Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   trojaner downloader win32/Renos.JW (https://www.trojaner-board.de/87721-trojaner-downloader-win32-renos-jw.html)

pauki 02.07.2010 09:55
trojaner downloader win32/Renos.JW
 
hallo!!

bräuchte dringend eure hilfe:

habe mir diese woche den trojaner downloader win 32/Renos.JW eingefangen..
er wird mir immer vom windows defender angezeigt und mir wird geraten, diesen zu entfernen; nachdem ich das jedoch getan habe, kommt die gleiche meldung nach etwa 20 minuten wieder..
antivir meldet keinen virus.
ich benutze auch regelmäßig den ccleaner.
deshalb ist nun meine frage an die experten:

wie werde ich diesen trojaner downloader wieder los bzw könnt ihr erkennen, ob noch mehr solcher mist auf meinem pc ist?
des weiteren würde ich gerne wissen, wo man sich solche downloader einfängt, ob durch mails oder im freien netz..
schon im voraus vielen dank für eure mühe

hier das hijackthis logfile:

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:51:15, on 02.07.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Video Web Camera\traybar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Video Web Camera\CEC_MAIN.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Raik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCTSYPBX\HiJackThis204[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0809&m=easynote_tj65
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0809&m=easynote_tj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0809&m=easynote_tj65
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Video Web Camera\traybar.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [RemoteControl8] "c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D1F0CF5-833F-4458-B4BA-C59CA9CC4EBC}: NameServer = 192.168.2.6,192.168.2.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9921 bytes
--- --- ---

cosinus 02.07.2010 11:25
Hallo und :hallo:

bitte nen Vollscan mit malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

pauki 02.07.2010 23:16
hallo arne,

vielen dank für die schnelle antwort :-)

hier das erste logfile von otl:

OTL Logfile:
Code:
OTL logfile created on: 02.07.2010 22:58:50 - Run 1
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 376,83 Gb Free Space | 82,64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-LAPTOP
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Packard Bell\Packard Bell Recovery Management\NotificationCenter\Notification.exe (Acer)
PRC - C:\Windows\ehome\mcupdate.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated)
PRC - C:\Programme\Video Web Camera\CEC_MAIN.exe (Chicony)
PRC - C:\Programme\Video Web Camera\traybar.exe (Chicony)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
PRC - C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Packard Bell\Packard Bell PowerSave Solution\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Norton Internet Security) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Service - Shopping bei t-online.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.27 09:42:33 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [hpqSRMon]  File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.169.160.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{aa605576-8b97-11de-8dfe-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aa605576-8b97-11de-8dfe-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.02 22:56:37 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Raik\Desktop\OTL.exe
[2010.07.02 22:45:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.07.02 22:44:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.02 22:44:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.02 22:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.02 22:44:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.02 22:43:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HPAppData
[2010.06.24 22:10:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HpUpdate
[2010.06.24 22:09:32 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2010.06.24 21:19:26 | 000,000,000 | ---D | C] -- C:\Users\***\Dokumente\My Art
[2010.06.24 21:17:22 | 000,000,000 | ---D | C] -- C:\Users\***\Dokumente\My NPS Files
[2010.06.23 18:31:28 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.23 18:31:28 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.23 18:31:28 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.23 15:54:43 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.06.23 15:54:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.06.16 15:51:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AOL
[2010.06.16 15:51:07 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2010.06.09 19:02:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.09 19:01:49 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.06.09 19:01:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.09 19:01:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.06.09 19:01:49 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.09 19:01:48 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.06.09 19:01:48 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.09 19:01:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.06.09 19:01:48 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.06.09 19:01:48 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.06.09 19:01:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.06.09 19:01:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.06.09 19:01:48 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.06.09 19:01:48 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.06.09 19:01:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.09 19:01:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.06.09 19:01:46 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.06.09 19:01:39 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.09 19:01:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.06 19:29:42 | 000,000,000 | ---D | C] -- C:\Users\***\Dokumente\Klausuren
[2010.06.05 10:42:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Engelmann Media
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.02 22:58:25 | 002,621,440 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2010.07.02 22:56:39 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.07.02 22:52:13 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.07.02 22:44:54 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.02 22:41:03 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.07.02 22:41:02 | 000,048,544 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.07.02 22:40:57 | 000,048,544 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.02 22:40:51 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.07.02 22:40:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.02 22:40:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.02 22:40:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.02 22:40:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.02 22:40:33 | 3215,818,752 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.02 11:50:47 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.07.02 11:50:47 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.07.02 11:50:41 | 002,072,332 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.07.02 08:41:38 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.02 08:41:38 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.02 08:41:38 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.02 08:41:38 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.02 08:41:38 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.02 07:54:02 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.07.01 16:52:34 | 000,010,720 | ---- | M] () -- C:\Users\***\Dokumente\tipps.docx
[2010.06.30 20:46:51 | 000,203,264 | ---- | M] () -- C:\Windows\Mkapea.exe
[2010.06.30 08:18:18 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.28 22:32:06 | 000,015,067 | ---- | M] () -- C:\Users\***\Dokumente\Mitschüler.xlsx
[2010.06.28 19:21:33 | 000,032,768 | ---- | M] () -- C:\Users\***\Dokumente\Finanzierung-28062010.doc
[2010.06.28 19:21:06 | 000,252,161 | ---- | M] () -- C:\Users\***\Dokumente\Kaufvorschlag-280610mB.pdf
[2010.06.26 22:11:54 | 000,012,806 | ---- | M] () -- C:\Users\***\Dokumente\passwörter.xlsx
[2010.06.26 17:55:20 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2010.06.13 11:03:01 | 000,176,640 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.09 23:48:37 | 000,000,000 | ---- | M] () -- C:\Windows\hpqEmlSz.INI
[2010.06.09 19:22:25 | 000,301,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010.07.02 22:44:54 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.30 20:46:55 | 000,203,264 | ---- | C] () -- C:\Windows\Mkapea.exe
[2010.06.30 20:46:54 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.06.30 20:46:52 | 000,000,244 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.06.28 19:21:32 | 000,032,768 | ---- | C] () -- C:\Users\***\Dokumente\Finanzierung-28062010.doc
[2010.06.28 19:20:58 | 000,252,161 | ---- | C] () -- C:\Users\***\Dokumente\Kaufvorschlag-280610mB.pdf
[2010.06.26 17:55:33 | 000,010,720 | ---- | C] () -- C:\Users\***\Dokumente\tipps.docx
[2010.06.09 23:48:37 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2010.05.24 10:36:06 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.05.24 10:36:06 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.12.13 16:21:18 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.12.13 16:21:18 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.10.20 09:32:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.13 22:16:20 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.24 00:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.08.18 03:52:47 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.05.30 02:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.30 02:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.03.04 21:35:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.03.04 21:35:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.03.04 21:35:53 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.03.04 21:35:53 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.12 17:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.01.31 22:48:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.06.05 10:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Engelmann Media
[2010.07.02 11:50:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2009.10.28 16:21:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2009.10.13 21:18:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Packard Bell
[2010.05.24 11:01:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2010.05.24 10:35:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2009.10.14 11:32:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2009.12.13 16:23:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2009.12.09 16:04:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VistaCodecs
[2010.07.02 11:50:50 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.07.02 22:52:13 | 000,000,244 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.07.02 22:40:51 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---




dann das zweite von otl:

OTL Logfile:
Code:
OTL Extras logfile created on: 02.07.2010 22:58:50 - Run 1
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 376,83 Gb Free Space | 82,64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-LAPTOP
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3405011576-2756577293-1254122269-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26F417C7-69DE-48B4-B6E9-5B8E4196844E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{43CCC414-C02C-4006-82B8-9A8C07B0F01D}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00467F1E-586F-4B32-BC47-0D2884A7D5C0}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{00C320B9-7C83-424F-87BE-02F9C6A18737}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{122212C3-994B-416A-B1E8-B90BCE223B2C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{1285658D-6121-420F-95E7-733A94800EA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{147EBB17-2B6A-44A2-83CA-D5CF2DC752EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1AA18E4F-B2BF-49CB-B699-541CEBC0E2C4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{1DF530D2-0F9F-43A8-B856-A1F553618FA6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{23A0AAA9-8FE1-494E-B75F-3A45CEF425D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2765310B-1005-421D-88EE-B577626526D5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{2CF2D3DB-B377-4ED4-BBA0-EF37702435B0}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{33A252B7-85B1-4539-B427-A8DBA9D9D21D}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{37946747-9FB1-40FC-8076-873BA40AF932}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{3C269E0C-BD96-4986-8D10-7729F15A8496}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{495969BC-F0D4-4EE1-8BF1-159DE7B73ECC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A73B785-2D91-4F8C-89BC-873FD262BE07}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4C47B5BF-2E48-4866-9249-656CDAF5CCDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F0DF085-7D16-4D7B-AD51-769D016F2898}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{664B3BA3-641F-4987-850D-3259CD880078}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A689121-FDAA-4777-A62C-879254524332}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{6D44C58C-7F8A-41E4-866F-6D1063D05DCE}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{7E61B3AA-42A1-4C05-9A0E-C97396AD1651}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{7EF7DBFA-DD98-4A6E-BF71-EE30271772B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{818EB585-E7ED-4EB1-97A9-A4734C44A81B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{85EAFFB9-F669-4951-90D4-E9842687CACF}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{8A7B7522-D73F-47C9-8CEB-7557F23DB616}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{93045FC7-E875-4A54-83E9-F15504E10555}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{954F1335-4CDE-41E9-8B87-1445D6F36FC0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9656A844-F6B1-495E-9B68-3D21B79998BA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A0B2AC15-6508-4791-BF01-CD03C32A5C71}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A44DA11E-E24A-43CC-8823-909F4445E71D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{ABE30988-DFF0-46A0-9FC7-C66FBBB26A6B}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{AEFC3354-7B0D-448B-B0E8-FD87430C1828}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{AF83F5A6-2381-4E61-AC23-1FF1DEF6B107}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B69367FF-3DCE-42F8-AA1F-C5C0A50AB0B3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{B86FB281-4CF5-4B9E-8432-CBFD1C983CE5}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{BB730AC6-65E8-42C7-8FD7-4FAF10E35890}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{BC1307C9-4694-4F13-9E06-31E0AB2D4169}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{C01619AB-07D8-4258-9804-00DC7B1BB97E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{C4BEAA23-A1B1-41E6-8825-929D492435D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7034BAC-3E22-4E0D-B3EA-E5FBC233BD51}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{D20EE7C6-F574-4AB3-BB40-D582E306D20D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{D43D6778-6B02-4E48-98DE-A242ADD4C5E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{D6CF8199-3526-4A67-A410-13926961C1D0}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D72ABC0E-109A-4718-B3F4-EA1BFA42AC9B}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{E3A57746-5986-47F6-8B49-0B6E77D4B308}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{E9208D96-DDD0-42C0-9F41-3A41B9AD7B25}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F66854CF-912B-4AF9-BBE0-0B05AF99F091}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"TCP Query User{0413C045-8178-4716-81C1-97637297F1E7}C:\program files\microsoft games\halo trial\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
"TCP Query User{068FB375-E57C-45F8-9515-1489A4CACFF6}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{3060F671-B169-4578-B018-B4B67CFF3938}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{38BD3EC2-2B39-406B-B2D0-B09E92983002}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{4830D40F-B96F-4524-B817-ACD3917868FA}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{5511ADF9-EE18-4132-B790-26EC3188AB5D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{8A004A3D-49A7-4222-AB9F-2BB3D2FC12CE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{8A90FF3C-EFB9-4E30-9D31-7D5E00CDD54F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8BBD74AD-B8FA-47E6-8557-5F8D6F35EEBD}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{9DE570A2-9B4F-4DD5-A272-D68BDE857BAC}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=6 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe |
"TCP Query User{CE6AF017-F803-43AD-B77E-171604199095}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{DEEF2AEE-27D1-429A-A747-D59367838BE7}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{FF18C27C-D2C9-48A0-B1EA-D8DBE085DFF6}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=6 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe |
"UDP Query User{4789D5E7-E5F3-4343-B841-D5B3C12DFAE5}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{52042F1F-53DA-4A4F-B4AF-608701135B35}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{64E6F21A-F40D-4783-BBB1-22F1859A6A56}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6D54A8AD-D5C2-4D98-8F7E-7DFAFC9F94F3}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=17 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe |
"UDP Query User{6E7CD618-F785-45A7-89B0-805E3F5EC22C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{76A2DB7F-22AB-4F11-B4E6-0EBA9B80B77A}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{78971E6A-7E8D-40E8-BF1B-8912F6A010EB}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{93BF6B0D-8751-491B-91A6-E4BCF61C5D5F}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{9A249FB4-63B3-4104-8B88-81792E36F827}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{A6A877D7-B50F-471A-B26E-0AAFA8ACAC30}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=17 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe |
"UDP Query User{DB4EC5CD-4782-4AB1-A692-E92E152A6D40}C:\program files\microsoft games\halo trial\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
"UDP Query User{DFC965CD-877C-49CF-BD4C-58259914B283}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{E81216F6-2AC0-45A0-99DF-F7B618424680}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 20
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C1BF3AC-B19D-4C26-B0A0-90833A521031}" = Nero 8 Essentials
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1" = Texas Hold'em Poker 3D - Deluxe Edition 1.0
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"Identity Card" = Identity Card
"Infocenter" = Infocenter
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"PackardBell Screensaver" = PackardBell ScreenSaver
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.2 for Windows
"SetupMyPC" = SetupMyPC
"Shop for HP Supplies" = Shop for HP Supplies
"SopCast" = SopCast 3.2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Updator" = Updator
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World Series of Poker TOC" = World Series of Poker: TOC
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"sc10-ORF_MAIN" = ORF-Ski Challenge 2010
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.06.2010 09:47:20 | Computer Name = Raik-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2010 09:47:20 | Computer Name = Raik-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2010 09:48:22 | Computer Name = Raik-Laptop | Source = WinMgmt | ID = 10
Description =
 
Error - 23.06.2010 11:29:31 | Computer Name = Raik-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18928, Zeitstempel
 0x4bdfa327, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000374, Fehleroffset 0x000afaf8,  Prozess-ID 0x15e4, Anwendungsstartzeit
 01cb12e8cf1172ad.
 
Error - 23.06.2010 16:43:54 | Computer Name = Raik-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2010 16:43:55 | Computer Name = Raik-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2010 16:43:55 | Computer Name = Raik-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2010 16:43:55 | Computer Name = Raik-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2010 16:44:01 | Computer Name = Raik-Laptop | Source = WinMgmt | ID = 10
Description =
 
Error - 23.06.2010 17:15:23 | Computer Name = Raik-Laptop | Source = WinMgmt | ID = 10
Description =
 
[ Media Center Events ]
Error - 25.10.2009 16:51:46 | Computer Name = Raik-Laptop | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 22.11.2009 13:48:07 | Computer Name = Raik-Laptop | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 08.02.2010 07:36:18 | Computer Name = Raik-Laptop | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 01.07.2010 14:03:32 | Computer Name = Raik-Laptop | Source = Service Control Manager | ID = 7022
Description =
 
Error - 01.07.2010 14:03:32 | Computer Name = Raik-Laptop | Source = Service Control Manager | ID = 7026
Description =
 
Error - 02.07.2010 01:54:56 | Computer Name = Raik-Laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02.07.2010 01:54:56 | Computer Name = Raik-Laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02.07.2010 01:55:29 | Computer Name = Raik-Laptop | Source = Service Control Manager | ID = 7022
Description =
 
Error - 02.07.2010 01:55:30 | Computer Name = Raik-Laptop | Source = Service Control Manager | ID = 7026
Description =
 
Error - 02.07.2010 16:42:09 | Computer Name = Raik-Laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02.07.2010 16:42:09 | Computer Name = Raik-Laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02.07.2010 16:42:57 | Computer Name = Raik-Laptop | Source = Service Control Manager | ID = 7022
Description =
 
Error - 02.07.2010 16:42:59 | Computer Name = Raik-Laptop | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---



und dann noch das logfile von malwarebytes:

Zitat:
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4269

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

03.07.2010 00:13:33
mbam-log-2010-07-03 (00-13-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 278355
Laufzeit: 1 Stunde(n), 26 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\QNB2EB90WX (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RZDVL2F27W (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
wünsche eine gute nacht..

lg raik

PS: bin bis montag mittag unterwegs, also bitte nicht wundern, wenn keine antwort folgt, aber das problem besteht leider auch dann noch ;-)

pauki 05.07.2010 16:18
kann mir denn keiner helfen ???

:nixda:

lg raik

cosinus 05.07.2010 18:39
Warum so ungeduldig?
Du hast doch geschrieben, dass Du bis heute Mittag unterwegs bist!
Es kommt auch hin und wieder vor, dass ich Stränge übersehe oder glaubst Du, Du bist der einzige der Hilfe will :balla:




Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)



Code:
:OTL
SRV - (Norton Internet Security) --  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
:Files
C:\Windows\tasks\*.*
C:\Windows\Mkapea.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

pauki 05.07.2010 19:13
hey arne!

tut mir leid, habe ja auch riesen respekt vor eurer arbeit hier :daumenhocund will niemand unter druck setzen...
aber wenn es um meinen pc geht, bin ich leider etwas ungeduldig..

hier das logfile:

Zitat:
All processes killed
========== OTL ==========
Service Norton Internet Security stopped successfully!
Service Norton Internet Security deleted successfully!
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
========== FILES ==========
C:\Windows\tasks\SA.DAT moved successfully.
File move failed. C:\Windows\tasks\SCHEDLGU.TXT scheduled to be moved on reboot.
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully.
File\Folder C:\Windows\Mkapea.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ***
->Temp folder emptied: 2775189 bytes
->Temporary Internet Files folder emptied: 49410989 bytes
->Java cache emptied: 50278890 bytes
->Flash cache emptied: 6582 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18628 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 98,00 mb


OTL by OldTimer - Version 3.2.7.0 log created on 07052010_200500

Files\Folders moved on Reboot...
File move failed. C:\Windows\tasks\SCHEDLGU.TXT scheduled to be moved on reboot.

Registry entries deleted on Reboot...
das klingt jetzt so, als ob die infizierten registry einträge bzw dateien gelöscht worden sind...
des weiteren ist mir aufgefallen, dass der tr downloader auch vom windows defender nicht mehr angezeigt wird..:heilig:
liegt das auch daran?

lg raik

cosinus 05.07.2010 19:43
Zitat:
aber wenn es um meinen pc geht, bin ich leider etwas ungeduldig..
Dann musst Du konsequent sein und einen Vor-Ort-Service bezahlen...da bezahlst Du dafür, dass die schnell das Problem lösen. Aber Foren und Ungeduld sind zwei Dinge, die nicht zusammenpassen.



Mach jetzt mal nen Durchgang mit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

pauki 05.07.2010 20:10
hier das file:

Combofix Logfile:
Code:
ComboFix 10-07-04.04 - *** 05.07.2010  20:57:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.1882 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\***\AppData\Local\TempDIR
c:\users\***\AppData\Local\TempDIR\WindowsXP-KB893357-v2-x86-DEU.exe
c:\users\***\AppData\Local\TempDIR\WindowsXP-KB917021-v3-x86-DEU.exe

.
(((((((((((((((((((((((  Dateien erstellt von 2010-06-05 bis 2010-07-05  ))))))))))))))))))))))))))))))
.

2010-07-05 19:03 . 2010-07-05 19:03        --------        d-----w-        c:\users\***\AppData\Local\temp
2010-07-05 19:03 . 2010-07-05 19:03        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-07-05 18:39 . 2010-07-05 18:39        --------        d-----w-        c:\users\***\AppData\Roaming\HPAppData
2010-07-05 18:05 . 2010-07-05 18:05        --------        d-----w-        C:\_OTL
2010-07-02 20:45 . 2010-07-02 20:45        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2010-07-02 20:44 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-02 20:44 . 2010-07-02 20:44        --------        d-----w-        c:\programdata\Malwarebytes
2010-07-02 20:44 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-07-02 20:44 . 2010-07-02 20:45        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-06-24 20:10 . 2010-06-25 06:28        --------        d-----w-        c:\users\***\AppData\Roaming\HpUpdate
2010-06-24 20:09 . 2010-06-24 20:09        --------        d-----w-        c:\windows\Hewlett-Packard
2010-06-23 16:31 . 2009-11-08 08:55        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2010-06-23 16:31 . 2009-11-08 08:55        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2010-06-23 16:31 . 2009-11-08 08:55        297808        ----a-w-        c:\windows\system32\mscoree.dll
2010-06-23 16:31 . 2009-11-08 08:55        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2010-06-23 16:31 . 2009-11-08 08:55        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2010-06-23 13:54 . 2010-04-16 16:43        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2010-06-23 13:54 . 2010-04-16 14:39        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-16 13:51 . 2010-06-16 13:51        --------        d-----w-        c:\users\***\AppData\Local\AOL
2010-06-16 13:51 . 2010-06-16 13:56        --------        d-----w-        c:\program files\ICQ7.2
2010-06-09 17:02 . 2010-04-05 17:01        67072        ----a-w-        c:\windows\system32\asycfilt.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 18:31 . 2009-10-13 20:23        --------        d-----w-        c:\users\***\AppData\Roaming\Skype
2010-07-05 18:06 . 2009-08-18 01:38        48544        ----a-w-        c:\programdata\nvModes.dat
2010-07-05 18:03 . 2009-10-13 21:29        --------        d-----w-        c:\users\***\AppData\Roaming\ICQ
2010-07-05 15:22 . 2009-10-13 20:25        --------        d-----w-        c:\users\***\AppData\Roaming\skypePM
2010-07-02 06:41 . 2009-03-26 01:15        628742        ----a-w-        c:\windows\system32\perfh007.dat
2010-07-02 06:41 . 2009-03-26 01:15        126454        ----a-w-        c:\windows\system32\perfc007.dat
2010-06-24 20:11 . 2009-11-05 13:00        --------        d-----w-        c:\program files\HP
2010-06-23 16:32 . 2009-03-25 17:36        --------        d-----w-        c:\program files\Microsoft.NET
2010-06-16 13:51 . 2009-10-13 21:28        --------        d-----w-        c:\program files\ICQ6.5
2010-06-16 13:51 . 2009-03-04 19:46        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-06-09 21:46 . 2009-11-05 12:58        --------        d-----w-        c:\programdata\HP
2010-06-09 17:20 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-06-09 17:08 . 2009-03-25 17:35        --------        d-----w-        c:\programdata\Microsoft Help
2010-06-05 08:42 . 2010-06-05 08:42        --------        d-----w-        c:\users\***\AppData\Roaming\Engelmann Media
2010-06-04 11:17 . 2009-10-20 09:49        --------        d-----w-        c:\program files\Microsoft Silverlight
2010-05-30 08:53 . 2010-05-30 08:53        --------        d-----w-        c:\program files\Common Files\Skype
2010-05-28 16:56 . 2009-10-13 20:13        --------        d-----w-        c:\program files\CCleaner
2010-05-27 08:08 . 2009-10-13 16:56        72208        ----a-w-        c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-27 07:42 . 2010-05-27 07:42        23685        ----a-w-        c:\windows\hpqins15.dat
2010-05-27 07:40 . 2010-05-27 07:37        78209        ----a-w-        c:\windows\hpqins05.dat
2010-05-27 07:39 . 2010-05-27 07:39        --------        d-----w-        c:\programdata\HP Product Assistant
2010-05-26 17:06 . 2010-06-09 17:01        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 17:01        289792        ----a-w-        c:\windows\system32\atmfd.dll
2010-05-24 15:44 . 2010-05-24 15:41        --------        d-----w-        c:\program files\Common Files\InstallShield
2010-05-24 09:01 . 2010-05-24 09:01        --------        d-----w-        c:\programdata\PC Suite
2010-05-24 09:01 . 2010-05-24 09:01        --------        d-----w-        c:\users\***\AppData\Roaming\PC Suite
2010-05-24 08:58 . 2010-05-24 08:58        --------        d-----w-        c:\program files\MarkAnyContentSAFER
2010-05-24 08:57 . 2007-10-25 15:26        5632        ----a-w-        c:\windows\system32\drivers\StarOpen.sys
2010-05-24 08:56 . 2010-05-24 08:46        89280248        ----a-w-        c:\users\***\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
2010-05-24 08:46 . 2010-05-24 08:34        --------        d-----w-        c:\program files\Samsung
2010-05-24 08:46 . 2010-05-24 08:46        --------        d-----w-        c:\program files\DIFX
2010-05-24 08:46 . 2010-05-24 08:35        --------        d-----w-        c:\program files\PC Connectivity Solution
2010-05-24 08:35 . 2010-05-24 08:35        --------        d-----w-        c:\users\***\AppData\Roaming\Samsung
2010-05-24 08:35 . 2010-05-24 08:35        --------        d-----w-        c:\program files\MarkAny
2010-05-24 08:31 . 2009-03-25 17:50        --------        d-----w-        c:\program files\Common Files\Adobe
2010-05-21 12:14 . 2009-10-14 10:02        221568        ------w-        c:\windows\system32\MpSigStub.exe
2010-05-19 16:56 . 2010-05-19 16:43        188740        ----a-w-        c:\windows\hpoins28.dat
2010-05-04 05:59 . 2010-06-09 17:01        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 17:01        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-09 17:01        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-09 17:01        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-09 17:01        2037248        ----a-w-        c:\windows\system32\win32k.sys
2010-04-30 21:27 . 2010-04-30 21:27        680        ----a-w-        c:\users\***\AppData\Local\d3d9caps.dat
2010-04-23 14:13 . 2010-05-26 07:46        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-23 13:54        173056        ----a-w-        c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 13:54        458752        ----a-w-        c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 13:54        542720        ----a-w-        c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 13:54        2159616        ----a-w-        c:\windows\AppPatch\AcGenral.dll
2010-04-12 15:29 . 2010-04-22 20:06        411368        ----a-w-        c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2009-03-18 1160736]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-05-24 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2008-11-06 474168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-22 13785632]
"Camera Assistant Software"="c:\program files\Video Web Camera\traybar.exe" [2009-03-10 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-05-26 254720]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe" [2009-06-23 440864]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):58,05,15,64,64,51,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3405011576-2756577293-1254122269-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe [2009-06-23 707104]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-05-26 62208]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-12-29 3715072]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-01 64032]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0809&m=easynote_tj65
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: {3D1F0CF5-833F-4458-B4BA-C59CA9CC4EBC} = 192.168.2.6,192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-hpqSRMon - (no file)
HKLM-Run-NPSStartup - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-05 21:03
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-07-05  21:05:32
ComboFix-quarantined-files.txt  2010-07-05 19:05

Vor Suchlauf: 7 Verzeichnis(se), 402.563.407.872 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 402.499.645.440 Bytes frei

- - End Of File - - EB35CBE51ED711DCE174C85F86AF986C
--- --- ---



lg raik

cosinus 05.07.2010 20:21
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

pauki 06.07.2010 20:57
da scheint doch noch etwas auf meinem laptop zu sein:

hier malwarebytes:

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4279

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

05.07.2010 22:48:31
mbam-log-2010-07-05 (22-48-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 279985
Laufzeit: 1 Stunde(n), 20 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\QNB2EB90WX (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RZDVL2F27W (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
dazu eine frage: die beiden infizierten registry keys...soll ich die mit "entferne auswahl" löschen??

dann das log von superantispyware:

Zitat:
Scan type : Complete Scan
Total Scan Time : 23:15:45

Memory items scanned : 756
Memory threats detected : 0
Registry items scanned : 10049
Registry threats detected : 2
File items scanned : 156366
File threats detected : 32

Adware.Tracking Cookie
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@ad.ad-srv[2].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@rotator.adjuggler[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@smartadserver[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@www.etracker[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@himedia.individuad[2].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@statse.webtrendslive[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@tracking.hannoversche[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@apmebf[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@ad.adnet[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@atdmt[2].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@adserver.w3anythink[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@ad.zanox[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@ads.immobilienscout24[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@im.banner.t-online[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@adfarm1.adition[2].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@mediaplex[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@adsrv.admediate[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@xiti[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@newsclick[2].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@eyewonder[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@traffictrack[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@adtech[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@doubleclick[2].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@ad.yieldmanager[2].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@zanox[2].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@www.newsclick[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@ad.boreus[2].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@zanox-affiliate[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@tradedoubler[2].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@de.sitestat[1].txt
C:\Users\Raik\AppData\Roaming\Microsoft\Windows\Cookies\raik@webmasterplan[2].txt
ia.media-imdb.com [ C:\Users\Raik\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YQTGV8C2 ]

Malware.Trace
HKU\S-1-5-21-3405011576-2756577293-1254122269-1000\Software\QNB2EB90WX

Adware.AdRotator
HKU\S-1-5-21-3405011576-2756577293-1254122269-1000\Software\RZDVL2F27W
soll ich superantispyware deinstallieren?
habe iwas davon gelesen

lg raik

PS: nicht durch die scannzeit irritieren lassen, hatte meinen pc zwischendurch im ruhezustand..

pauki 06.07.2010 21:01
ebenso die infizierten dateien bei superantispyware löschen?

lg raik

cosinus 06.07.2010 21:09
Zitat:
Datenbank Version: 4279
hast Du Malwarebytes vorher nicht aktualisiert? Ich hab extra drauf hingewiesen...
Sei es drum, da waren nur noch harmlose Überreste. Kannste alles löschen, auch das was SASW gefunden hat. :heilig:

Breedfight 06.07.2010 21:16
Zitat:
Zitat von pauki (Beitrag 539397)
ebenso die infizierten dateien bei superantispyware löschen?

lg raik

ist superantispyware nicht voll oft mit virus keygens gekoppelt?

pauki 06.07.2010 21:26
hey arne!!

ich danke dir recht herzlich für deine hilfe
malwarebytes hatte ich auf jeden fall updates geladen...keine ahnung, warum es dennoch nicht die neueste version ist..
räts du mir, programme, wie combo fix, superantispyware, malwarebytes und otl auf dem pc zu lassen?

lg raik

cosinus 06.07.2010 21:34
Zitat:
ist SUPERAntiSpyware nicht voll oft mit virus keygens gekoppelt?
SASW ist ein seriöses Tool, das ist kein Schädling drin.

Zitat:
räts du mir, programme, wie combo fix, superantispyware, malwarebytes und otl auf dem pc zu lassen?
Combofix nur wenn Du den Hinweis bekommst! Niemals auf eigene Faust ausführen!
Malwarebytes kannst und solltest Du ruhig behalten, SASW ist nicht unbedingt nötig.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:32 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131