Vista Anti-Spyware 2011. Komplett entfernt?

Fille · 06.05.2011, 22:51

Hallo zusammen,
ich hatte mir vorgestern die Malware "Vista Anti-Spyware 2011" eingefangen mit allen Symptomen, die hier beschrieben werden: http://www.trojaner-board.de/92802-x...entfernen.html
Nachdem ich nun heute endlich Zugang zu einem anderen Computer mit Internetanschluss habe, habe ich das Tool "rkill.com" mit diesem heruntergeladen und auf dem befallenen Computer ausgeführt. Das hat auch prompt alle offensichtlichen Symptome des "Vista Anti-Spyware 2011" gestoppt, d.h. keine Fake-Virenmeldungen etc. mehr und Surfen über die Browser ist wieder möglich.
Danach habe ich Malwarebytes Anti-Malware installiert, aktualisiert und einen "Vollständigen Suchlauf" durchlaufen lassen, mit folgendem Ergebnis:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6520

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

06.05.2011 21:33:12
mbam-log-2011-05-06 (21-33-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 341889
Laufzeit: 2 Stunde(n), 42 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\AdVantage (Adware.Vomba) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Standard\AppData\Local\ffl.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Standard\AppData\Local\ffl.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Standard\AppData\Local\ffl.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Standard\AppData\Local\ffl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Meine Frage ist nun, ob ich wieder unbekümmert Sachen wie online-Banking betreiben kann, oder ob ich vorher noch weitere Schritte unternehmen sollte!
PS: Als weiteres Anti-Viren Programm verwende ich Avira Anti-Vir Personal.

Vielen Dank für Eure Hilfe!!
Fille

Swisstreasure · 07.05.2011, 00:36

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.

Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

ATTFilter

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

Fille · 07.05.2011, 12:59

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.05.2011 12:42:29 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Standard\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,96 Gb Total Space | 28,22 Gb Free Space | 20,60% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,30 Gb Free Space | 63,04% Space Free | Partition Type: NTFS
 
Computer Name: XPS-1210 | User Name: Standard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.07 12:40:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
PRC - [2011.04.29 09:58:39 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.16 20:56:26 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.03 21:32:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\Programme\mysql\xampp\mysql\bin\mysqld.exe
PRC - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\Programme\mysql\xampp\apache\bin\httpd.exe
PRC - [2009.06.03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.06.03 14:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.11 19:23:16 | 000,738,336 | ---- | M] (EnTech Taiwan) -- C:\Programme\PowerStrip\PStrip.exe
PRC - [2009.01.12 02:52:00 | 000,354,304 | ---- | M] ((C) Michael Schiel) -- C:\Programme\TrayBackup\traybackup.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 08:33:12 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007.04.03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007.02.08 06:11:04 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007.02.06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2006.11.12 02:19:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Programme\DellSupport\DSAgnt.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.07 12:40:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2007.02.06 17:45:14 | 000,092,960 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.29 09:58:39 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.16 20:56:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\Program Files\mysql\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\mysql\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009.06.03 14:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.04.03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.02.06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007.02.06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006.11.07 13:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.16 20:56:27 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.23 19:14:58 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.28 00:16:50 | 000,020,856 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\HWDiag\bin\pcdsrvc.pkms -- (PCDSRVC{A762A74B-20E584C3-06000000}_0)
DRV - [2007.10.14 15:47:49 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007.07.23 12:05:53 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2007.07.15 02:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | System | Running] -- C:\Windows\System32\drivers\pstrip.sys -- (PStrip)
DRV - [2007.04.03 15:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.03.19 15:25:36 | 000,188,576 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2007.02.08 06:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.02.06 17:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007.02.06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007.02.06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007.01.31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007.01.09 01:52:34 | 001,085,216 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Dell Notebooks(UVC)
DRV - [2007.01.09 01:52:34 | 000,021,536 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007.01.09 01:52:22 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.01.09 01:52:00 | 000,065,824 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2007.01.09 01:51:48 | 001,512,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006.11.20 20:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.20 20:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.11.20 20:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.12 00:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.10.30 18:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.10.05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006.08.17 15:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Programme\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Personalisierte Startseite
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local localhost
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 20:14:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.04 21:23:37 | 000,000,000 | ---D | M]
 
[2009.01.09 23:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions
[2011.03.30 20:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\wb2hhwtg.default\extensions
[2010.02.27 20:01:30 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\wb2hhwtg.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.07.27 21:31:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\wb2hhwtg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.19 17:28:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\wb2hhwtg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.02.27 20:52:04 | 000,001,201 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\wb2hhwtg.default\searchplugins\winamp-search.xml
[2011.04.25 21:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2007.05.01 13:14:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007.10.14 15:53:28 | 000,000,000 | ---D | M] (AdVantage) -- C:\Programme\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}
[2010.08.25 22:09:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.04.25 21:21:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.04.25 21:21:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.30 20:14:54 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.04.25 21:20:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2007.10.13 09:09:54 | 000,000,703 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.png
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [TrayBackup] C:\Program Files\TrayBackup\traybackup.exe ((C) Michael Schiel)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk = C:\Programme\PowerStrip\PStrip.exe (EnTech Taiwan)
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Standard\Documents\desktop.jpg
O24 - Desktop BackupWallPaper: C:\Users\Standard\Documents\desktop.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.08.26 15:45:07 | 000,000,073 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.08.26 15:45:07 | 000,000,024 | -HS- | M] () - C:\AUTOEXEC.OLD -- [ NTFS ]
O33 - MountPoints2\{36de53c3-3e47-11de-a12d-00188bb80c8a}\Shell\AutoRun\command - "" = cache\tmp983.exe
O33 - MountPoints2\{36de53c3-3e47-11de-a12d-00188bb80c8a}\Shell\oPEN\coMmaNd - "" = cache\tmp983.exe
O33 - MountPoints2\{456f93f1-5f17-11de-8146-00188bb80c8a}\Shell\AutoRun\command - "" = G:\cache\tmp983.exe
O33 - MountPoints2\{456f93f1-5f17-11de-8146-00188bb80c8a}\Shell\oPEN\coMmaNd - "" = G:\cache\tmp983.exe
O33 - MountPoints2\{456f93fc-5f17-11de-8146-00188bb80c8a}\Shell\AutoRun\command - "" = G:\cache\tmp983.exe
O33 - MountPoints2\{456f93fc-5f17-11de-8146-00188bb80c8a}\Shell\oPEN\coMmaNd - "" = G:\cache\tmp983.exe
O33 - MountPoints2\{5231dab4-a14f-11dd-9ae2-00188bb80c8a}\Shell - "" = AutoRun
O33 - MountPoints2\{5231dab4-a14f-11dd-9ae2-00188bb80c8a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{a1e520a7-364f-11de-9b86-00188bb80c8a}\Shell\AutoRun\command - "" = G:\Menu.exe
O33 - MountPoints2\{af124ae0-62ed-11de-8cb3-00188bb80c8a}\Shell - "" = AutoRun
O33 - MountPoints2\{af124ae0-62ed-11de-8cb3-00188bb80c8a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b19bd2e0-e43b-11de-b36d-00197dfd8fcf}\Shell - "" = AutoRun
O33 - MountPoints2\{b19bd2e0-e43b-11de-b36d-00197dfd8fcf}\Shell\AutoRun\command - "" = K:\LaunchU3.exe
O33 - MountPoints2\{c814e384-4895-11de-a0f3-00188bb80c8a}\Shell - "" = AutoRun
O33 - MountPoints2\{c814e384-4895-11de-a0f3-00188bb80c8a}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{cad39f7d-7a64-11dc-9137-00188bb80c8a}\Shell - "" = AutoRun
O33 - MountPoints2\{cad39f7d-7a64-11dc-9137-00188bb80c8a}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{cdbbfe6b-ecf7-11db-8d49-00188bb80c8a}\Shell - "" = AutoRun
O33 - MountPoints2\{cdbbfe6b-ecf7-11db-8d49-00188bb80c8a}\Shell\AutoRun\command - "" = K:\LaunchU3.exe
O33 - MountPoints2\{f61a19fc-a13d-11de-b390-00188bb80c8a}\Shell - "" = AutoRun
O33 - MountPoints2\{f61a19fc-a13d-11de-b390-00188bb80c8a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.07 12:40:35 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
[2011.05.06 18:18:27 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Malwarebytes
[2011.05.06 18:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.06 18:18:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.06 18:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.06 18:18:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.06 18:18:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.04 20:32:23 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Avira
[2011.05.04 20:27:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.25 21:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.04.21 15:41:16 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\Edinburgh lösch
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.07 12:40:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
[2011.05.07 12:34:51 | 000,007,099 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\PStrip.ini
[2011.05.07 12:34:43 | 000,007,099 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\PStrip.bak
[2011.05.07 12:32:57 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.07 12:32:39 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.07 12:32:39 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.07 12:32:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.07 12:32:29 | 2672,009,216 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.07 12:32:26 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011.05.07 00:33:17 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.05.07 00:32:44 | 000,007,122 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\PStrip.bk!
[2011.05.07 00:20:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.06 21:41:41 | 000,007,099 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\PStrip.bko
[2011.05.06 18:15:02 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1BEF6FF0-01D0-4690-9575-D43CBC4B25C2}.job
[2011.05.06 18:13:53 | 000,013,014 | -HS- | M] () -- C:\ProgramData\00m7424w3832ote4332pyh8
[2011.05.06 18:13:52 | 000,013,014 | -HS- | M] () -- C:\Users\Standard\AppData\Local\00m7424w3832ote4332pyh8
[2011.05.05 03:00:00 | 000,000,486 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
[2011.05.04 22:58:55 | 276,909,777 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.05.04 20:39:18 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.04 20:39:17 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.04 20:39:17 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.04 20:39:16 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.04 20:31:10 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.05.03 20:22:57 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.04.13 08:15:01 | 000,395,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011.05.04 20:29:43 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.05.04 20:29:42 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.05.04 20:22:37 | 000,013,014 | -HS- | C] () -- C:\Users\Standard\AppData\Local\00m7424w3832ote4332pyh8
[2011.05.04 20:22:37 | 000,013,014 | -HS- | C] () -- C:\ProgramData\00m7424w3832ote4332pyh8
[2010.05.13 09:32:33 | 000,010,584 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\docXConverter (3).ini
[2010.05.13 09:32:33 | 000,000,132 | -H-- | C] () -- C:\Users\Standard\AppData\Roaming\lakerda1967.sys
[2010.04.02 16:43:20 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.04.02 16:42:17 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.04.02 16:42:14 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.10.20 19:31:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.20 19:31:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.11 10:31:11 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2009.08.10 23:54:37 | 000,016,467 | ---- | C] () -- C:\Windows\scunin.dat
[2009.07.29 19:22:56 | 000,007,099 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\PStrip.bko
[2009.07.29 09:19:39 | 000,007,122 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\PStrip.bk!
[2009.07.29 09:19:34 | 000,007,099 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\PStrip.bak
[2009.07.27 15:45:34 | 000,007,099 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\PStrip.ini
[2009.07.27 15:40:39 | 000,000,065 | ---- | C] () -- C:\Windows\wininit.ini
[2009.07.22 16:49:30 | 000,004,096 | -H-- | C] () -- C:\Users\Standard\AppData\Local\keyfile3.drm
[2009.06.09 22:59:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.01.17 12:55:58 | 000,002,474 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\SAS7_000.DAT
[2009.01.17 12:36:33 | 000,122,880 | ---- | C] () -- C:\Windows\System32\trc.dll
[2009.01.17 12:36:20 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dsp_trc.dll
[2009.01.06 23:58:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2007.10.02 12:02:57 | 000,000,680 | ---- | C] () -- C:\Users\Standard\AppData\Local\d3d9caps.dat
[2007.09.21 23:03:50 | 000,000,000 | ---- | C] () -- C:\Windows\plclient.INI
[2007.08.26 15:43:59 | 000,000,139 | ---- | C] () -- C:\Windows\asym.ini
[2007.05.01 13:14:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.04.10 09:03:11 | 000,000,748 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.04.10 08:59:30 | 000,068,096 | ---- | C] () -- C:\Users\Standard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.04 02:21:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2007.04.04 02:21:39 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007.04.04 02:21:39 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.04.04 02:21:20 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.04 02:21:10 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.04.04 02:21:07 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007.04.03 18:29:11 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.04.03 15:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007.02.06 17:45:04 | 000,025,632 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007.02.06 17:42:40 | 001,691,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006.12.12 10:13:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2006.12.12 09:02:50 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006.11.15 19:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.07 20:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 16:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,395,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2008.07.14 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Canon
[2009.11.10 16:57:52 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\EndNote
[2010.02.28 20:38:30 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\GoodSync
[2009.06.27 09:09:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Nuance
[2009.05.17 16:04:17 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Nvu
[2010.06.16 20:41:29 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\OpenOffice.org
[2009.07.21 15:00:39 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\ProtectDisc
[2007.05.31 10:32:17 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\ratiopharm
[2007.04.10 12:13:44 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\TrueCrypt
[2011.02.14 02:00:58 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
[2011.05.05 03:00:00 | 000,000,486 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
[2011.05.07 00:33:18 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.06 18:15:02 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1BEF6FF0-01D0-4690-9575-D43CBC4B25C2}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2007.08.26 15:45:07 | 000,000,073 | ---- | M] () -- C:\autoexec.bat
[2007.08.26 15:45:07 | 000,000,024 | -HS- | M] () -- C:\AUTOEXEC.OLD
[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006.11.15 19:24:51 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007.04.04 02:21:49 | 000,004,278 | RH-- | M] () -- C:\dell.sdr
[2011.05.07 12:32:29 | 2672,009,216 | -HS- | M] () -- C:\hiberfil.sys
[2007.08.26 15:43:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007.08.26 15:43:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.05.07 12:32:24 | 2987,876,352 | -HS- | M] () -- C:\pagefile.sys
[2011.05.06 18:17:04 | 000,000,370 | ---- | M] () -- C:\rkill.log
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010.07.18 15:08:06 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.11.02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2003.06.18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009.06.08 15:41:12 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.19 08:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Standard\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.15 15:32:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Standard\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2007.11.15 15:32:08 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Standard\AppData\Local\Temp\RarSFX0\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-06 17:19:18
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Documents\Voice Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Documents\verena:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Documents\prolactin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Documents\My Shapes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Documents\My PSP Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Documents\My EndNote Library.Data:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Documents\lautsprecher verena:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Documents\gutachten:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Documents\geschichte zusammenfassungen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Documents\geriatrie:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Documents\docXConverter logs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Documents\desktop.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Documents\bvmd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Desktop\Westernblots:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Desktop\spiele:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Desktop\sicherung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Desktop\Roofgraft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Desktop\pädiatrie:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Desktop\OpenOffice.org 3.2 (de) Installation Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Desktop\mp3sicherung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Desktop\Medizin-Dateien alt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Desktop\fotos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Desktop\Edinburgh lösch:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Standard\Desktop\downloads:Roxio EMC Stream
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:F35A93AD

< End of report >

--- --- ---

Fille · 07.05.2011, 13:00

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 07.05.2011 12:42:29 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Standard\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,96 Gb Total Space | 28,22 Gb Free Space | 20,60% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,30 Gb Free Space | 63,04% Space Free | Partition Type: NTFS
 
Computer Name: XPS-1210 | User Name: Standard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0539A5B2-0687-4FE5-8721-F12C7FA28CAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1102A68E-9359-4A4B-B211-5F5C4E2D7A16}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{34B32E22-FC08-4420-AA1D-D9682CA89C72}" = lport=138 | protocol=17 | dir=in | app=system | 
"{43B63950-4B7A-4757-B81C-BFF8B065F96D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4C84BE03-0905-4C3B-88A0-9D3CC115D04B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4E1D2D79-8E13-4BC0-9936-BC14F87D0FB4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6D43E61A-98B4-45AE-8CD6-20CDA976D02A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7ECC07B5-6157-4AF8-9297-4B6788A6118B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{80530C15-57B5-471A-B71C-C7B47FE36DD5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{849593D5-87C1-4DA7-8D66-1BD53AB01547}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9101BABB-0D24-46E3-88C2-FFF0641E8481}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9C6D717E-8359-4DAF-BC7E-04410CFB57A5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A4F8ACD3-B44C-4C60-B1FF-C0763ECC7E9F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A9DAF478-20C6-44B3-A3B2-0EB93A40E413}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B2AE8262-ED8D-4A55-B27F-8EE4C501D97B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CDEE06D9-8699-4678-8142-C032B3D0AB2B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D6357CD7-E80A-4233-A679-4E4CA4560AE4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D65C0AF4-5BA0-4FAE-8C11-CB3DA6C56027}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{124E0D46-539C-4EF5-8A83-A4AF9F8EFD61}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1A97FFBA-C913-408C-9EB1-BF5876CAFB04}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{2BD000B1-F1D7-4D56-8136-1DF15DC8AC43}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{33822A9E-BB75-4FC3-A780-1F5B692618AF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{35DBE14F-2FD5-4107-9759-A6A30ED6AF6C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{50075462-62F5-46AC-B21B-4C08E1391FE0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{540554B6-A450-4320-AD93-143BFC7081C8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{5EEB8A14-208B-4A9D-9456-A84EB7E5047D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6145F4F1-7271-49AC-B04D-60EBD4E5D16E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{80C24A1C-061B-4443-9AEE-ED16D9942848}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{885FBBE2-1C66-4C09-8229-B30530B36E2A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B70E8F63-262B-4CC7-AE07-DF1B90423228}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{D00A49C6-14D3-4F67-B49B-6F0CFAF1490D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{D43194B2-C9BA-42AD-AE6F-F9C203722E3D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{0FC07684-6C3C-46B4-B31A-96FA8DA43B20}C:\program files\mysql\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\program files\mysql\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{173C045B-B6DE-4AAC-8A96-BD0F81DD35F9}C:\users\standard\desktop\spiele\c%c2\ra95.exe" = protocol=6 | dir=in | app=c:\users\standard\desktop\spiele\c%c2\ra95.exe | 
"TCP Query User{3550D254-48C7-4318-97CC-F4E78EFDC781}C:\users\standard\desktop\spiele\c%c2\ra95.exe" = protocol=6 | dir=in | app=c:\users\standard\desktop\spiele\c%c2\ra95.exe | 
"TCP Query User{3D696A07-DA9E-46C7-801C-CF7B506061C3}C:\users\standard\desktop\spiele\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\users\standard\desktop\spiele\starcraft\starcraft.exe | 
"TCP Query User{4FFA7FBF-3F10-4C3C-83FC-3960BC4E3EE7}C:\users\standard\desktop\spiele\c%c2\ra95.exe" = protocol=6 | dir=in | app=c:\users\standard\desktop\spiele\c%c2\ra95.exe | 
"TCP Query User{695D534E-09BD-4535-ABEA-E05462C41838}C:\users\standard\desktop\spiele\c%c2\ra95.exe" = protocol=6 | dir=in | app=c:\users\standard\desktop\spiele\c%c2\ra95.exe | 
"TCP Query User{7727CA7D-2EF5-4741-8536-0CDAFC991A7E}C:\program files\mysql\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files\mysql\xampp\apache\bin\httpd.exe | 
"TCP Query User{8A66EF3D-3917-497E-B235-A37536935944}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{93AF16B3-1674-46D5-AF0C-5167B9987E53}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{A1FC97CA-DFC2-4033-9C52-53630A873178}C:\users\standard\desktop\spiele\c%c2\ra95.exe" = protocol=6 | dir=in | app=c:\users\standard\desktop\spiele\c%c2\ra95.exe | 
"TCP Query User{E2958345-B439-4448-85E2-C754A697666B}C:\users\standard\desktop\spiele\c%c2\ra95.exe" = protocol=6 | dir=in | app=c:\users\standard\desktop\spiele\c%c2\ra95.exe | 
"UDP Query User{5807127F-92B9-4BDC-A697-1FD57D2E4CFA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{A96BC431-894B-419D-ADA6-CDFCC46353F4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{C0EE734A-1C10-43A0-92CF-2E338DFCE832}C:\users\standard\desktop\spiele\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\users\standard\desktop\spiele\starcraft\starcraft.exe | 
"UDP Query User{CCDDDACF-E46B-4FDF-8641-88831B95FB2F}C:\program files\mysql\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\program files\mysql\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{FAA5A9D1-C31E-40C0-A3A3-0340A5F1576B}C:\program files\mysql\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files\mysql\xampp\apache\bin\httpd.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88A385D7-2E56-403E-AEBD-FEBEB1359381}_is1" = CellProfiler Analyst 2.0_r9435
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D52E0F9-17A0-493B-8692-937381DDB62B}" = SimCity 2000
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{96424CA6-13E3-4518-98AA-7CEC0BE0D439}" = mediscript Hammerexamen
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AdVantage_DAEM" = AdVantage (Powering DAEMON Tools)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HistoTutor" = HistoTutor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mediscript-CD GK1" = Mediscript-CD GK1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Nvu_is1" = Nvu 1.0
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera-Treiber
"Red Alert" = Red Alert Windows 95
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Starcraft" = Starcraft
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tiberian Sun" = Command & Conquer Tiberian Sun
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"WhenUSearch" = DAEMON Tools SearchBar
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.05.2011 13:09:15 | Computer Name = XPS-1210 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WINWORD.EXE, Version 11.0.5604.0, Zeitstempel
 0x3f314a2f, fehlerhaftes Modul WINWORD.EXE, Version 11.0.5604.0, Zeitstempel 0x3f314a2f,
 Ausnahmecode 0xc0000005, Fehleroffset 0x001a960f,  Prozess-ID 0x1b24, Anwendungsstartzeit
 01cc081fd0326642.
 
Error - 01.05.2011 13:13:59 | Computer Name = XPS-1210 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WINWORD.EXE, Version 11.0.5604.0, Zeitstempel
 0x3f314a2f, fehlerhaftes Modul mso.dll, Version 11.0.5606.0, Zeitstempel 0x3f334cce,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0002a058,  Prozess-ID 0x1b24, Anwendungsstartzeit
 01cc081fd0326642.
 
Error - 01.05.2011 13:17:54 | Computer Name = XPS-1210 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WINWORD.EXE, Version 11.0.5604.0, Zeitstempel
 0x3f314a2f, fehlerhaftes Modul WINWORD.EXE, Version 11.0.5604.0, Zeitstempel 0x3f314a2f,
 Ausnahmecode 0xc0000005, Fehleroffset 0x001a960f,  Prozess-ID 0xd28, Anwendungsstartzeit
 01cc08232cdce7a2.
 
Error - 02.05.2011 10:39:17 | Computer Name = XPS-1210 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.05.2011 10:39:17 | Computer Name = XPS-1210 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.05.2011 15:02:11 | Computer Name = XPS-1210 | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 11.0.5604.0 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 26a8  Anfangszeit: 01cc08f65006aece  Zeitpunkt der
 Beendigung: 31
 
Error - 03.05.2011 15:09:51 | Computer Name = XPS-1210 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.05.2011 15:09:51 | Computer Name = XPS-1210 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.05.2011 17:27:17 | Computer Name = XPS-1210 | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 11.0.5604.0 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 106c  Anfangszeit: 01cc09c64d58512d  Zeitpunkt der
 Beendigung: 137
 
Error - 04.05.2011 13:16:17 | Computer Name = XPS-1210 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 04.05.2011 17:59:05 | Computer Name = XPS-1210 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 04.05.2011 um 22:46:23 unerwartet heruntergefahren.
 
Error - 05.05.2011 12:34:13 | Computer Name = XPS-1210 | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 05.05.2011 12:39:09 | Computer Name = XPS-1210 | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 05.05.2011 12:39:09 | Computer Name = XPS-1210 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.05.2011 17:55:58 | Computer Name = XPS-1210 | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 06.05.2011 13:13:43 | Computer Name = XPS-1210 | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 06.05.2011 13:14:44 | Computer Name = XPS-1210 | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 06.05.2011 13:14:49 | Computer Name = XPS-1210 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.05.2011 16:34:08 | Computer Name = XPS-1210 | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 06.05.2011 19:33:10 | Computer Name = XPS-1210 | Source = Service Control Manager | ID = 7024
Description = 
 
 
< End of report >

--- --- ---

Fille · 07.05.2011, 13:45

Vielen Dank schonmal für die Hilfe. Leider stürzt GMER beim Scannen bei mir immer ab mit der Windows-Fehler-Meldung "Das Programm funktioniert nicht mehr". Das passiert immer während in der unteren Zeile gerade "devices\HarddiskVolumeShadowCopy1" steht. Das WLAN ist deaktiviert, Avira Antivir ist deaktiviert. Im abgesicherten Modus von Windows Vista passiert das gleiche.

Hier auf jeden Fall schon mal der Code vom Kurz-Scan-Durchlauf, der automatisch bei Starten von GMER erfolgt:

Zitat:

GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit quick scan 2011-05-07 13:16:49
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160821AS rev.3.CDD
Running: cmo4qfv1.exe; Driver: C:\Users\Standard\AppData\Local\Temp\pfdiipow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Wie soll ich weiter vorgehen? Gibt es ein Alternativ-Programm?
Nochmals vielen Dank für Eure Hilfe!
Fille

PS: Leider kann ich zurzeit meinen Computer nicht formatieren und Windows neu aufsetzen, da ich noch für weitere 6 Wochen im Ausland bin und die Recovery-CD sowie die Programm-CDs alle zuhause in Deutschland habe

Swisstreasure · 07.05.2011, 16:06

Schritt 1

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).

Schließe alle Browserfenster.
Doppelklicke die JavaRa.exe, um das Programm zu starten.
Die Sprache auswählen, nimm Englisch und klicke "Select".
Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und [b]Remove Sun Download Manager[b].
Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
Rechner neu starten.

Downloade nun Java (Java Runtime Environment (JRE) 6 Update 25) von Oracle und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.

Schritt 2

Fixen mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: []  File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O33 - MountPoints2\{36de53c3-3e47-11de-a12d-00188bb80c8a}\Shell\AutoRun\command - "" = cache\tmp983.exe
O33 - MountPoints2\{36de53c3-3e47-11de-a12d-00188bb80c8a}\Shell\oPEN\coMmaNd - "" = cache\tmp983.exe
O33 - MountPoints2\{456f93f1-5f17-11de-8146-00188bb80c8a}\Shell\AutoRun\command - "" = G:\cache\tmp983.exe
O33 - MountPoints2\{456f93f1-5f17-11de-8146-00188bb80c8a}\Shell\oPEN\coMmaNd - "" = G:\cache\tmp983.exe
O33 - MountPoints2\{456f93fc-5f17-11de-8146-00188bb80c8a}\Shell\AutoRun\command - "" = G:\cache\tmp983.exe
O33 - MountPoints2\{456f93fc-5f17-11de-8146-00188bb80c8a}\Shell\oPEN\coMmaNd - "" = G:\cache\tmp983.exe
O33 - MountPoints2\{5231dab4-a14f-11dd-9ae2-00188bb80c8a}\Shell - "" = AutoRun
O33 - MountPoints2\{5231dab4-a14f-11dd-9ae2-00188bb80c8a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{a1e520a7-364f-11de-9b86-00188bb80c8a}\Shell\AutoRun\command - "" = G:\Menu.exe
O33 - MountPoints2\{af124ae0-62ed-11de-8cb3-00188bb80c8a}\Shell - "" = AutoRun
O33 - MountPoints2\{af124ae0-62ed-11de-8cb3-00188bb80c8a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b19bd2e0-e43b-11de-b36d-00197dfd8fcf}\Shell - "" = AutoRun
O33 - MountPoints2\{b19bd2e0-e43b-11de-b36d-00197dfd8fcf}\Shell\AutoRun\command - "" = K:\LaunchU3.exe
O33 - MountPoints2\{c814e384-4895-11de-a0f3-00188bb80c8a}\Shell - "" = AutoRun
O33 - MountPoints2\{c814e384-4895-11de-a0f3-00188bb80c8a}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{cad39f7d-7a64-11dc-9137-00188bb80c8a}\Shell - "" = AutoRun
O33 - MountPoints2\{cad39f7d-7a64-11dc-9137-00188bb80c8a}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{cdbbfe6b-ecf7-11db-8d49-00188bb80c8a}\Shell - "" = AutoRun
O33 - MountPoints2\{cdbbfe6b-ecf7-11db-8d49-00188bb80c8a}\Shell\AutoRun\command - "" = K:\LaunchU3.exe
O33 - MountPoints2\{f61a19fc-a13d-11de-b390-00188bb80c8a}\Shell - "" = AutoRun
O33 - MountPoints2\{f61a19fc-a13d-11de-b390-00188bb80c8a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
[2011.05.07 12:32:26 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011.05.06 18:13:53 | 000,013,014 | -HS- | M] () -- C:\ProgramData\00m7424w3832ote4332pyh8
[2011.05.06 18:13:52 | 000,013,014 | -HS- | M] () -- C:\Users\Standard\AppData\Local\00m7424w3832ote4332pyh8
:Commands
[purity]
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 3

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Hacken bei Yes, i accept the Terms of Use.
Drücke den Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist.
drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.

Vista Anti-Spyware 2011. Komplett entfernt?

Plagegeister aller Art und deren Bekämpfung: Vista Anti-Spyware 2011. Komplett entfernt?