 0.93
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.10.2010 14:03:19 | Computer Name = ****| Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.10.2010 14:03:19 | Computer Name = ****| Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6365
 
Error - 09.10.2010 14:03:19 | Computer Name = ****| Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6365
 
Error - 10.10.2010 07:00:07 | Computer Name = ****| Source = Bonjour Service | ID = 100
Description = 896: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 10.10.2010 07:00:07 | Computer Name = ****| Source = Bonjour Service | ID = 100
Description = 900: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 10.10.2010 07:00:07 | Computer Name = ****| Source = Bonjour Service | ID = 100
Description = 916: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 10.10.2010 07:00:07 | Computer Name = ****| Source = Bonjour Service | ID = 100
Description = 912: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 10.10.2010 07:00:07 | Computer Name = ****| Source = Bonjour Service | ID = 100
Description = 908: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 10.10.2010 07:06:29 | Computer Name = ****| Source = MsiInstaller | ID = 11310
Description = 
 
Error - 10.10.2010 07:11:52 | Computer Name = ****| Source = MsiInstaller | ID = 11310
Description = 
 
[ OSession Events ]
Error - 28.11.2010 08:34:58 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1733
seconds with 0 seconds of active time. This session ended with a crash.
 
Error - 28.11.2010 08:35:19 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.
 
Error - 30.11.2010 19:21:20 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12908
seconds with 2700 seconds of active time. This session ended with a crash.
 
Error - 02.12.2010 06:17:31 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.
 
Error - 16.01.2011 07:58:09 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3469
seconds with 60 seconds of active time. This session ended with a crash.
 
Error - 09.02.2011 19:10:07 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.
 
Error - 21.02.2011 18:00:15 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.
 
Error - 23.02.2011 17:43:16 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 122
seconds with 60 seconds of active time. This session ended with a crash.
 
Error - 07.03.2011 04:36:13 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 66871 seconds with 8160 seconds of active time. This session ended with 
a crash.
 
Error - 28.03.2011 13:24:26 | Computer Name = ****| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 70
seconds with 0 seconds of active time. This session ended with a crash.
 
[ System Events ]
Error - 15.04.2011 13:38:01 | Computer Name = ****| Source = DCOM | ID = 10010
Description = 
 
Error - 15.04.2011 13:40:58 | Computer Name = ****| Source = Microsoft-Windows-Eventlog | ID = 22
Description = 
 
Error - 15.04.2011 13:41:49 | Computer Name = ****| Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.04.2011 13:41:49 | Computer Name = ****| Source = Service Control Manager | ID = 7009
Description = 
 
Error - 15.04.2011 13:41:49 | Computer Name = ****| Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.04.2011 14:31:31 | Computer Name = ****| Source = Service Control Manager | ID = 7009
Description = 
 
Error - 15.04.2011 14:31:31 | Computer Name = ****| Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.04.2011 14:31:33 | Computer Name = ****| Source = DCOM | ID = 10005
Description = 
 
Error - 15.04.2011 14:31:33 | Computer Name = ****| Source = Service Control Manager | ID = 7009
Description = 
 
Error - 15.04.2011 14:31:33 | Computer Name = ****| Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---

Alt 15.04.2011, 21:31   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL - Standard

Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 15.04.2011, 21:49   #3
alohawhite
 
Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL - Standard

Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL



Hallo Arne,

das war das einzige (siehe Bild). Soll ich noch einen Lauf machen?


Gruß
Aloha
__________________
Miniaturansicht angehängter Grafiken
Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL-screen.jpg  

Alt 16.04.2011, 11:30   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL - Standard

Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29
[2011.04.15 14:38:49 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~47374088r
[2011.04.15 14:38:49 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~47374088
[2011.04.15 14:24:03 | 000,000,583 | -H-- | C] () -- C:\Users\****\Desktop\Windows Recovery.lnk
[2011.04.15 14:23:40 | 000,000,392 | -H-- | C] () -- C:\ProgramData\47374088
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.13 20:40:48 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3eac02ea-a9b5-11de-8710-001dba815c64}\Shell - "" = AutoRun
O33 - MountPoints2\{3eac02ea-a9b5-11de-8710-001dba815c64}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{4667081a-9c8d-11de-8dfe-001dba815c64}\Shell\AutoRun\command - "" = F:\filmstart.bat
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun\Autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.04.2011, 17:12   #5
alohawhite
 
Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL - Standard

Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL



Hallo Arne,
Hier das log des OTL Fixes. Wieder "alles gut"?

Nochmals meinen allergrößten Respekt vor Euch! Super Hilfe und alles in Euerer Freizeit. Da ist eine Spende das mindeste...

Gruß Aloha

OTL Logfile:
All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:1CA73D29 deleted successfully.
C:\ProgramData\~47374088r moved successfully.
C:\ProgramData\~47374088 moved successfully.
File C:\Users\****\Desktop\Windows Recovery.lnk not found.
C:\ProgramData\47374088 moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3eac02ea-a9b5-11de-8710-001dba815c64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3eac02ea-a9b5-11de-8710-001dba815c64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3eac02ea-a9b5-11de-8710-001dba815c64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3eac02ea-a9b5-11de-8710-001dba815c64}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4667081a-9c8d-11de-8dfe-001dba815c64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4667081a-9c8d-11de-8dfe-001dba815c64}\ not found.
File F:\filmstart.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
File E:\Autorun\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: xyz
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56659 bytes

User: xyz
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: xyz
->Temp folder emptied: 70958 bytes
->Temporary Internet Files folder emptied: 15852145 bytes
->Flash cache emptied: 946 bytes

User: xyz
->Temp folder emptied: 323124773 bytes
->Temporary Internet Files folder emptied: 612740700 bytes
->Java cache emptied: 16866112 bytes
->FireFox cache emptied: 128371483 bytes
->Google Chrome cache emptied: 48385194 bytes
->Flash cache emptied: 223133 bytes

User: xyz

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1451780725 bytes
RecycleBin emptied: 3928386632 bytes

Total Files Cleaned = 6.224,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04162011_174431

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Geändert von alohawhite (16.04.2011 um 17:23 Uhr)

Alt 17.04.2011, 19:21   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL - Standard

Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL

Alt 03.05.2011, 20:39   #7
alohawhite
 
Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL - Standard

Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL



Hallo - sorry ich war einige Zeit ausser Landes wie man so schön sagt. Tool von Kapersk ausgeführt. Nichts gefunden..."Infection: Not found"

Hier das log
#########
2011/05/03 21:36:16.0169 5216 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/03 21:36:16.0482 5216 ================================================================================
2011/05/03 21:36:16.0483 5216 SystemInfo:
2011/05/03 21:36:16.0483 5216
2011/05/03 21:36:16.0483 5216 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/03 21:36:16.0483 5216 Product type: Workstation
2011/05/03 21:36:16.0483 5216 ComputerName: XXXXXXXX
2011/05/03 21:36:16.0484 5216 UserName: Office
2011/05/03 21:36:16.0484 5216 Windows directory: C:\Windows
2011/05/03 21:36:16.0484 5216 System windows directory: C:\Windows
2011/05/03 21:36:16.0484 5216 Processor architecture: Intel x86
2011/05/03 21:36:16.0484 5216 Number of processors: 2
2011/05/03 21:36:16.0484 5216 Page size: 0x1000
2011/05/03 21:36:16.0484 5216 Boot type: Normal boot
2011/05/03 21:36:16.0485 5216 ================================================================================
2011/05/03 21:36:17.0978 5216 Initialize success
2011/05/03 21:36:20.0935 4360 ================================================================================
2011/05/03 21:36:20.0935 4360 Scan started
2011/05/03 21:36:20.0935 4360 Mode: Manual;
2011/05/03 21:36:20.0935 4360 ================================================================================
2011/05/03 21:36:21.0915 4360 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/03 21:36:22.0092 4360 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/03 21:36:22.0240 4360 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/03 21:36:22.0369 4360 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/03 21:36:22.0491 4360 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/03 21:36:22.0675 4360 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/03 21:36:22.0799 4360 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/03 21:36:22.0897 4360 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/03 21:36:22.0988 4360 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/03 21:36:23.0067 4360 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/03 21:36:23.0146 4360 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/03 21:36:23.0234 4360 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/03 21:36:23.0314 4360 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/03 21:36:23.0482 4360 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/03 21:36:23.0572 4360 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/03 21:36:23.0703 4360 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/03 21:36:23.0768 4360 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/03 21:36:23.0925 4360 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
2011/05/03 21:36:24.0182 4360 atikmdag (a4e212f45b2457b39d59d4972a67af47) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/03 21:36:24.0455 4360 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/03 21:36:24.0631 4360 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/03 21:36:24.0742 4360 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/03 21:36:24.0891 4360 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/03 21:36:24.0971 4360 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/03 21:36:25.0101 4360 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/03 21:36:25.0219 4360 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/03 21:36:25.0293 4360 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/03 21:36:25.0376 4360 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/03 21:36:25.0439 4360 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/03 21:36:25.0497 4360 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/03 21:36:25.0584 4360 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/03 21:36:25.0670 4360 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/03 21:36:25.0782 4360 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/03 21:36:25.0851 4360 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/03 21:36:25.0947 4360 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/03 21:36:26.0051 4360 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/03 21:36:26.0172 4360 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/03 21:36:26.0248 4360 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/03 21:36:26.0312 4360 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/03 21:36:26.0393 4360 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/03 21:36:26.0472 4360 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/03 21:36:26.0662 4360 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2011/05/03 21:36:26.0785 4360 CVPNDRVA (57310c245810b26e378de9e6b22db598) C:\Windows\system32\Drivers\CVPNDRVA.sys
2011/05/03 21:36:26.0887 4360 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\Windows\system32\DRIVERS\emDevice.sys
2011/05/03 21:36:27.0021 4360 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/03 21:36:27.0136 4360 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/03 21:36:27.0211 4360 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
2011/05/03 21:36:27.0311 4360 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys
2011/05/03 21:36:27.0415 4360 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/03 21:36:27.0519 4360 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/03 21:36:27.0637 4360 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/03 21:36:27.0753 4360 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/03 21:36:27.0864 4360 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/03 21:36:27.0951 4360 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/03 21:36:28.0091 4360 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/03 21:36:28.0212 4360 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/03 21:36:28.0341 4360 emAudio (200da4f1964c11b3c19a07f937394624) C:\Windows\system32\drivers\emAudio.sys
2011/05/03 21:36:28.0456 4360 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/03 21:36:28.0629 4360 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/03 21:36:28.0714 4360 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/03 21:36:28.0814 4360 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/03 21:36:28.0906 4360 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/03 21:36:28.0994 4360 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/03 21:36:29.0087 4360 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\Windows\system32\DRIVERS\emFilter.sys
2011/05/03 21:36:29.0199 4360 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/03 21:36:29.0299 4360 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/03 21:36:29.0385 4360 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/03 21:36:29.0447 4360 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/03 21:36:29.0568 4360 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/03 21:36:29.0732 4360 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/03 21:36:29.0867 4360 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/03 21:36:29.0920 4360 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/03 21:36:29.0999 4360 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/03 21:36:30.0071 4360 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/03 21:36:30.0134 4360 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/03 21:36:30.0285 4360 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/03 21:36:30.0425 4360 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/03 21:36:30.0553 4360 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/05/03 21:36:30.0650 4360 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/03 21:36:30.0774 4360 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/03 21:36:30.0851 4360 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/03 21:36:30.0978 4360 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/03 21:36:31.0044 4360 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/03 21:36:31.0256 4360 igfx (ce5ff5d5e3f4ca974e36dc24c15474d0) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/03 21:36:31.0454 4360 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/03 21:36:31.0681 4360 IntcAzAudAddService (4a0f260df9a5333c07f4ab40ca9d4f4b) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/03 21:36:31.0848 4360 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/03 21:36:31.0922 4360 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/03 21:36:32.0012 4360 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/03 21:36:32.0162 4360 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/03 21:36:32.0254 4360 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/03 21:36:32.0395 4360 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/03 21:36:32.0461 4360 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/03 21:36:32.0581 4360 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/03 21:36:32.0628 4360 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/03 21:36:32.0716 4360 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/03 21:36:32.0830 4360 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/03 21:36:32.0937 4360 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/03 21:36:33.0060 4360 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/03 21:36:33.0213 4360 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/03 21:36:33.0348 4360 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/03 21:36:33.0440 4360 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/03 21:36:33.0530 4360 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/03 21:36:33.0634 4360 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/03 21:36:33.0778 4360 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
2011/05/03 21:36:33.0866 4360 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/05/03 21:36:33.0964 4360 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/03 21:36:34.0080 4360 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/03 21:36:34.0170 4360 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/03 21:36:34.0253 4360 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/03 21:36:34.0334 4360 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/03 21:36:34.0386 4360 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/03 21:36:34.0448 4360 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/03 21:36:34.0528 4360 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/03 21:36:34.0635 4360 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/03 21:36:34.0699 4360 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/03 21:36:34.0808 4360 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/03 21:36:34.0892 4360 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/03 21:36:34.0984 4360 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/03 21:36:35.0092 4360 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/03 21:36:35.0171 4360 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/03 21:36:35.0296 4360 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/03 21:36:35.0390 4360 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/03 21:36:35.0518 4360 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/03 21:36:35.0591 4360 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/03 21:36:35.0719 4360 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/03 21:36:35.0791 4360 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/03 21:36:35.0845 4360 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/03 21:36:35.0913 4360 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/03 21:36:36.0007 4360 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/03 21:36:36.0084 4360 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/03 21:36:36.0125 4360 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/03 21:36:36.0250 4360 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/03 21:36:36.0402 4360 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/03 21:36:36.0463 4360 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/03 21:36:36.0544 4360 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/03 21:36:36.0672 4360 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/03 21:36:36.0709 4360 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/03 21:36:36.0790 4360 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/03 21:36:36.0896 4360 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/03 21:36:37.0206 4360 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/05/03 21:36:37.0402 4360 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/03 21:36:37.0621 4360 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/03 21:36:37.0722 4360 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/03 21:36:37.0854 4360 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/03 21:36:37.0970 4360 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/03 21:36:38.0045 4360 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/03 21:36:38.0132 4360 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/03 21:36:38.0220 4360 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/03 21:36:38.0282 4360 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/03 21:36:38.0491 4360 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/03 21:36:38.0616 4360 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/03 21:36:38.0709 4360 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/03 21:36:38.0764 4360 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/03 21:36:38.0891 4360 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/05/03 21:36:38.0974 4360 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/03 21:36:39.0025 4360 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/03 21:36:39.0134 4360 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/03 21:36:39.0281 4360 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/03 21:36:39.0547 4360 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/03 21:36:39.0639 4360 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/03 21:36:39.0783 4360 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/03 21:36:39.0838 4360 PSI (db2e4fc8afb22525d90818a30f53ec11) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/05/03 21:36:39.0933 4360 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/03 21:36:40.0090 4360 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/03 21:36:40.0225 4360 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/03 21:36:40.0317 4360 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/03 21:36:40.0364 4360 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/03 21:36:40.0430 4360 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/03 21:36:40.0546 4360 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/03 21:36:40.0625 4360 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/03 21:36:40.0704 4360 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/03 21:36:40.0803 4360 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/03 21:36:40.0892 4360 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/03 21:36:40.0971 4360 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/03 21:36:41.0074 4360 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/03 21:36:41.0203 4360 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2011/05/03 21:36:41.0352 4360 rimsptsk (d0c2a0ce1091e08efb7ccba6cea4c3f9) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/05/03 21:36:41.0400 4360 risdptsk (c22e4e27ccdf9aa5fe8143104f28cde3) C:\Windows\system32\DRIVERS\risdptsk.sys
2011/05/03 21:36:41.0504 4360 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/03 21:36:41.0634 4360 RTL8192su (bbdc41e60d11358d73add11c2a06d431) C:\Windows\system32\DRIVERS\RTL8192su.sys
2011/05/03 21:36:41.0729 4360 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/03 21:36:41.0825 4360 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\Windows\system32\DRIVERS\emScan.sys
2011/05/03 21:36:41.0945 4360 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/03 21:36:42.0043 4360 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/03 21:36:42.0126 4360 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/03 21:36:42.0189 4360 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/03 21:36:42.0275 4360 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/03 21:36:42.0436 4360 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2011/05/03 21:36:42.0485 4360 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/03 21:36:42.0564 4360 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/03 21:36:42.0623 4360 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/03 21:36:42.0705 4360 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/03 21:36:42.0812 4360 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/03 21:36:42.0902 4360 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/03 21:36:42.0978 4360 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/03 21:36:43.0128 4360 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/03 21:36:43.0282 4360 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/03 21:36:43.0453 4360 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/03 21:36:43.0560 4360 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/03 21:36:43.0642 4360 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/03 21:36:43.0731 4360 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/03 21:36:43.0852 4360 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/03 21:36:43.0937 4360 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/03 21:36:44.0006 4360 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/03 21:36:44.0101 4360 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/03 21:36:44.0183 4360 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/03 21:36:44.0361 4360 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/03 21:36:44.0489 4360 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/03 21:36:44.0566 4360 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/03 21:36:44.0667 4360 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/03 21:36:44.0749 4360 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/03 21:36:44.0850 4360 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/03 21:36:44.0952 4360 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/03 21:36:45.0077 4360 TfFsMon (95746e5b1473432f3d9458940dba6e3a) C:\Windows\system32\drivers\TfFsMon.sys
2011/05/03 21:36:45.0156 4360 TfNetMon (02ffdd873e31c5c2d57ca87d11ec36af) C:\Windows\system32\drivers\TfNetMon.sys
2011/05/03 21:36:45.0193 4360 TfSysMon (f8bd92251ab439383c051ce907d78cce) C:\Windows\system32\drivers\TfSysMon.sys
2011/05/03 21:36:45.0335 4360 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/03 21:36:45.0423 4360 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/03 21:36:45.0475 4360 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/03 21:36:45.0541 4360 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/03 21:36:45.0631 4360 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/03 21:36:45.0797 4360 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/03 21:36:45.0896 4360 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/03 21:36:45.0963 4360 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/03 21:36:46.0054 4360 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/03 21:36:46.0117 4360 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/03 21:36:46.0316 4360 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/03 21:36:46.0429 4360 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/03 21:36:46.0517 4360 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/03 21:36:46.0617 4360 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/03 21:36:46.0674 4360 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/03 21:36:46.0739 4360 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/03 21:36:46.0824 4360 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/03 21:36:46.0944 4360 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/03 21:36:47.0038 4360 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/03 21:36:47.0103 4360 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/03 21:36:47.0183 4360 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/03 21:36:47.0376 4360 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/03 21:36:47.0451 4360 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/03 21:36:47.0542 4360 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/03 21:36:47.0599 4360 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/03 21:36:47.0657 4360 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/03 21:36:47.0710 4360 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/03 21:36:47.0803 4360 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/03 21:36:47.0885 4360 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/03 21:36:47.0962 4360 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/03 21:36:48.0073 4360 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/03 21:36:48.0198 4360 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/03 21:36:48.0259 4360 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/03 21:36:48.0369 4360 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/03 21:36:48.0447 4360 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/03 21:36:48.0621 4360 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/05/03 21:36:48.0728 4360 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/03 21:36:48.0917 4360 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/03 21:36:49.0099 4360 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/03 21:36:49.0176 4360 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/03 21:36:49.0320 4360 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/03 21:36:49.0446 4360 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/03 21:36:49.0564 4360 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/05/03 21:36:49.0687 4360 ================================================================================
2011/05/03 21:36:49.0687 4360 Scan finished
2011/05/03 21:36:49.0687 4360 ================================================================================




Danke an die Experten!
Aloha

Alt 04.05.2011, 11:09   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL - Standard

Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.05.2011, 10:12   #9
alohawhite
 
Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL - Standard

Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL



Hallo Arne,

wieder bin ich spät dran. Habe versucht cofi.exe zum laufen zu bringen. Bei Start bekomme ich immer die Meldung "You appear to have a corrupt download. Please download a fresh copy of CpmboFix.exe" Habe deinen DL-Link versucht und direkt von der Seite.... Was tun?

Lg & Danke
Aloha

Alt 20.05.2011, 10:18   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL - Standard

Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL



Starte Windows neu, lösch die alte cofi.exe, lade CF neu als cofi.exe runter und probier es bitte nochmal.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.05.2011, 21:09   #11
alohawhite
 
Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL - Standard

Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL



Hi Arne, ich hoffe ja nun wirklich, dass Du nun keine Arbeit mehr mit mir hast....

#### Cofic.exe log ####Combofix Logfile:
Code:
ATTFilter
ComboFix 11-05-23.02 - Office 24.05.2011  21:04:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2938.1464 [GMT 2:00]
ausgeführt von:: c:\users\Office\Desktop\cofi.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\tcpview\tcpview.exe
c:\users\Office\AppData\Roaming\ACD Systems\ACDSee\ImageDB.ddf
c:\users\Office\AppData\Roaming\Adobe\plugs
c:\users\Office\AppData\Roaming\Adobe\shed
c:\users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
c:\users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk
c:\users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk
c:\windows\system\Vb40032.dll
c:\windows\system32\lxeains.dll
c:\windows\system32\paradise.dll
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-24 bis 2011-05-24  ))))))))))))))))))))))))))))))
.
.
2011-05-24 19:38 . 2011-05-24 19:39	--------	d-----w-	c:\users\Office\AppData\Local\temp
2011-05-24 19:38 . 2011-05-24 19:38	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2011-05-24 19:38 . 2011-05-24 19:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-24 18:43 . 2011-05-24 18:43	--------	d-----w-	c:\program files\CCleaner
2011-05-24 18:42 . 2011-05-09 20:46	6962000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{26A8F79D-6663-4D6A-9504-C070D6C9983C}\mpengine.dll
2011-05-20 06:42 . 2011-05-20 08:47	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 19:49 . 2011-05-17 19:49	--------	d-----w-	c:\programdata\Lexmark S300-S400 Series
2011-05-12 06:26 . 2011-04-07 12:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-04-28 21:51 . 2011-04-28 21:51	--------	d-----w-	c:\program files\iPod
2011-04-28 21:50 . 2011-04-28 21:52	--------	d-----w-	c:\program files\iTunes
2011-04-28 21:16 . 2011-04-28 21:16	--------	d-----w-	c:\program files\Bonjour
2011-04-28 20:53 . 2011-03-03 15:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-04-28 20:53 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 20:53 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 14:20 . 2011-04-06 14:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2011-03-16 18:56 . 2009-03-18 17:43	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-10 17:03 . 2011-04-15 15:10	1162240	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 15:10	1136640	----a-w-	c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 15:09	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-28 20:53	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 20:53	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 20:53	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 20:53	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-15 15:09	2041856	----a-w-	c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 15:10	86528	----a-w-	c:\windows\system32\dnsrslvr.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-27 262144]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 10:28	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0autocheck turegopt
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07	932288	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2010-05-05 13:18	148280	----a-w-	c:\program files\Lexmark S300-S400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-06 13:46	136176	----atw-	c:\users\Office\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark S300-S400 Series Fax Server]
2010-05-05 13:18	316072	----a-w-	c:\program files\Lexmark S300-S400 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxeamon.exe]
2010-05-05 13:18	770728	----a-w-	c:\program files\Lexmark S300-S400 Series\lxeamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 19:06	4351216	----a-w-	c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-07-03 06:06	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-02 17:08	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 11:31	81920	----a-w-	c:\windows\System32\PCLECoInst.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"LaunchList"=c:\program files\Pinnacle\Studio 11\LaunchList2.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TempRemove"="c:\crystal ball\CB Predictor\terminator.exe"
"TrayServer"=c:\program files\MAGIX\Video_deluxe_silver_Bild_de\TrayServer.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca109019b2bd0;Google Update Service (gupdate1ca109019b2bd0);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 133104]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe [2010-04-14 193192]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 133104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-20 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-20 353568]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-20 62752]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-11 337184]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-11 83232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-14 598696]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-06-27 299008]
S2 Realtek11nSU;Realtek11nSU;c:\program files\Sitecom\11n USB Wireless LAN Utility\RtlService.exe [2009-04-24 36864]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-03 104992]
S2 sesvc;ShadowExplorer Service;c:\program files\ShadowExplorer\sesvc.exe [2010-01-23 9216]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-19 411488]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-03-24 7808]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-05-26 515584]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 21:03]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 21:03]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3178056050-1462097278-2480878310-1003Core.job
- c:\users\Office\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-01 13:46]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3178056050-1462097278-2480878310-1003UA.job
- c:\users\Office\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-01 13:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: coupe.de\www
FF - ProfilePath - c:\users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\m7az4pnm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Hyperwords: {9A752782-D706-479b-98F8-3F66BF921692} - %profile%\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-24 21:39
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(764)
c:\program files\ThreatFire\TFWAH.dll
.
Zeit der Fertigstellung: 2011-05-24  22:02:39
ComboFix-quarantined-files.txt  2011-05-24 20:02
.
Vor Suchlauf: 6 Verzeichnis(se), 29.114.585.088 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 28.647.022.592 Bytes frei
.
- - End Of File - - 85A5736D6ECFF094B99A92AA680FF66A
         
--- --- ---

Alt 24.05.2011, 21:59   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL - Standard

Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.07.2011, 21:32   #13
alohawhite
 
Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL - Standard

Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL



Hallo Arne,

anbei das OSAM-Log und das MBRCheck.txt. Habe meine externe Festplatte erst drangehabt und bei MBRCheck "Found non-standard or infected MBR" gesehen. Diese Meldung kam nicht mehr als ich den MBRCheck nochmals laufen lies ohne externe Festplatte.

Danke für Deine Mühe

#### OSAM Log ####
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:22:58 on 03.07.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 5.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - turegopt  (File not found)

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3178056050-1462097278-2480878310-1003Core.job" - "Google Inc." - C:\Users\Office\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3178056050-1462097278-2480878310-1003UA.job" - "Google Inc." - C:\Users\Office\AppData\Local\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl
"ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Office\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Nokia USB Flashing Generic" (nmwcdnsuc) - ? - C:\Windows\System32\drivers\nmwcdnsuc.sys  (File not found)
"Nokia USB Flashing Phone Parent" (nmwcdnsu) - ? - C:\Windows\System32\drivers\nmwcdnsu.sys  (File not found)
"PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys
"regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys
"Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TfFsMon" (TfFsMon) - "PC Tools" - C:\Windows\System32\drivers\TfFsMon.sys
"TfKbMon" (TfKbMon) - ? - C:\Windows\System32\Drivers\TfKbMon.sys  (File not found)
"TfNetMon" (TfNetMon) - "PC Tools" - C:\Windows\system32\drivers\TfNetMon.sys
"TfSysMon" (TfSysMon) - "PC Tools" - C:\Windows\System32\drivers\TfSysMon.sys
"upperdev" (upperdev) - ? - C:\Windows\System32\DRIVERS\usbser_lowerflt.sys  (File not found)
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Adobe.Acrobat.ContextMenu" - ? -   (File not found | COM-object registry key not found)
{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001} "Allaire FTP & RDS" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office 2007\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{79BC0345-1015-11D2-A299-006008312725} "Studio.Project" - ? - C:\Program Files\Pinnacle\Studio 11\programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"NeoTrace It!" - ? - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Lexmark Symbolleiste" - ? - C:\Program Files\Lexmark Toolbar\toolband.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Lexmark Symbolleiste" - ? - C:\Program Files\Lexmark Toolbar\toolband.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Your Company Name" - C:\PROGRA~1\GOOGLE~1\BAE.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{D2C5E510-BE6D-42CC-9F61-E4F939078474} "Lexmark " - ? - C:\Program Files\Lexmark Printable Web\bho.dll
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} "Lexmark Symbolleiste" - ? - C:\Program Files\Lexmark Toolbar\toolband.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Google Update" - "Google Inc." - "C:\Users\Office\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe"
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"ThreatFire" - "PC Tools" - C:\Program Files\ThreatFire\TFTray.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - ? - C:\Windows\system32\AdobePDF.dll  (File not found)
"Fax Lexmark S300-S400 Series Port" - ? - C:\Windows\system32\LXEAPMON.DLL
"KM Language Monitor" - "KYOCERA MITA Corporation" - C:\Windows\system32\KMPJLMN.DLL
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"AAV UpdateService" (AAV UpdateService) - ? - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
"Adobe LM Service" (Adobe LM Service) - ? - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"VAIO Power Management" (VAIO Power Management) - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
"Brbvltlysvc" (Brbvltlysvc) - ? - C:\Windows\system32\drivers\Brbvltlysvc.sys  (File not found)
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca109019b2bd0)" (gupdate1ca109019b2bd0) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
"NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\Sony\Network Utility\NSUService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PACSPTISVR" (PACSPTISVR) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
"PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\Windows\system32\drivers\pclepci.sys
"Realtek Audio Service" (RtkAudioService) - "Realtek Semiconductor" - C:\Windows\RtkAudioService.exe
"Realtek11nSU" (Realtek11nSU) - "Realtek" - C:\Program Files\Sitecom\11n USB Wireless LAN Utility\RtlService.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"ShadowExplorer Service" (sesvc) - "www.shadowexplorer.com" - C:\Program Files\ShadowExplorer\sesvc.exe
"Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"ThreatFire" (ThreatFire) - "PC Tools" - C:\Program Files\ThreatFire\TFService.exe
"VAIO Content Folder Watcher" (VCFw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
"VAIO Content Metadata Intelligent Analyzing Manager" (VcmIAlzMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
"VAIO Content Metadata XML Interface" (VcmXmlIfHelper) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
"VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
"VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
"VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
"VAIO Media plus Content Importer" (SOHCImp) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
"VAIO Media plus Device Searcher" (SOHDs) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
"VAIO Media plus Digital Media Server" (SOHDms) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"GinaDLL" - ? - C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 03.07.2011, 21:34   #14
alohawhite
 
Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL - Standard

Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL



Und hier das txt des MBRCheck. DIe erwähnte externe Platte ist PhysicalDrive3

#### MBRCheck ####
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Sony Corporation
System Product Name: VGN-NS11M_S
Logical Drives Mask: 0x0290001c

Kernel Drivers (total 162):
0x82C18000 \SystemRoot\system32\ntkrnlpa.exe
0x82FD2000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80696000 \SystemRoot\system32\drivers\acpi.sys
0x806DC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E5000 \SystemRoot\system32\drivers\msisadrv.sys
0x806ED000 \SystemRoot\system32\drivers\pci.sys
0x80714000 \SystemRoot\System32\drivers\partmgr.sys
0x80723000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80726000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80730000 \SystemRoot\system32\drivers\volmgr.sys
0x8073F000 \SystemRoot\System32\drivers\volmgrx.sys
0x80789000 \SystemRoot\System32\drivers\mountmgr.sys
0x83202000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x832D0000 \SystemRoot\system32\drivers\fltmgr.sys
0x83302000 \SystemRoot\system32\drivers\fileinfo.sys
0x83312000 \SystemRoot\system32\drivers\TfSysMon.sys
0x83323000 \SystemRoot\system32\drivers\TfFsMon.sys
0x83334000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8333E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83801000 \SystemRoot\system32\drivers\ndis.sys
0x8390C000 \SystemRoot\system32\drivers\msrpc.sys
0x83937000 \SystemRoot\system32\drivers\NETIO.SYS
0x83A04000 \SystemRoot\System32\drivers\tcpip.sys
0x83AEE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AE07000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AF17000 \SystemRoot\system32\drivers\volsnap.sys
0x8AF50000 \SystemRoot\System32\Drivers\spldr.sys
0x8AF58000 \SystemRoot\System32\Drivers\mup.sys
0x8AF67000 \SystemRoot\System32\drivers\ecache.sys
0x8AF8E000 \SystemRoot\system32\drivers\disk.sys
0x8AF9F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AFC0000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AFD6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AFE1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8EE0A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8F4ED000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F58D000 \SystemRoot\System32\drivers\watchdog.sys
0x8F599000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F5A4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F5E2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x83972000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x833AF000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8F602000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8F989000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8F999000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8F9A7000 \SystemRoot\system32\DRIVERS\risdptsk.sys
0x8F9B8000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8F9D2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F9E5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x80799000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F9F0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F9F2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F9FD000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x83BD7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F5F1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8AFEA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F5FB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x807C4000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x805B2000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FA0F000 \SystemRoot\system32\DRIVERS\storport.sys
0x8FA50000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FA5B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FA72000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FA7D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FAA0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FAAF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FAC3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FAD8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FAE8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FAEA000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FB14000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
0x8FB42000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FB4C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FB59000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FB8E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90E06000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x91012000 \SystemRoot\system32\drivers\portcls.sys
0x9103F000 \SystemRoot\system32\drivers\drmk.sys
0x91064000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x910A1000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x9120B000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x912BF000 \SystemRoot\system32\drivers\modem.sys
0x912CC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x912D5000 \SystemRoot\System32\Drivers\Null.SYS
0x912DC000 \SystemRoot\System32\Drivers\Beep.SYS
0x912EC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x912F3000 \SystemRoot\System32\drivers\vga.sys
0x912FF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91320000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91328000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91330000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9133B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91349000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91352000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91368000 \SystemRoot\system32\DRIVERS\smb.sys
0x9137C000 \SystemRoot\system32\drivers\afd.sys
0x913C4000 \SystemRoot\System32\DRIVERS\netbt.sys
0x911A4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x911BA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x911C8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x913F6000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8FB9F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91200000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9120A000 \SystemRoot\system32\DRIVERS\DMICall.sys
0x911DB000 \SystemRoot\System32\Drivers\dfsc.sys
0x9140F000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x91436000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9144D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x9146E000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x91470000 \SystemRoot\system32\DRIVERS\RTL8192su.sys
0x9152C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x83B09000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x98C00000 \SystemRoot\System32\win32k.sys
0x91539000 \SystemRoot\System32\drivers\Dxapi.sys
0x91543000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98E20000 \SystemRoot\System32\TSDDD.dll
0x98E40000 \SystemRoot\System32\cdd.dll
0x91552000 \SystemRoot\system32\drivers\luafv.sys
0x9156D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xAFE03000 \SystemRoot\system32\drivers\spsys.sys
0xAFEB3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAFEC3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAFEED000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAFEF7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAFF0A000 \SystemRoot\system32\drivers\HTTP.sys
0xAFF77000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAFF94000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAFFAD000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAFFC2000 \SystemRoot\system32\drivers\mrxdav.sys
0x91584000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x915A3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAFFE3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB180D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB1835000 \SystemRoot\System32\DRIVERS\srv.sys
0xB189C000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xB192C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB3C01000 \SystemRoot\system32\drivers\peauth.sys
0xB3CDF000 \SystemRoot\system32\drivers\regi.sys
0xB3CE1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB3CEB000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB3CF7000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB3CFF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xB3D14000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xB3D26000 \??\C:\Windows\system32\drivers\TfNetMon.sys
0xB3D32000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB3D48000 \SystemRoot\system32\DRIVERS\psi_mf.sys
0xB3D4A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB3D5F000 \SystemRoot\System32\Drivers\fastfat.SYS
0xB3D87000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x98E50000 \SystemRoot\System32\ATMFD.DLL
0xB3DAC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB3DB5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB3DC5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x77C90000 \Windows\System32\ntdll.dll

Processes (total 93):
0 System Idle Process
4 System
532 C:\Windows\System32\smss.exe
664 C:\Windows\System32\csrss.exe
708 C:\Windows\System32\wininit.exe
720 C:\Windows\System32\csrss.exe
752 C:\Windows\System32\services.exe
768 C:\Windows\System32\lsass.exe
776 C:\Windows\System32\lsm.exe
824 C:\Windows\System32\winlogon.exe
972 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\audiodg.exe
1380 C:\Windows\System32\SLsvc.exe
1472 C:\Windows\System32\svchost.exe
1596 C:\Windows\RTKAUDIOSERVICE.EXE
1680 C:\Windows\System32\svchost.exe
1844 C:\Windows\System32\spoolsv.exe
1868 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1880 C:\Windows\System32\svchost.exe
304 C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
340 C:\Windows\System32\wlanext.exe
348 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
540 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
628 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
724 C:\Program Files\Bonjour\mDNSResponder.exe
960 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
1200 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1296 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1280 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
636 C:\Windows\System32\lxeacoms.exe
2088 C:\Program Files\Sony\Network Utility\NSUService.exe
2180 C:\Windows\System32\svchost.exe
2196 C:\Windows\System32\svchost.exe
2208 C:\Program Files\Sitecom\11n USB Wireless LAN Utility\RtlService.exe
2244 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2256 C:\Program Files\Sitecom\11n USB Wireless LAN Utility\RtWLan.exe
2300 C:\Program Files\ShadowExplorer\sesvc.exe
2440 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2452 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2484 C:\Windows\System32\svchost.exe
2508 C:\Program Files\ThreatFire\TFService.exe
2580 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
2624 C:\Program Files\Sony\VAIO Power Management\SPMService.exe
2684 C:\Windows\System32\dllhost.exe
2716 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
2736 C:\Windows\System32\svchost.exe
2768 C:\Windows\System32\SearchIndexer.exe
2852 C:\Windows\System32\drivers\XAudio.exe
3140 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
3224 C:\Windows\System32\WUDFHost.exe
3304 C:\Windows\System32\dllhost.exe
3356 C:\Windows\System32\igfxext.exe
3396 C:\Windows\System32\igfxsrvc.exe
3436 C:\Windows\System32\wbem\WmiPrvSE.exe
4060 C:\Windows\System32\taskeng.exe
3944 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\dwm.exe
2924 C:\Windows\explorer.exe
584 C:\Windows\System32\taskeng.exe
3444 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
4100 C:\Windows\System32\igfxsrvc.exe
4128 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4152 C:\Windows\System32\wuauclt.exe
4172 C:\Windows\System32\hkcmd.exe
4180 C:\Windows\System32\igfxpers.exe
4188 C:\Program Files\ThreatFire\TFTray.exe
4196 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4252 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4268 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4280 C:\Program Files\Sony\Network Utility\LANUtil.exe
4308 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4332 C:\Windows\System32\taskeng.exe
4580 C:\Program Files\Secunia\PSI\psi.exe
4660 C:\Program Files\Windows Media Player\wmpnscfg.exe
4880 C:\Windows\System32\wbem\unsecapp.exe
5596 C:\Program Files\Skype\Plugin Manager\skypePM.exe
4120 C:\Program Files\Internet Explorer\ieuser.exe
5896 C:\Program Files\Internet Explorer\iexplore.exe
1152 C:\Program Files\Mozilla Firefox\firefox.exe
4496 C:\Program Files\Mozilla Firefox\plugin-container.exe
1536 C:\Windows\explorer.exe
4668 C:\Windows\System32\conime.exe
4692 C:\Users\Office\Downloads\osam_autorun_manager_5_0_portable\osam.exe
4392 C:\Windows\System32\SearchProtocolHost.exe
5192 C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6002.18005_none_3d746908b76294a3\SearchFilterHost.exe
4640 C:\Windows\System32\dllhost.exe
1768 C:\Windows\System32\dllhost.exe
1940 C:\Users\Office\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`fdf00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`7c400000 (NTFS)
\\.\U: --> \\.\PhysicalDrive3 at offset 0x00000000`00100000 (FAT32)

PhysicalDrive0 Model Number: SAMSUNGHM251JI, Rev: 2SS00_03
PhysicalDrive3 Model Number: SAMSUNGHM320JI, Rev:

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
298 GB \\.\PhysicalDrive3 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Alt 04.07.2011, 08:34   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL - Standard

Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL



GMER ging nicht? Hattest du 6 Wochen keine Zeit?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL
0x00000001, alternate, antivir, avgntflt.sys, avira, bho, bildschirm, bonjour, data restore, error, excel.exe, firefox, flash player, frage, google earth, helper, heuristics.reserved.word.exploit, home, install.exe, jdownloader, location, microsoft office 2003, microsoft office word, mozilla, mp3, msiinstaller, office 2007, otl scan, otl.exe, plug-in, realtek, registry, saver, scan, sched.exe, searchplugins, secunia psi, security, security update, senden, server, shadowexplorer, shell32.dll, shortcut, skype.exe, software, start menu, studio, svchost.exe, system, usb, vista, windows




Ähnliche Themen: Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL


  1. Trojan.Ransom nach Entfernung von GVU-Trojaner über Malwarebyte entdeckt
    Plagegeister aller Art und deren Bekämpfung - 28.10.2012 (12)
  2. Data Recovery - Entfernung fehlerhaft?
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)
  3. Nach Windows-Recovery-Entfernung: Fehlermeldung (404) beim Surfen
    Log-Analyse und Auswertung - 11.07.2011 (31)
  4. Nach Entfernung von Windows Recovery Virus noch Reste in der Registry
    Plagegeister aller Art und deren Bekämpfung - 09.07.2011 (9)
  5. Windows Recovery Entfernung unvollständig
    Log-Analyse und Auswertung - 08.07.2011 (32)
  6. Nach Entfernung von Vista Recovery: Daten weg (?)
    Plagegeister aller Art und deren Bekämpfung - 14.06.2011 (3)
  7. Vista: Nach Entfernung des Trojaners Windows Recovery leerer Desktop
    Plagegeister aller Art und deren Bekämpfung - 14.06.2011 (1)
  8. Problem nach entfernung des Windows Recovery Virus :(
    Plagegeister aller Art und deren Bekämpfung - 11.06.2011 (5)
  9. Folgeerscheinungen nach Windows XP Recovery-Befall
    Log-Analyse und Auswertung - 08.06.2011 (14)
  10. Wiederherstellung nach Windows Recovery unvollständig
    Plagegeister aller Art und deren Bekämpfung - 03.06.2011 (17)
  11. Nach wie vor Probleme mit Windows Recovery
    Plagegeister aller Art und deren Bekämpfung - 23.05.2011 (1)
  12. Rechner hängt sich bei GMER seit "Entfernung" von Windows Recovery auf
    Plagegeister aller Art und deren Bekämpfung - 03.05.2011 (23)
  13. Leerer Desktop nach Entfernung von Windows Recovery durch Malewarebytes
    Log-Analyse und Auswertung - 01.05.2011 (7)
  14. Computer startet nicht nach Entfernung von Windows Recovery Virus
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (38)
  15. Windows Recovery Proplem nach Löschung
    Alles rund um Windows - 19.04.2011 (7)
  16. Problem nach windows recovery virus
    Plagegeister aller Art und deren Bekämpfung - 13.04.2011 (5)
  17. Nach Entfernung von Windows Recovery sind Dateien unsichtbar
    Plagegeister aller Art und deren Bekämpfung - 23.03.2011 (1)

Zum Thema Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL - Hallo Experten, ich habe mir "Windows Recovery" eingefangen und habe zum Glück Euer Posting zur Entfernung hier im Forum gefunden ( http://www.trojaner-board.de/96741-w...entfernen.html ). Ich bin so vorgegangen wie Ihr dort - Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL...
Archiv
Du betrachtest: Windows Recovery: Desktopprobleme nach Entfernung mit Malwarebyte und OTL auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.