Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Werde unbekannten Virus nicht los (https://www.trojaner-board.de/77484-unbekannten-virus-los.html)

Maring 15.09.2009 15:55
Werde unbekannten Virus nicht los
 
Hallo ihr Lieben ^^
habe (gottseidank) diese seite hier entdeckt (über google ^^) und muss euch um hilfe bitten. habe dieses problem (unten die beschreibung ^^)als thema hier schon gefunden aber ich muss ein neues thema erstellen (falls ich das richtig verstanden habe ^^)
also und hier mein problem:
meine schwester musste was runterladen um ein video anzusehen (die nachricht ist übrigens über msn gekommen)und seit dem hab ich diesen virus drauf und werde ihn nicht los. und die virenscanner finden nichts.
bitte bitte helft mir.... :heulen:

Logfile of HijackThis v1.99.1
Scan saved at 16:51:49, on 15.09.2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jana Maring Inday\AppData\Local\Temp\Temp2_hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php?ver=v8notr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S390A.tmp" /EF "HKCU"
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E84708E0-B0D5-4420-887F-696F04AB8761}: NameServer = 213.191.92.87 62.109.123.6
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\Windows\system32\adlaunch32.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Program Files\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Unknown owner - C:\Program Files\Norman\Nse\bin\NSESVC.EXE" -daemon (file missing)
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Program Files\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OSD Service (OsdService) - TODO: <????> - C:\Program Files\OEM\OSD_1.12\OsdService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


ich sag jetzt schon mal danke :)

viele liebe grüße, Maring

john.doe 15.09.2009 16:45
Hallo Maring und :hallo:

Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab.

ciao, andreas

Maring 15.09.2009 17:40
mei dankeschön andreas!!
ich glaub du hast mir damit ganz viel geholfen!!!
VIELEN VIELEN DANK

liebe grüße, maring

john.doe 15.09.2009 17:47
Du hattest nur Adware. Poste bitte trotzdem alle Logs, denn da kann noch mehr sein. ;)

Du bist trotzdem entlassen. :)

ciao, andreas

Maring 15.09.2009 17:51
Alles klar, werde ich machen. (zu befehl ^^) :)

wow jetzt bin ich echt erleichtert

nochmal danke (ich kann damit nicht aufhören)

grüße maring

Maring 15.09.2009 17:57
Logfile of HijackThis v1.99.1
Scan saved at 18:56:49, on 15.09.2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jana Maring Inday\AppData\Local\Temp\Temp2_hijackthis.zip\HijackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php?ver=v8notr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S390A.tmp" /EF "HKCU"
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E84708E0-B0D5-4420-887F-696F04AB8761}: NameServer = 213.191.92.87 62.109.123.6
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Program Files\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Unknown owner - C:\Program Files\Norman\Nse\bin\NSESVC.EXE" -daemon (file missing)
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Program Files\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OSD Service (OsdService) - TODO: <????> - C:\Program Files\OEM\OSD_1.12\OsdService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

john.doe 15.09.2009 18:15
Da ist noch mehr. :(

Poste bitte das Log von Malwarebytes und beide Logs von RSIT. Zusätzlich noch beide Logs von OTL.

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Setze ein Häckchen bei Scan All Users.
  • Unter Standard Registry wähle bitte All
  • Unter Extra Registry, wähle bitte Use SafeList
  • Schliesse bitte alle laufenden Programme.
  • Klicke nun auf Run Scan ( links oben ).
  • Wenn der Scan beendet wurde werden 2 Logfiles auf dem Desktop erstellt
  • Poste den Inhalt von OTL.txt und Extra.txt hier in den Thread.

ciao, andreas

Maring 15.09.2009 18:29
also hier erst mal OTL

OTL Extras logfile created on: 15.09.2009 19:18:43 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\Jana Maring Inday\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 83,72% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 192,06 Gb Total Space | 138,85 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive D: | 97,03 Gb Total Space | 96,94 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FJS_AMILO_PI
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3908193018-3707920992-2016897741-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3908193018-3707920992-2016897741-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5F0D8509-47E4-4EF9-8693-E00D03227C11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E0C747D7-CE2E-48D5-883D-4421B4B10982}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{175E0406-DBFC-4C67-A220-CC5FBC5A9934}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{5F2B86F5-8180-4B85-88C3-09C8F92932CE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{61620E7F-0963-4E32-AF88-F818248A749A}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{6E555262-445B-4AB9-B5E4-09DFAF397347}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{77EA3B9B-F9B2-4024-93FB-91D82A4E842A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A94EB256-01C8-4B4F-8A94-7C6A59C6C7E2}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{B66AF5EC-F941-43A8-B21C-E1881A839036}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D7727D03-6144-4636-AF94-523C47103DAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{2A63D1CA-B611-4060-B10C-211A33F2AD81}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{985BFC43-1833-4F59-A829-1F2B2D56CB04}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.12
"{854C47D1-C2A0-4492-8655-C3F8D49C1031}" = Nero 8 Essentials
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{A36B158D-8E9D-4BD3-8BDA-4B5EDC9C2E8C}" = Norman Security Suite
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F58B763E-9FB9-4629-AF3C-CC9744BC4BA7}" = Fujitsu Siemens Computers Recovery
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BearShare" = BearShare
"BearShare MediaBar" = MediaBar 2.0
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Cradle of Rome" = Cradle of Rome (remove only)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.2
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"jnbebe" = Favorit
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa2" = Picasa 2
"Poker Superstars II" = Poker Superstars II (remove only)
"Spyware Doctor" = Spyware Doctor 6.1
"Uninstall_is1" = Uninstall 1.0.0.1
"UnZip Me" = UnZip Me
"Virtual Villagers" = Virtual Villagers (remove only)
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11.09.2009 05:27:54 | Computer Name = FJS_Amilo_Pi | Source = Windows Search Service | ID = 3013
Description =

Error - 11.09.2009 05:27:54 | Computer Name = FJS_Amilo_Pi | Source = Windows Search Service | ID = 3013
Description =

Error - 11.09.2009 11:08:38 | Computer Name = FJS_Amilo_Pi | Source = NormanNPT | ID = 131073
Description = Norman Message [2009/09/11 17:08:38] --------------------------------------------------------
Application:
NVC On-access Scanner Node address: 85.181.141.172 --------------------------------------------------------

Warning
message: Virus missing: Virus name: 'W32/DLoader.WHOS' File infected: C:/Users/Jana
Maring Inday/Downloads/FunkyEmoticons_setup.exe File quarantined: C:/Users/Jana
Maring Inday/Downloads/FunkyEmoticons_setup.exe Login information: User 'SYSTEM'
on host 'FJS_AMILO_PI'.

Error - 11.09.2009 14:46:19 | Computer Name = FJS_Amilo_Pi | Source = WinMgmt | ID = 10
Description =

Error - 11.09.2009 15:53:47 | Computer Name = FJS_Amilo_Pi | Source = Windows Search Service | ID = 3006
Description =

Error - 11.09.2009 15:53:48 | Computer Name = FJS_Amilo_Pi | Source = Windows Search Service | ID = 3007
Description =

Error - 11.09.2009 16:18:18 | Computer Name = FJS_Amilo_Pi | Source = WinMgmt | ID = 10
Description =

Error - 12.09.2009 14:31:40 | Computer Name = FJS_Amilo_Pi | Source = WinMgmt | ID = 10
Description =

Error - 12.09.2009 16:18:28 | Computer Name = FJS_Amilo_Pi | Source = WinMgmt | ID = 10
Description =

Error - 12.09.2009 21:11:32 | Computer Name = FJS_Amilo_Pi | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 31.08.2009 05:45:13 | Computer Name = FJS_Amilo_Pi | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 31.08.2009 05:45:13 | Computer Name = FJS_Amilo_Pi | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 31.08.2009 05:45:13 | Computer Name = FJS_Amilo_Pi | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 31.08.2009 05:45:13 | Computer Name = FJS_Amilo_Pi | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 31.08.2009 05:45:13 | Computer Name = FJS_Amilo_Pi | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 31.08.2009 05:45:13 | Computer Name = FJS_Amilo_Pi | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 31.08.2009 14:26:08 | Computer Name = FJS_Amilo_Pi | Source = HTTP | ID = 15016
Description =

Error - 31.08.2009 17:03:50 | Computer Name = FJS_Amilo_Pi | Source = RasMan | ID = 20062
Description = Interner Fehler: Das Trennen an PPPoE2-0 endete zwar vollständig,
aber mit einem Fehler. PPPoE2-0

Error - 31.08.2009 17:33:43 | Computer Name = FJS_Amilo_Pi | Source = HTTP | ID = 15016
Description =

Error - 01.09.2009 03:32:31 | Computer Name = FJS_Amilo_Pi | Source = HTTP | ID = 15016
Description =


< End of report >

Maring 15.09.2009 18:33
OTL logfile created on: 15.09.2009 19:18:43 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\Jana Maring Inday\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 83,72% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 192,06 Gb Total Space | 138,85 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive D: | 97,03 Gb Total Space | 96,94 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FJS_AMILO_PI
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe (Norman ASA)
PRC - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe (Norman ASA)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Norman\Npm\Bin\Zanda.exe (Norman ASA)
PRC - C:\Program Files\Norman\npm\bin\nvoy.exe (Norman ASA)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Norman\Npm\Bin\Zlh.exe (Norman ASA)
PRC - C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
PRC - C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\Program Files\OEM\OSD_1.12\OsdService.exe (TODO: <????>)
PRC - C:\Windows\System32\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Program Files\Norman\Npm\Bin\scheduler.exe (Norman ASA)
PRC - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE (Norman ASA)
PRC - C:\Program Files\Norman\npc\bin\npcsvc32.exe (Norman ASA)
PRC - C:\Program Files\Norman\Nse\bin\NSESVC.EXE (Norman ASA)
PRC - C:\Program Files\Norman\npc\bin\nuaa.exe (Norman ASA)
PRC - C:\Program Files\Norman\Nvc\bin\nvcoas.exe (Norman ASA)
PRC - C:\Program Files\Norman\Nvc\Bin\Nip.exe (Norman ASA)
PRC - C:\Program Files\Norman\Nvc\Bin\cclaw.exe (Norman ASA)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Jana Maring Inday\Downloads\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (eLoggerSvc6 [Auto | Running]) -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe (Norman ASA)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (FSCLBaseUpdaterService [Auto | Running]) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
SRV - (GoogleDesktopManager-022208-143751 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 3 [Auto | Running]) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Norman NJeeves [On_Demand | Running]) -- C:\Program Files\Norman\Npm\bin\NJEEVES.EXE (Norman ASA)
SRV - (Norman ZANDA [Auto | Running]) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe (Norman ASA)
SRV - (NPC [On_Demand | Running]) -- C:\Program Files\Norman\npc\bin\npcsvc32.exe (Norman ASA)
SRV - (NPROSECSVC [Auto | Running]) -- C:\Program Files\Norman\Ngs\Bin\Nprosec.exe (Norman ASA)
SRV - (nsesvc [On_Demand | Running]) -- C:\Program Files\Norman\Nse\bin\NSESVC.EXE (Norman ASA)
SRV - (NUAA [On_Demand | Running]) -- C:\Program Files\Norman\npc\bin\nuaa.exe (Norman ASA)
SRV - (nvcoas [On_Demand | Running]) -- C:\Program Files\Norman\Nvc\bin\nvcoas.exe (Norman ASA)
SRV - (NVCScheduler [On_Demand | Stopped]) -- File not found
SRV - (NVOY [Auto | Running]) -- C:\Program Files\Norman\npm\bin\nvoy.exe (Norman ASA)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (OsdService [Auto | Running]) -- C:\Program Files\OEM\OSD_1.12\OsdService.exe (TODO: <????>)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service [Auto | Running]) -- C:\Windows\System32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (Scheduler [On_Demand | Running]) -- C:\Program Files\Norman\Npm\Bin\scheduler.exe (Norman ASA)
SRV - (sdAuxService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (TestHandler [Auto | Running]) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ahcix86s [Disabled | Stopped]) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.).....

Maring 15.09.2009 18:34
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\Windows\System32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\Windows\System32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GpdDevDPort [On_Demand | Running]) -- C:\Windows\System32\directport.sys ()
DRV - (GpdKbFilter [On_Demand | Running]) -- C:\Windows\System32\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStor [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (JRAID [Disabled | Stopped]) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Ndiskio [Auto | Running]) -- C:\Program Files\Norman\Nse\bin\NDISKIO.SYS (Norman ASA)
DRV - (NETw5v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw5v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (NGS [System | Running]) -- c:\program files\norman\ngs\bin\ngs.sys (Norman ASA)
DRV - (NPROSEC [System | Running]) -- C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Norman ASA)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NvcMFlt [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvcv32mf.sys (Norman ASA)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PCTCore [Boot | Running]) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (ssmdrv [System | Running]) -- C:\Windows\System32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B} [Auto | Running]) -- C:\Program Files\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-3908193018-3707920992-2016897741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3908193018-3707920992-2016897741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKU\S-1-5-21-3908193018-3707920992-2016897741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKU\S-1-5-21-3908193018-3707920992-2016897741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3908193018-3707920992-2016897741-1000\S-1-5-21-3908193018-3707920992-2016897741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3908193018-3707920992-2016897741-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3908193018-3707920992-2016897741-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php?ver=v8notr
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3908193018-3707920992-2016897741-1001\S-1-5-21-3908193018-3707920992-2016897741-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.lokalisten.de"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.04 14:35:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.08.31 11:52:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.09.15 01:18:43 | 00,000,000 | ---D | M]

[2009.08.31 11:52:53 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2009.08.31 11:52:53 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.08.31 12:01:34 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\eb5pgaz0.default\extensions
[2009.09.04 18:48:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.08.31 11:52:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.09.04 18:48:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009.08.31 22:08:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
[2009.07.31 01:39:13 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.07.31 01:39:13 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009.07.31 01:39:14 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008.10.14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009.07.31 00:59:14 | 00,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.07.31 00:59:14 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009.07.31 01:39:06 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009.07.31 00:59:14 | 00,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.07.31 00:59:14 | 00,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.07.31 00:59:14 | 00,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll ()
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKU\S-1-5-21-3908193018-3707920992-2016897741-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-3908193018-3707920992-2016897741-1000\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe (Norman ASA)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-3908193018-3707920992-2016897741-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3908193018-3707920992-2016897741-1000..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-21-3908193018-3707920992-2016897741-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3908193018-3707920992-2016897741-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-3908193018-3707920992-2016897741-1000..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe File not found
O4 - HKU\S-1-5-21-3908193018-3707920992-2016897741-1000..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe File not found
O4 - HKU\S-1-5-21-3908193018-3707920992-2016897741-1001..\Run: [EPSON Stylus DX8400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3908193018-3707920992-2016897741-1001..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3908193018-3707920992-2016897741-1001..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3908193018-3707920992-2016897741-1000..\RunOnce: [!BearShareFFPage] C:\Program Files\BearShare Applications\BearShare\FFPage.exe ()
O4 - HKU\S-1-5-21-3908193018-3707920992-2016897741-1000..\RunOnce: [UniblueRegistryBooster] C:\Program Files\Uniblue\RegistryBooster 2009\launcher.exe File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk = C:\Users\User\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-3908193018-3707920992-2016897741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation).......

Maring 15.09.2009 18:38
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3908193018-3707920992-2016897741-1000\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-3908193018-3707920992-2016897741-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.09.15 17:59:10 | 00,000,000 | ---D | C] -- C:\rsit
[2009.09.15 17:59:10 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009.09.15 17:57:12 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2009.09.15 17:57:09 | 00,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.09.15 17:57:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.09.15 17:57:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.09.15 17:57:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.09.15 17:57:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.09.15 17:51:04 | 00,159,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2009.09.15 17:50:58 | 00,206,256 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009.09.15 17:50:58 | 00,086,888 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2009.09.15 17:50:58 | 00,007,396 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2009.09.15 17:50:53 | 00,001,751 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2009.09.15 17:50:51 | 00,064,392 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2009.09.15 17:50:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009.09.15 17:50:46 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PC Tools
[2009.09.15 17:50:46 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009.09.15 17:50:46 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009.09.15 17:50:34 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009.09.15 01:18:52 | 00,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009.09.15 01:18:32 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009.09.15 01:18:32 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009.09.15 01:18:31 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009.09.15 01:18:28 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009.09.15 01:18:28 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009.09.15 00:54:38 | 00,000,000 | ---D | C] -- C:\Program Files\QUAD Utilities
[2009.09.15 00:46:13 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Registry Booster
[2009.09.15 00:35:37 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Uniblue
[2009.09.12 20:42:18 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009.09.11 21:56:24 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009.09.11 21:56:24 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009.09.11 21:56:24 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009.09.11 21:56:24 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009.09.11 21:56:24 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009.09.11 21:56:23 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009.09.11 21:56:23 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009.09.11 21:56:23 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009.09.11 21:56:23 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009.09.11 21:56:23 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009.09.11 21:56:23 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009.09.11 21:56:23 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009.09.11 21:56:23 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009.09.11 21:56:23 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009.09.11 21:56:22 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009.09.11 21:56:22 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009.09.11 21:56:22 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009.09.11 21:56:22 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009.09.11 21:56:22 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009.09.11 21:56:21 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009.09.11 21:56:21 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009.09.11 21:55:02 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009.09.11 21:55:02 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009.09.11 21:55:02 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009.09.11 21:55:02 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009.09.11 21:55:02 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009.09.11 21:55:02 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009.09.11 21:55:02 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009.09.11 21:55:02 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009.09.11 21:55:02 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009.09.11 21:55:01 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009.09.11 21:55:01 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009.09.11 21:55:01 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009.09.11 21:55:01 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009.09.11 21:55:01 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009.09.11 21:55:01 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009.09.11 21:55:00 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009.09.11 21:55:00 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009.09.11 21:55:00 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009.09.11 21:55:00 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009.09.11 21:55:00 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009.09.11 21:55:00 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009.09.11 21:55:00 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009.09.11 21:55:00 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009.09.11 21:54:59 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009.09.11 21:54:59 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009.09.11 21:54:58 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009.09.11 21:54:58 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009.09.11 21:54:58 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009.09.11 21:54:58 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009.09.11 21:54:58 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009.09.11 21:54:58 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009.09.11 21:54:58 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009.09.11 21:54:58 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009.09.11 21:53:02 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft Help
[2009.09.09 12:35:06 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FunkyEmoticons
[2009.09.09 12:34:53 | 00,441,645 | ---- | C] () -- C:\Users\User\AppData\Local\jnbebe_nav.dat
[2009.09.09 12:34:22 | 00,003,222 | ---- | C] () -- C:\Users\User\AppData\Local\jnbebe.dat
[2009.09.09 12:34:22 | 00,001,404 | ---- | C] () -- C:\Users\User\AppData\Local\jnbebe_navps.dat

Maring 15.09.2009 18:39
[2009.09.09 12:34:22 | 00,000,088 | ---- | C] () -- C:\Users\User\AppData\Local\jnbebe.bat
[2009.09.09 12:34:22 | 00,000,000 | ---D | C] -- C:\Program Files\FunkyEmoticons
[2009.09.09 10:40:37 | 00,897,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009.09.09 10:40:36 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009.09.09 10:40:36 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009.09.09 10:40:36 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009.09.09 10:40:36 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009.09.09 10:40:36 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009.09.09 10:40:36 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009.09.09 10:40:36 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009.09.09 10:40:36 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009.09.09 10:40:35 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009.09.09 10:40:25 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009.09.09 10:40:24 | 00,513,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009.09.09 10:40:24 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009.09.09 10:40:24 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009.09.09 10:40:24 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009.09.09 10:40:17 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009.09.09 10:40:17 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009.09.05 21:12:33 | 00,000,771 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2009.09.05 21:12:32 | 00,000,000 | ---D | C] -- C:\Program Files\epson
[2009.09.05 20:54:41 | 00,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2009.09.05 20:54:18 | 00,049,152 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL
[2009.09.05 20:54:16 | 00,076,800 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBCEE.DLL
[2009.09.05 20:54:15 | 00,062,976 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BCEE.DLL
[2009.09.05 20:52:46 | 00,067,072 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\escwiad.dll
[2009.09.04 21:26:36 | 00,002,736 | ---- | C] () -- C:\Windows\System32\dossec.tlb
[2009.09.04 21:26:36 | 00,001,636 | ---- | C] () -- C:\Users\User\Desktop\Direkt Downloaden.lnk
[2009.09.04 21:26:35 | 00,000,000 | ---D | C] -- C:\Program Files\divx
[2009.09.04 18:49:54 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.04 18:47:59 | 00,002,489 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009.09.04 18:47:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009.09.04 18:47:58 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009.09.04 18:47:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009.09.03 23:26:24 | 00,000,009 | ---- | C] () -- C:\Windows\System32\dossec.cfg
[2009.09.03 15:32:10 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009.09.03 15:32:10 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009.09.01 10:16:18 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009.09.01 10:02:53 | 00,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.01 10:02:53 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2009.09.01 10:02:53 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.09.01 10:02:53 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2009.09.01 10:02:52 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009.09.01 10:02:52 | 00,754,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009.09.01 10:02:52 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009.09.01 10:02:52 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009.09.01 10:02:52 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009.09.01 10:02:52 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009.09.01 10:02:52 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009.09.01 10:02:52 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009.09.01 10:02:52 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2009.09.01 10:02:52 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2009.09.01 10:02:52 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2009.09.01 10:02:52 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009.09.01 10:02:52 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009.09.01 10:02:52 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2009.09.01 10:02:52 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2009.09.01 10:02:51 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009.09.01 10:02:51 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009.09.01 10:02:51 | 01,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2009.09.01 10:02:51 | 01,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2009.09.01 10:02:51 | 00,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2009.09.01 10:02:51 | 00,439,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2009.09.01 10:02:51 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2009.09.01 10:02:51 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2009.09.01 10:02:51 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2009.09.01 10:02:51 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009.09.01 10:02:51 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2009.09.01 10:02:51 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009.09.01 09:43:32 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009.09.01 09:43:31 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009.09.01 09:43:30 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009.09.01 09:43:30 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009.09.01 09:43:30 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009.09.01 09:43:30 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009.09.01 09:43:28 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009.09.01 09:43:27 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009.09.01 09:38:13 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009.09.01 09:38:12 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009.09.01 09:38:11 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009.09.01 09:38:06 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009.09.01 09:38:04 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009.09.01 09:37:11 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009.08.31 22:42:41 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009.08.31 22:42:41 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009.08.31 22:42:39 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009.08.31 22:42:35 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009.08.31 22:42:35 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009.08.31 22:42:30 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009.08.31 22:42:27 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009.08.31 22:42:19 | 00,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009.08.31 22:38:27 | 00,000,853 | ---- | C] () -- C:\Users\User\Desktop\UnZip Me.lnk
[2009.08.31 22:38:26 | 01,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000
[2009.08.31 22:38:26 | 00,150,016 | ---- | C] (Info-ZIP) -- C:\Windows\System32\Unzip32.dll
[2009.08.31 22:38:26 | 00,141,312 | ---- | C] (Info-ZIP) -- C:\Windows\System32\zip32.dll
[2009.08.31 22:38:26 | 00,000,000 | ---D | C] -- C:\Program Files\Camtech
[2009.08.31 22:08:42 | 00,076,407 | ---- | C] () -- C:\Users\User\AppData\Roaming\Smiley.ico
[2009.08.31 22:08:39 | 00,000,947 | ---- | C] () -- C:\Users\Public\Desktop\BearShare.lnk
[2009.08.31 22:08:24 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\BearShare
[2009.08.31 22:08:22 | 00,483,328 | ---- | C] (SoftShape Development) -- C:\Windows\System32\actskn45.ocx
[2009.08.31 22:08:19 | 00,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2009.08.31 21:17:25 | 00,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009.08.31 20:52:41 | 00,000,000 | ---D | C] -- C:\desktop
[2009.08.31 20:38:19 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009.08.31 20:38:19 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009.08.31 20:38:19 | 00,439,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009.08.31 20:38:19 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009.08.31 20:38:19 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009.08.31 20:38:19 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009.08.31 20:38:19 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009.08.31 20:38:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009.08.31 20:37:37 | 00,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009.08.31 20:37:37 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009.08.31 20:37:37 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009.08.31 20:37:14 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009.08.31 20:37:14 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009.08.31 20:37:14 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009.08.31 20:36:45 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009.08.31 20:36:41 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009.08.31 20:36:38 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009.08.31 20:36:33 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009.08.31 20:36:33 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009.08.31 20:36:33 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009.08.31 20:36:33 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009.08.31 20:36:24 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009.08.31 20:36:21 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009.08.31 20:36:14 | 00,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009.08.31 20:36:08 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009.08.31 20:36:04 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009.08.31 20:36:04 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009.08.31 20:36:01 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009.08.31 20:35:54 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009.08.31 20:35:47 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009.08.31 20:34:49 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009.08.31 20:34:47 | 01,191,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009.08.31 20:34:45 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009.08.31 20:34:42 | 11,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009.08.31 20:34:18 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009.08.31 20:34:07 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009.08.31 20:33:58 | 02,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009.08.31 20:33:52 | 03,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009.08.31 20:33:52 | 03,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009.08.31 20:33:52 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009.08.31 20:33:52 | 00,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009.08.31 20:33:52 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009.08.31 20:33:52 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009.08.31 20:33:52 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009.08.31 20:33:52 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009.08.31 20:33:52 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009.08.31 20:33:52 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009.08.31 12:18:46 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009.08.31 12:18:46 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009.08.31 12:18:45 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009.08.31 12:18:44 | 00,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009.08.31 12:18:44 | 00,565,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll

Maring 15.09.2009 18:40
[2009.08.31 12:18:44 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009.08.31 12:18:44 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009.08.31 12:18:44 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009.08.31 12:18:41 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009.08.31 12:18:41 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009.08.31 12:18:40 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009.08.31 12:18:40 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009.08.31 12:18:39 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009.08.31 12:18:39 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009.08.31 12:18:39 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009.08.31 12:18:39 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009.08.31 12:18:28 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009.08.31 12:17:38 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009.08.31 12:17:38 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009.08.31 12:16:58 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009.08.31 12:16:58 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009.08.31 12:16:58 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009.08.31 12:16:58 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009.08.31 12:16:58 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009.08.31 12:16:58 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009.08.31 12:16:57 | 00,738,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009.08.31 12:16:55 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009.08.31 12:16:54 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009.08.31 12:04:44 | 01,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009.08.31 12:01:30 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009.08.31 12:01:24 | 00,001,038 | ---- | C] () -- C:\Users\User\Desktop\DVDVideoSoft Free Studio.lnk
[2009.08.31 12:01:24 | 00,000,000 | ---D | C] -- C:\Users\User\Documents\DVDVideoSoft
[2009.08.31 12:01:15 | 00,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2009.08.31 12:01:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2009.08.31 12:01:14 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009.08.31 12:01:06 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009.08.31 12:00:44 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009.08.31 11:58:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009.08.31 11:52:36 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla
[2009.08.31 11:52:36 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Mozilla
[2009.08.31 11:52:27 | 00,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009.08.31 11:52:24 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009.08.31 11:44:36 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009.08.31 11:44:36 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009.08.31 11:44:36 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009.08.31 11:44:36 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009.08.31 11:44:25 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009.08.31 11:44:25 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009.08.31 11:44:25 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009.08.31 11:44:19 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009.08.31 11:44:19 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009.08.30 20:56:04 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009.08.29 09:51:06 | 00,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2009.08.26 23:27:39 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Adobe
[2009.08.26 23:27:39 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Adobe
[2009.08.26 23:27:13 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Fujitsu Siemens Computers
[2009.08.26 23:21:20 | 00,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.25 23:20:02 | 00,000,000 | ---D | C] -- C:\Users\User\Documents\CyberLink
[2009.08.25 23:20:01 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\CyberLink
[2009.08.25 23:19:50 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Google
[2009.08.25 20:34:23 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Macromedia
[2009.08.25 20:30:31 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft Games
[2009.08.20 18:22:49 | 00,000,000 | ---D | C] -- C:\ProgramData\HDBR31
[2009.06.16 14:03:58 | 00,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2009.06.16 14:03:56 | 00,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2009.05.22 12:20:54 | 00,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.04.25 14:23:38 | 00,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2007.11.21 10:31:26 | 00,007,168 | ---- | C] () -- C:\Windows\System32\directport.sys
[2006.11.02 14:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 12:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 09:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Files - Modified Within 30 Days ==========

[2009.09.15 18:12:50 | 01,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.09.15 18:12:50 | 00,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009.09.15 18:12:50 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.09.15 18:12:50 | 00,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009.09.15 18:12:50 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.09.15 18:07:39 | 00,079,203 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009.09.15 18:07:39 | 00,079,203 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009.09.15 18:06:23 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.09.15 18:06:23 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.09.15 18:06:22 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.09.15 18:06:17 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.09.15 18:06:11 | 32,156,13952 | -HS- | M] () -- C:\hiberfil.sys
[2009.09.15 17:57:09 | 00,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.09.15 17:50:53 | 00,001,751 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2009.09.15 01:18:52 | 00,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009.09.11 22:17:06 | 00,295,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.09.10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.09.10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.09.09 12:49:35 | 00,003,222 | ---- | M] () -- C:\Users\User\AppData\Local\jnbebe.dat
[2009.09.09 12:49:30 | 00,001,404 | ---- | M] () -- C:\Users\User\AppData\Local\jnbebe_navps.dat
[2009.09.09 12:34:24 | 00,441,645 | ---- | M] () -- C:\Users\User\AppData\Local\jnbebe_nav.dat
[2009.09.09 12:34:22 | 00,000,088 | ---- | M] () -- C:\Users\User\AppData\Local\jnbebe.bat
[2009.09.08 22:55:09 | 00,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009.09.05 21:12:33 | 00,000,771 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2009.09.04 21:28:10 | 00,002,736 | ---- | M] () -- C:\Windows\System32\dossec.tlb
[2009.09.04 21:28:10 | 00,001,636 | ---- | M] () -- C:\Users\User\Desktop\Direkt Downloaden.lnk
[2009.09.04 18:49:54 | 00,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009.09.03 23:26:24 | 00,000,009 | ---- | M] () -- C:\Windows\System32\dossec.cfg
[2009.08.31 22:38:27 | 00,000,853 | ---- | M] () -- C:\Users\User\Desktop\UnZip Me.lnk
[2009.08.31 22:08:39 | 00,000,947 | ---- | M] () -- C:\Users\Public\Desktop\BearShare.lnk
[2009.08.31 21:17:25 | 00,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009.08.31 20:51:18 | 02,314,448 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2009.08.31 20:50:48 | 00,002,483 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk
[2009.08.31 12:01:24 | 00,001,038 | ---- | M] () -- C:\Users\User\Desktop\DVDVideoSoft Free Studio.lnk
[2009.08.31 11:52:27 | 00,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009.08.30 20:56:04 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009.08.28 14:39:07 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009.08.28 14:38:22 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009.08.28 12:15:30 | 04,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009.08.26 23:21:23 | 00,003,584 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.24 14:05:06 | 00,206,256 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009.08.19 11:01:26 | 00,086,888 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

Maring 15.09.2009 18:42
so jetzt Malwarebytes (oh ist das alles kompliziert ^^)

Malwarebytes' Anti-Malware 1.41
Database version: 2804
Windows 6.0.6001 Service Pack 1

15.09.2009 19:23:31
mbam-log-2009-09-15 (19-23-31).txt

Scan type: Quick Scan
Objects scanned: 84005
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Maring 15.09.2009 18:45
und das willst du dir wirklich antun?
du hast echt eine trophäe verdient ^^

so jetzt noch der letzte


Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-09-15 19:42:39
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 142 GB (72%) free of 197 GB
Total RAM: 3066 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:44, on 15.09.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\OEM\OSD_1.12\OsdService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Norman\Npm\Bin\scheduler.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\npc\bin\npcsvc32.exe
C:\Program Files\Norman\Nse\bin\NSESVC.EXE
C:\Program Files\Norman\npc\bin\nuaa.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jana Maring Inday\Downloads\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\RunOnce: [!BearShareFFPage] C:\Program Files\BearShare Applications\BearShare\FFPage.exe http://search.bearshare.com/
O4 - HKCU\..\RunOnce: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster 2009\launcher.exe" delay 20000
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-3908193018-3707920992-2016897741-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (User 'Jana Maring Inday')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OSD.lnk = ?
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E84708E0-B0D5-4420-887F-696F04AB8761}: NameServer = 213.191.92.87 62.109.123.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Program Files\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\bin\NSESVC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Program Files\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OSD Service (OsdService) - TODO: <????> - C:\Program Files\OEM\OSD_1.12\OsdService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 13027 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
UrlHelper Class - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll [2009-05-04 398776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-05-22 2427968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-05-22 2427968]
{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - BearShare MediaBar - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll [2009-05-04 529848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-23 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-23 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-25 6111232]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-05-22 29744]
"FSCRecovery"=c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe [2008-05-08 268096]
"Norman ZANDA"=C:\Program Files\Norman\Npm\Bin\ZLH.EXE [2009-02-11 187504]
"NPCTray"=C:\Program Files\Norman\npc\bin\npc_tray.exe [2007-09-17 126008]

Maring 15.09.2009 18:46
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2007-11-16 91432]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
"Google EULA Launcher"=c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"funkyemoticons"=C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe [2009-08-18 283360]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-09-02 25623336]
"Uniblue RegistryBooster 2"=c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe []
"Uniblue RegistryBooster 2009"=c:\program files\uniblue\registrybooster\StartRegistryBooster.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"!BearShareFFPage"=C:\Program Files\BearShare Applications\BearShare\FFPage.exe [2009-02-17 24576]
"UniblueRegistryBooster"=C:\Program Files\Uniblue\RegistryBooster 2009\launcher.exe delay 20000 []

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OSD.lnk - C:\Users\User\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-09-15 17:59:10 ----D---- C:\rsit
2009-09-15 17:59:10 ----D---- C:\Program Files\trend micro
2009-09-15 17:57:12 ----D---- C:\Users\User\AppData\Roaming\Malwarebytes
2009-09-15 17:57:05 ----D---- C:\ProgramData\Malwarebytes
2009-09-15 17:57:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-15 17:50:51 ----D---- C:\Program Files\Common Files\PC Tools
2009-09-15 17:50:46 ----D---- C:\Users\User\AppData\Roaming\PC Tools
2009-09-15 17:50:46 ----D---- C:\ProgramData\PC Tools
2009-09-15 17:50:46 ----D---- C:\Program Files\Spyware Doctor
2009-09-15 17:50:34 ----AD---- C:\ProgramData\TEMP
2009-09-15 01:18:28 ----D---- C:\ProgramData\Avira
2009-09-15 01:18:28 ----D---- C:\Program Files\Avira
2009-09-15 00:54:38 ----D---- C:\Program Files\QUAD Utilities
2009-09-15 00:46:13 ----D---- C:\Users\User\AppData\Roaming\Registry Booster
2009-09-15 00:35:37 ----D---- C:\Users\User\AppData\Roaming\Uniblue
2009-09-12 20:42:18 ----A---- C:\Windows\system32\jscript.dll
2009-09-11 21:56:24 ----A---- C:\Windows\system32\occache.dll
2009-09-11 21:56:24 ----A---- C:\Windows\system32\msfeeds.dll
2009-09-11 21:56:24 ----A---- C:\Windows\system32\jsproxy.dll
2009-09-11 21:56:24 ----A---- C:\Windows\system32\iepeers.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\wininet.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\msfeedssync.exe
2009-09-11 21:56:23 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\ieui.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\iesetup.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\iertutil.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\iernonce.dll
2009-09-11 21:56:23 ----A---- C:\Windows\system32\ie4uinit.exe
2009-09-11 21:56:22 ----A---- C:\Windows\system32\urlmon.dll
2009-09-11 21:56:22 ----A---- C:\Windows\system32\ieUnatt.exe
2009-09-11 21:56:22 ----A---- C:\Windows\system32\iesysprep.dll
2009-09-11 21:56:22 ----A---- C:\Windows\system32\iedkcs32.dll
2009-09-11 21:56:21 ----A---- C:\Windows\system32\mshtml.dll
2009-09-11 21:56:21 ----A---- C:\Windows\system32\ieframe.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\msls31.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\mshtmler.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\mshtmled.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\imgutil.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\ieakeng.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\icardie.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\corpol.dll
2009-09-11 21:55:02 ----A---- C:\Windows\system32\admparse.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\msrating.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\licmgr10.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\inseng.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\ieaksie.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\dxtrans.dll
2009-09-11 21:55:01 ----A---- C:\Windows\system32\dxtmsft.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-09-11 21:55:00 ----A---- C:\Windows\system32\wextract.exe
2009-09-11 21:55:00 ----A---- C:\Windows\system32\webcheck.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\pngfilt.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\mstime.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\ieapfltr.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\ieakui.dll
2009-09-11 21:55:00 ----A---- C:\Windows\system32\advpack.dll
2009-09-11 21:54:59 ----A---- C:\Windows\system32\vbscript.dll
2009-09-11 21:54:59 ----A---- C:\Windows\system32\url.dll
2009-09-11 21:54:58 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-09-11 21:54:58 ----A---- C:\Windows\system32\SetDepNx.exe
2009-09-11 21:54:58 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-09-11 21:54:58 ----A---- C:\Windows\system32\PDMSetup.exe
2009-09-11 21:54:58 ----A---- C:\Windows\system32\mshta.exe
2009-09-11 21:54:58 ----A---- C:\Windows\system32\iexpress.exe
2009-09-09 12:35:06 ----D---- C:\Users\User\AppData\Roaming\FunkyEmoticons
2009-09-09 12:34:22 ----D---- C:\Program Files\FunkyEmoticons
2009-09-09 10:40:36 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 10:40:36 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 10:40:36 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 10:40:36 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 10:40:36 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 10:40:36 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 10:40:36 ----A---- C:\Windows\system32\finger.exe
2009-09-09 10:40:36 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 10:40:35 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 10:40:24 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 10:40:24 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 10:40:24 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 10:40:24 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 10:40:17 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 10:40:17 ----A---- C:\Windows\system32\mf.dll
2009-09-05 21:12:32 ----D---- C:\Program Files\epson
2009-09-05 20:54:41 ----D---- C:\ProgramData\EPSON
2009-09-05 20:54:18 ----A---- C:\Windows\system32\E_DCINST.DLL
2009-09-05 20:54:16 ----A---- C:\Windows\system32\E_FLBCEE.DLL
2009-09-05 20:54:15 ----A---- C:\Windows\system32\E_FD4BCEE.DLL
2009-09-05 20:52:46 ----A---- C:\Windows\system32\escwiad.dll
2009-09-04 21:26:35 ----D---- C:\Program Files\divx
2009-09-04 18:47:59 ----D---- C:\Program Files\Common Files\Skype
2009-09-04 18:47:58 ----RD---- C:\Program Files\Skype
2009-09-04 18:47:55 ----D---- C:\ProgramData\Skype
2009-09-03 15:32:10 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-03 15:32:10 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-01 10:16:18 ----A---- C:\Windows\system32\tzres.dll
2009-09-01 10:02:53 ----A---- C:\Windows\system32\msshooks.dll
2009-09-01 10:02:53 ----A---- C:\Windows\system32\msscb.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\wsepno.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\thawbrkr.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\srchadmin.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-09-01 10:02:52 ----A---- C:\Windows\system32\rtffilt.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\propsys.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\propdefs.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\offfilt.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\msstrc.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\mssprxy.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\mssitlb.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\msshsq.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\mimefilt.dll
2009-09-01 10:02:52 ----A---- C:\Windows\system32\korwbrkr.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\xmlfilter.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\tquery.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-09-01 10:02:51 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-09-01 10:02:51 ----A---- C:\Windows\system32\nlhtml.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\mssvp.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\mssrch.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\mssphtb.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\mssph.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\msscntrs.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\chtbrkr.dll
2009-09-01 10:02:51 ----A---- C:\Windows\system32\chsbrkr.dll
2009-09-01 09:43:32 ----A---- C:\Windows\system32\infocardapi.dll
2009-09-01 09:43:31 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-01 09:43:30 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-09-01 09:43:30 ----A---- C:\Windows\system32\icardres.dll
2009-09-01 09:43:30 ----A---- C:\Windows\system32\icardagt.exe
2009-09-01 09:43:28 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-09-01 09:43:27 ----A---- C:\Windows\system32\PresentationHost.exe
2009-09-01 09:38:13 ----A---- C:\Windows\system32\dfshim.dll
2009-09-01 09:38:12 ----A---- C:\Windows\system32\mscoree.dll
2009-09-01 09:38:11 ----A---- C:\Windows\system32\netfxperf.dll
2009-09-01 09:38:06 ----A---- C:\Windows\system32\mscorier.dll
2009-09-01 09:38:04 ----A---- C:\Windows\system32\mscories.dll
2009-09-01 09:37:11 ----D---- C:\Program Files\MSXML 4.0
2009-08-31 22:42:41 ----A---- C:\Windows\system32\EncDec.dll
2009-08-31 22:42:39 ----A---- C:\Windows\system32\psisdecd.dll
2009-08-31 22:42:30 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-08-31 22:42:27 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-08-31 22:42:19 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-08-31 22:38:26 ----D---- C:\Program Files\Camtech
2009-08-31 22:38:26 ----A---- C:\Windows\system32\zip32.dll
2009-08-31 22:38:26 ----A---- C:\Windows\system32\Unzip32.dll
2009-08-31 22:08:19 ----D---- C:\Program Files\BearShare Applications
2009-08-31 20:52:41 ----D---- C:\desktop
2009-08-31 20:38:19 ----A---- C:\Windows\system32\wdigest.dll
2009-08-31 20:38:19 ----A---- C:\Windows\system32\secur32.dll
2009-08-31 20:38:19 ----A---- C:\Windows\system32\schannel.dll
2009-08-31 20:38:19 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-31 20:38:19 ----A---- C:\Windows\system32\lsass.exe
2009-08-31 20:38:19 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-31 20:38:19 ----A---- C:\Windows\system32\kerberos.dll
2009-08-31 20:37:37 ----A---- C:\Windows\system32\kernel32.dll
2009-08-31 20:37:37 ----A---- C:\Windows\system32\apilogen.dll
2009-08-31 20:37:37 ----A---- C:\Windows\system32\amxread.dll
2009-08-31 20:37:14 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-08-31 20:37:14 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-08-31 20:37:14 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-08-31 20:36:45 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-08-31 20:36:41 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-08-31 20:36:33 ----A---- C:\Windows\system32\t2embed.dll
2009-08-31 20:36:33 ----A---- C:\Windows\system32\fontsub.dll
2009-08-31 20:36:33 ----A---- C:\Windows\system32\dciman32.dll
2009-08-31 20:36:33 ----A---- C:\Windows\system32\atmfd.dll
2009-08-31 20:36:24 ----A---- C:\Windows\system32\winhttp.dll
2009-08-31 20:36:21 ----A---- C:\Windows\system32\atl.dll
2009-08-31 20:36:14 ----A---- C:\Windows\system32\gdi32.dll
2009-08-31 20:36:04 ----A---- C:\Windows\system32\xolehlp.dll
2009-08-31 20:36:04 ----A---- C:\Windows\system32\msdtcprx.dll
2009-08-31 20:36:01 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-31 20:35:54 ----A---- C:\Windows\system32\mstscax.dll
2009-08-31 20:35:47 ----A---- C:\Windows\system32\es.dll
2009-08-31 20:34:49 ----A---- C:\Windows\system32\wmpeffects.dll
2009-08-31 20:34:47 ----A---- C:\Windows\system32\msxml3.dll
2009-08-31 20:34:45 ----A---- C:\Windows\system32\netapi32.dll
2009-08-31 20:34:42 ----A---- C:\Windows\system32\shell32.dll
2009-08-31 20:34:18 ----A---- C:\Windows\system32\localspl.dll
2009-08-31 20:34:07 ----A---- C:\Windows\system32\avifil32.dll
2009-08-31 20:33:58 ----A---- C:\Windows\explorer.exe
2009-08-31 20:33:52 ----A---- C:\Windows\system32\sdohlp.dll
2009-08-31 20:33:52 ----A---- C:\Windows\system32\rpcss.dll
2009-08-31 20:33:52 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-08-31 20:33:52 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-08-31 20:33:52 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-08-31 20:33:52 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-08-31 20:33:52 ----A---- C:\Windows\system32\iasrecst.dll
2009-08-31 20:33:52 ----A---- C:\Windows\system32\iashost.exe
2009-08-31 20:33:52 ----A---- C:\Windows\system32\iasdatastore.dll
2009-08-31 20:33:52 ----A---- C:\Windows\system32\iasads.dll
2009-08-31 12:18:46 ----A---- C:\Windows\system32\wersvc.dll
2009-08-31 12:18:46 ----A---- C:\Windows\system32\Faultrep.dll
2009-08-31 12:18:45 ----A---- C:\Windows\system32\win32spl.dll
2009-08-31 12:18:44 ----A---- C:\Windows\system32\emdmgmt.dll
2009-08-31 12:18:44 ----A---- C:\Windows\system32\dataclen.dll
2009-08-31 12:18:44 ----A---- C:\Windows\system32\cdd.dll
2009-08-31 12:18:41 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-31 12:18:41 ----A---- C:\Windows\system32\wmp.dll
2009-08-31 12:18:40 ----A---- C:\Windows\system32\spwmp.dll
2009-08-31 12:18:40 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-31 12:18:39 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-31 12:17:38 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-08-31 12:17:38 ----A---- C:\Windows\system32\logagent.exe
2009-08-31 12:16:58 ----A---- C:\Windows\system32\wshext.dll
2009-08-31 12:16:58 ----A---- C:\Windows\system32\wscript.exe
2009-08-31 12:16:58 ----A---- C:\Windows\system32\scrrun.dll
2009-08-31 12:16:58 ----A---- C:\Windows\system32\scrobj.dll
2009-08-31 12:16:58 ----A---- C:\Windows\system32\cscript.exe
2009-08-31 12:16:57 ----A---- C:\Windows\system32\inetcomm.dll
2009-08-31 12:16:55 ----A---- C:\Windows\system32\connect.dll
2009-08-31 12:16:54 ----A---- C:\Windows\system32\rpcrt4.dll
2009-08-31 12:04:44 ----A---- C:\Windows\system32\msxml6.dll
2009-08-31 12:01:30 ----D---- C:\Program Files\Microsoft
2009-08-31 12:01:15 ----D---- C:\Program Files\DVDVideoSoft
2009-08-31 12:01:15 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-08-31 12:01:06 ----D---- C:\Program Files\Windows Live SkyDrive
2009-08-31 12:00:44 ----D---- C:\Program Files\Windows Live
2009-08-31 11:58:21 ----D---- C:\Program Files\Common Files\Windows Live
2009-08-31 11:52:36 ----D---- C:\Users\User\AppData\Roaming\Mozilla
2009-08-31 11:52:24 ----D---- C:\Program Files\Mozilla Firefox
2009-08-31 11:44:36 ----A---- C:\Windows\system32\wups2.dll
2009-08-31 11:44:36 ----A---- C:\Windows\system32\wucltux.dll
2009-08-31 11:44:36 ----A---- C:\Windows\system32\wuaueng.dll
2009-08-31 11:44:36 ----A---- C:\Windows\system32\wuauclt.exe
2009-08-31 11:44:25 ----A---- C:\Windows\system32\wups.dll
2009-08-31 11:44:25 ----A---- C:\Windows\system32\wudriver.dll
2009-08-31 11:44:25 ----A---- C:\Windows\system32\wuapi.dll
2009-08-31 11:44:19 ----A---- C:\Windows\system32\wuwebv.dll
2009-08-31 11:44:19 ----A---- C:\Windows\system32\wuapp.exe
2009-08-29 09:51:06 ----SHD---- C:\Windows\ftpcache
2009-08-26 23:27:39 ----D---- C:\Users\User\AppData\Roaming\Adobe
2009-08-25 23:20:01 ----D---- C:\Users\User\AppData\Roaming\CyberLink
2009-08-25 23:19:50 ----D---- C:\Users\User\AppData\Roaming\Google
2009-08-25 20:34:23 ----D---- C:\Users\User\AppData\Roaming\Macromedia
2009-08-20 18:22:49 ----D---- C:\ProgramData\HDBR31

Maring 15.09.2009 18:48
======List of files/folders modified in the last 1 months======

2009-09-15 19:42:41 ----D---- C:\Windows\Temp
2009-09-15 18:12:50 ----D---- C:\Windows\System32
2009-09-15 18:12:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-15 18:12:49 ----D---- C:\Windows\inf
2009-09-15 18:07:35 ----RSD---- C:\Windows\assembly
2009-09-15 18:07:23 ----D---- C:\Windows\system32\drivers
2009-09-15 18:06:19 ----D---- C:\Program Files\Norman
2009-09-15 18:06:10 ----HD---- C:\ProgramData
2009-09-15 17:59:10 ----RD---- C:\Program Files
2009-09-15 17:50:51 ----D---- C:\Program Files\Common Files
2009-09-15 16:28:46 ----SHD---- C:\Windows\Installer
2009-09-15 01:18:42 ----SD---- C:\Windows\Downloaded Program Files
2009-09-15 01:16:56 ----SHD---- C:\System Volume Information
2009-09-15 01:16:31 ----D---- C:\Windows\winsxs
2009-09-15 01:15:51 ----D---- C:\Program Files\Common Files\microsoft shared
2009-09-15 01:04:52 ----SD---- C:\ProgramData\Microsoft
2009-09-15 00:54:45 ----D---- C:\Windows
2009-09-15 00:54:40 ----D---- C:\Windows\system32\Tasks
2009-09-14 01:19:02 ----D---- C:\Windows\system32\catroot2
2009-09-13 03:16:24 ----D---- C:\ProgramData\Microsoft Help
2009-09-12 20:42:01 ----D---- C:\Windows\system32\catroot
2009-09-11 22:32:58 ----D---- C:\Windows\rescache
2009-09-11 22:15:22 ----D---- C:\Windows\system32\migration
2009-09-11 22:15:22 ----D---- C:\Windows\system32\de-DE
2009-09-11 22:15:22 ----D---- C:\Program Files\Internet Explorer
2009-09-11 22:15:21 ----D---- C:\Windows\system32\en-US
2009-09-11 22:15:21 ----D---- C:\Windows\PolicyDefinitions
2009-09-11 21:57:58 ----D---- C:\Windows\Debug
2009-09-11 21:52:15 ----RSD---- C:\Windows\Fonts
2009-09-11 17:15:04 ----D---- C:\Windows\Prefetch
2009-09-11 03:04:01 ----D---- C:\Program Files\Windows Mail
2009-09-10 20:31:36 ----D---- C:\Windows\ehome
2009-09-08 20:40:14 ----D---- C:\Big Fish Games
2009-09-05 20:53:11 ----D---- C:\Windows\twain_32
2009-09-04 23:06:53 ----D---- C:\Windows\AppPatch
2009-09-04 19:29:50 ----D---- C:\Windows\Microsoft.NET
2009-09-01 10:18:32 ----D---- C:\Windows\system32\wbem
2009-09-01 10:18:31 ----D---- C:\Windows\system32\manifeststore
2009-09-01 10:18:30 ----D---- C:\Program Files\Windows Media Player
2009-09-01 10:18:28 ----D---- C:\Windows\system32\XPSViewer
2009-09-01 10:12:56 ----D---- C:\Program Files\Microsoft Works
2009-09-01 09:37:00 ----D---- C:\Windows\SoftwareDistribution
2009-08-31 21:17:25 ----D---- C:\Program Files\Common Files\Adobe
2009-08-31 21:17:22 ----D---- C:\ProgramData\Adobe
2009-08-31 21:17:18 ----D---- C:\Program Files\Adobe
2009-08-31 12:02:30 ----SD---- C:\Users\User\AppData\Roaming\Microsoft
2009-08-28 14:38:22 ----A---- C:\Windows\system32\mrt.exe
2009-08-28 09:37:25 ----SHD---- C:\$Recycle.Bin
2009-08-28 09:36:54 ----RD---- C:\Users
2009-08-28 09:34:22 ----D---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 NGS;Norman General Security Driver; \??\c:\program files\norman\ngs\bin\ngs.sys [2009-02-11 22712]
R1 NPROSEC;Norman Security driver; \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys [2009-04-21 53816]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 41456]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 Ndiskio;Ndiskio; \??\C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GpdDevDPort;GpdDevDPort; \??\C:\Windows\system32\directport.sys [2007-11-21 7168]
R3 GpdKbFilter;GpdKbFilter; \??\C:\Windows\system32\kbfiltr.sys [2008-03-31 8192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-25 2126688]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-05-01 3660800]
R3 NvcMFlt;NvcMFlt; C:\Windows\system32\DRIVERS\nvcv32mf.sys [2009-01-22 19512]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-23 7494976]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-28 104448]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-09-30 308248]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Program Files\Norman\Npm\Bin\Elogsvc.exe [2007-11-21 150584]
R2 FSCLBaseUpdaterService;FSCLBaseUpdaterService; C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [2007-06-04 65536]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-04-29 877864]
R2 Norman ZANDA;Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [2009-02-25 408696]
R2 NPROSECSVC;Norman Security service; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [2009-02-25 121912]
R2 NVOY;Norman Resource Provider; C:\Program Files\Norman\npm\bin\nvoy.exe [2009-01-20 126008]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-23 196608]
R2 OsdService;OSD Service; C:\Program Files\OEM\OSD_1.12\OsdService.exe [2008-02-22 94208]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2008-04-25 303104]
R3 Norman NJeeves;Norman NJeeves; C:\Program Files\Norman\Npm\bin\NJEEVES.EXE [2009-04-17 274392]
R3 NPC;Norman Parental Control; C:\Program Files\Norman\npc\bin\npcsvc32.exe [2008-04-17 416880]
R3 nsesvc;Norman Scanner Engine Service; C:\Program Files\Norman\Nse\bin\NSESVC.EXE [2009-05-19 310328]
R3 NUAA;Norman User Activity Agent; C:\Program Files\Norman\npc\bin\nuaa.exe [2009-03-24 121912]
R3 nvcoas;Norman Virus Control on-access component; C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2009-04-28 195640]
R3 Scheduler;Norman Scheduler Service; C:\Program Files\Norman\Npm\Bin\scheduler.exe [2009-03-17 130104]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-05-22 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 138168]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 NVCScheduler;Norman Virus Control Scheduler; C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-07-22 1097096]

-----------------EOF-----------------

john.doe 15.09.2009 18:56
:o Da ist aber Einiges im Argen.

1.) Deinstalliere:
  • Google Toolbar for Internet Explorer
  • Windows Live Anmelde-Assistent
  • Norman Security Suite
  • Adobe Reader 8.1.3 - Deutsch
  • BearShare
  • MediaBar 2.0
  • Google Desktop (es sei denn, er wurde freiwillig installiert)
  • Favorit
  • Spyware Doctor 6.1
2.) Installiere (Toolbars immer abwählen, Haken weg):3.) Poste ein neues HJT-Log.

ciao, andreas

Maring 15.09.2009 19:16
also bis auf "Favorit" konnte ich alles deinstallieren (weis auch nicht wieso "Favorit" nicht ging)

Logfile of HijackThis v1.99.1
Scan saved at 20:15:04, on 15.09.2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jana Maring Inday\AppData\Local\Temp\Temp2_hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php?ver=v8notr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S390A.tmp" /EF "HKCU"
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E84708E0-B0D5-4420-887F-696F04AB8761}: NameServer = 213.191.92.87 62.109.123.6
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OSD Service (OsdService) - TODO: <????> - C:\Program Files\OEM\OSD_1.12\OsdService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Maring 15.09.2009 19:18
hätte nicht gedacht dass ich so viele Fehler habe :)

danke ;)

john.doe 15.09.2009 19:30
Zitat:
also bis auf "Favorit" konnte ich alles deinstallieren (weis auch nicht wieso "Favorit" nicht ging)
Im HJT-Log ist zwar nichts mehr zu sehen, aber arbeite sicherheitshalber diese Anleitung ab => http://www.trojaner-board.de/69713-e...navipromo.html (nur der letzte Schritt)

Hinweis an Vista-Benutzer: Alle Programme mit Mausklick rechts => Ausführen als Administrator starten.

1.) Deinstalliere die Foxit-Toolbar.

2.) Schreibe einhundertmal an die Tafel: Ich werde keine Toolbars mehr installieren! :aufsmaul:

3.) Lade dir die aktuelle HJT-Version.

4.) Wische die Tafel wieder ab und schreibe einhundertmal: Ich werde nie wieder mit veralteten Programmversionen arbeiten! :aufsmaul:

5.) Norman | Uninstall Norman Virus Control

6.) Starte HJT => Do a system scan only => Markiere:
Code:
Alle R0, R1, O2, O3, O9 und O16-Einträge
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
=> Fix checked => Starte den Rechner neu => Poste ein neues HJT-Log

ciao, andreas

Maring 15.09.2009 19:54
okay ich habs 100 mal (insgesamt 200 mal ^^) auf die tafel geschrieben und mir hinter die ohren geschrieben :) undgemerkt ;)

hab rechner neu gestartet und das ist das ergebnis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:16, on 15.09.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jana Maring Inday\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S390A.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E84708E0-B0D5-4420-887F-696F04AB8761}: NameServer = 213.191.92.87 62.109.123.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OSD Service (OsdService) - TODO: <????> - C:\Program Files\OEM\OSD_1.12\OsdService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 5781 bytes


ist das besser ??? bitte nicht schimpfen :) ^^

john.doe 15.09.2009 20:05
Zitat:
ist das besser ??? bitte nicht schimpfen
Viel besser. http://www.cosgan.de/images/smilie/liebe/n020.gif

Vista ist toll. :)

1.) http://www.trojaner-board.de/72647-b...ktivieren.html

2.) Systemwiederherstellung deaktivieren

3.) Mausklick rechts auf HJT => Ausführen als Administrator => Do a system scan only => Markiere:
Code:
Alle R0, R1, O2, O3, O9 und O16-Einträge
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM')
=> Fix checked => Neustart => Neues HJT-Log posten.

4.) Aktiviere die Systemwiederherstellung.

5.) Aktiviere die Benutzerkontensteuerung.

ciao, andreas

Maring 15.09.2009 20:24
das freut mich dass ich keine schimpfe kriege ^^

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:27, on 15.09.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jana Maring Inday\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S390A.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E84708E0-B0D5-4420-887F-696F04AB8761}: NameServer = 213.191.92.87 62.109.123.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OSD Service (OsdService) - TODO: <????> - C:\Program Files\OEM\OSD_1.12\OsdService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 5832 bytes

john.doe 15.09.2009 20:33
Jetzt darfst du mit mir schimpfen. Ich habe da etwas übersehen, das recht neu zu sein scheint. Bitte deinstalliere noch:
  • Funky Emoticons

Bitte in Zukunft vorsichtiger mit Downloads und Installationen sein. Grundsätzlich davon ausgehen, dass alles schädlich sein kann, dass du dir lädtst.

Start => Ausführen => cmd [Strg][Shift][Enter]
Code:
sc stop gusvc [Enter]
sc delete gusvc [Enter]
exit [Enter]
Du bist entlassen. :)

ciao, andreas

Maring 15.09.2009 21:10
okay ich merks mir... aber meine schwester ist auch schuld... ^^
ne ne ich nehm alles auf mich ^^

vielen vielen vielen lieben dank dir !!!!!!
;)

grüße maring


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131