Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   AV Security Suite - Bitte um Auswertung des RSIT Logfiles (https://www.trojaner-board.de/88039-av-security-suite-bitte-um-auswertung-rsit-logfiles.html)

kuecho 12.07.2010 08:15
AV Security Suite - Bitte um Auswertung des RSIT Logfiles
 
Hallo Liebe Leute,

Jetzt bin auch ich Opfer dieser AV Security Suite geworden.
Zum Glück habe ich in eurem Board die Anleitung zur Entfernung selbiger gefunden und möchte nun der Aufforderung von "Da GuRu" nachkommen und euch mit meinem Logfile von RSIT beglücken :).
Ich habe eben zum zweitem Mal in den abgesicherten Modus gebootet, mit "rkill" die Prozesse gestoppt und lasse gerade das Anti-Malware Programm laufen.
Zum zweiten Mal weil, wie befürchtet, der erste Durchgang die AV Security Suite nicht ganz entfernt hat. Ich hoffe ihr findet was - ich habe sowas von keine Lust bei dem Wetter meine Kiste neu aufzusetzen!

In der Hoffnung mich an alle Forenregeln gehalten zu haben danke ich schonmal im Voraus!

Hier nun mein Logfile (erstellt direkt nach dem Beenden von Anti-Malware, ohne Neustart) mit der Bitte um Auswertung:



RSIT Logfile:
Code:
Logfile of random's system information tool 1.08 (written by random/random)
Run by kuecho at 2010-07-12 09:06:38
Microsoft Windows 7 Home Premium 
System drive C: has 40 GB (40%) free of 100 GB
Total RAM: 3583 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:06:47, on 12.07.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\system32\ctfmon.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Andreas\Software\AV Security Suite entfernen\RSIT.exe
C:\Program Files\trend micro\kuecho.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 5228 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-07 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"FreePDF Assistant"=C:\Program Files\FreePDF_XP\fpassist.exe [2009-09-05 385024]
"NPSStartup"= []
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-05-19 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2008-12-12 132392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\Windows\system32\CTXFIHLP.EXE [2009-06-04 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-03-13 2060288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^kuecho^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-12 08:36:48 ----RASH---- C:\MSDOS.SYS
2010-07-12 08:36:48 ----RASH---- C:\IO.SYS
2010-07-12 08:36:47 ----HD---- C:\Windows\PIF
2010-07-12 07:57:04 ----D---- C:\rsit
2010-07-12 07:57:04 ----D---- C:\Program Files\trend micro
2010-07-11 20:32:44 ----D---- C:\Users\kuecho\AppData\Roaming\Malwarebytes
2010-07-11 20:32:16 ----D---- C:\ProgramData\Malwarebytes
2010-07-11 20:32:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-11 20:32:16 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-11 20:32:16 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-03 06:46:34 ----SHD---- C:\Config.Msi
2010-06-24 09:55:08 ----D---- C:\Program Files\FileZilla FTP Client
2010-06-23 22:37:32 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-23 22:37:32 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-23 22:37:32 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-23 22:37:32 ----A---- C:\Windows\system32\mscoree.dll
2010-06-23 22:37:32 ----A---- C:\Windows\system32\dfshim.dll
2010-06-23 06:24:43 ----A---- C:\Windows\system32\ntdll.dll
2010-06-23 06:24:43 ----A---- C:\Windows\system32\CPFilters.dll
2010-06-23 06:24:42 ----A---- C:\Windows\system32\msdri.dll
2010-06-16 07:19:10 ----D---- C:\Geldtipps HomeBanking
2010-06-16 07:16:17 ----D---- C:\Users\kuecho\AppData\Roaming\Akademische Arbeitsgemeinschaft
2010-06-16 07:12:08 ----D---- C:\Program Files\Akademische Arbeitsgemeinschaft
2010-06-16 06:59:31 ----D---- C:\ProgramData\Akademische Arbeitsgemeinschaft
2010-06-16 06:59:31 ----D---- C:\ProgramData\AAV
2010-06-15 12:42:38 ----D---- C:\Program Files\QS

======List of files/folders modified in the last 1 months======

2010-07-12 09:06:40 ----D---- C:\Windows\Temp
2010-07-12 08:42:00 ----D---- C:\Windows
2010-07-12 08:41:22 ----D---- C:\Program Files\CCleaner
2010-07-12 08:37:42 ----D---- C:\Program Files\Mozilla Thunderbird
2010-07-12 08:33:08 ----D---- C:\Windows\Prefetch
2010-07-12 08:01:38 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-07-12 07:57:04 ----RD---- C:\Program Files
2010-07-12 07:14:57 ----D---- C:\Windows\system32\config
2010-07-12 07:07:49 ----D---- C:\Windows\System32
2010-07-12 07:07:49 ----D---- C:\Windows\inf
2010-07-12 07:07:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-12 07:01:29 ----D---- C:\Windows\system32\drivers
2010-07-12 07:01:29 ----D---- C:\Windows\Cursors
2010-07-11 20:32:16 ----HD---- C:\ProgramData
2010-07-09 11:36:55 ----D---- C:\Users\kuecho\AppData\Roaming\vlc
2010-07-09 07:08:35 ----SHD---- C:\System Volume Information
2010-07-06 10:13:17 ----D---- C:\ProgramData\Blizzard Entertainment
2010-07-04 22:16:26 ----D---- C:\Windows\system32\catroot2
2010-07-03 06:46:43 ----SHD---- C:\Windows\Installer
2010-07-01 08:12:14 ----D---- C:\Users\kuecho\AppData\Roaming\Winamp
2010-06-30 07:13:47 ----D---- C:\Program Files\Winamp
2010-06-30 07:13:43 ----D---- C:\Program Files\Winamp Detect
2010-06-30 06:25:30 ----D---- C:\Program Files\Mozilla Firefox
2010-06-26 06:32:10 ----RSD---- C:\Windows\assembly
2010-06-26 06:32:10 ----D---- C:\Windows\Microsoft.NET
2010-06-26 05:53:42 ----D---- C:\Windows\system32\de-DE
2010-06-26 05:52:15 ----D---- C:\Windows\system32\en-US
2010-06-26 05:52:14 ----D---- C:\Program Files\Microsoft.NET
2010-06-24 14:21:09 ----D---- C:\Users\kuecho\AppData\Roaming\FileZilla
2010-06-24 06:39:51 ----D---- C:\Windows\winsxs
2010-06-23 22:37:33 ----D---- C:\Windows\system32\catroot
2010-06-23 22:37:30 ----D---- C:\Windows\ehome
2010-06-23 22:37:26 ----D---- C:\Windows\AppPatch
2010-06-15 20:45:48 ----D---- C:\Program Files\MyDefrag v4.2.9
2010-06-13 20:24:28 ----D---- C:\Windows\system32\FxsTmp
2010-06-13 09:21:44 ----D---- C:\Windows\debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hotcore3;hc3ServiceName; C:\Windows\system32\DRIVERS\hotcore3.sys [2010-01-26 40560]
R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2007-06-25 110112]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2010-05-06 43528]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
S1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
S1 Uim_IM;UIM Drive Backup Image Plugin; C:\Windows\System32\Drivers\Uim_IM.sys [2010-01-26 385544]
S1 UimBus;Universal Image Mounter Controller; C:\Windows\system32\DRIVERS\UimBus.sys [2010-01-26 34392]
S2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 61883;61883-Einheitsgerät; C:\Windows\system32\DRIVERS\61883.sys [2009-07-14 46976]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-02-03 5313536]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-02-03 150016]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-03 5313536]
S3 Avc;AVC-Gerät; C:\Windows\system32\DRIVERS\avc.sys [2009-07-14 40320]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 CT20XUT.SYS;CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]
S3 CT20XUT;CT20XUT; C:\Windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]
S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2009-06-04 511000]
S3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2009-06-04 526232]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\Windows\system32\drivers\ctdvda2k.sys [2009-06-04 347080]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\Windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
S3 CTEXFIFX;CTEXFIFX; C:\Windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS; C:\Windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]
S3 CTHWIUT;CTHWIUT; C:\Windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]
S3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2009-06-04 14360]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2009-06-04 158744]
S3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2009-06-04 95768]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [2009-06-04 1177624]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-03-07 101504]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\DRIVERS\LVUSBSta.sys [2005-01-19 22016]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2009-07-14 52608]
S3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2009-06-04 130072]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 PID_0928;Labtec WebCam(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2005-01-19 211712]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AAV UpdateService;AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-02-03 172032]
S2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2009-02-23 307200]
S2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-15 135664]
S2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
S2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-02 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-03-06 79360]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-05-06 651720]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]

-----------------EOF-----------------
--- --- ---


DANKE und Gruß
kuecho

cosinus 12.07.2010 18:19
Poste bitte alle Logfiles von Malwarebytes.

kuecho 12.07.2010 19:16
Hallo Arne,

hier das Logfile von Aniti-Malware von heute morgen:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4303

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

12.07.2010 09:05:49
mbam-log-2010-07-12 (09-05-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 341544
Laufzeit: 26 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fbeoxoym (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\kuecho\AppData\Local\poeviddsl\ptuycpstssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\kuecho\AppData\Local\Temp\jhMb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Sieht so aus als hätte er beim zweiten Durchgang alles sauber bekommen. Oder?!
Zumindest läuft der PC seit 2 Stunden problemlos.

Gruß
kuecho

cosinus 12.07.2010 19:35
Wo ist das Log vom 1. Durchgang?

kuecho 13.07.2010 06:28
hier:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4303

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

11.07.2010 21:05:51
mbam-log-2010-07-11 (21-05-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 341579
Laufzeit: 25 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\kuecho\AppData\Local\Temp\ELNB.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\kuecho\AppData\Local\Temp\qLAu.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\kuecho\AppData\Local\workdjrff\xdrkuwstsloijuggb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

cosinus 13.07.2010 11:01
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

kuecho 13.07.2010 11:45
Hier das erste Logfile (OTL.txt):

OTL Logfile:
Code:
OTL logfile created on: 13.07.2010 12:30:22 - Run 1
OTL by OldTimer - Version 3.2.9.0    Folder = C:\Users\kuecho\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 53,48 Gb Free Space | 54,76% Space Free | Partition Type: NTFS
Drive D: | 498,51 Gb Total Space | 251,60 Gb Free Space | 50,47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: #####
Current User Name: kuecho
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\kuecho\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\kuecho\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (AdobeActiveFileMonitor7.0) -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (PID_0928) Labtec WebCam(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Labtec Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Labtec Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://news.google.de/nwshp?client=firefox-a&rls=org.mozilla:de:official&hl=de&tab=wn"
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.7.8
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: LDSI_plashcor@gmail.com:0.6.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.30 07:13:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.30 06:25:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.19 07:55:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.03.06 14:12:26 | 000,000,000 | ---D | M] -- C:\Users\kuecho\AppData\Roaming\mozilla\Extensions
[2010.03.06 10:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kuecho\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.13 10:48:58 | 000,000,000 | ---D | M] -- C:\Users\kuecho\AppData\Roaming\mozilla\Firefox\Profiles\oxva2ztn.default\extensions
[2010.07.07 09:16:03 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\kuecho\AppData\Roaming\mozilla\Firefox\Profiles\oxva2ztn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.07.13 10:48:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\kuecho\AppData\Roaming\mozilla\Firefox\Profiles\oxva2ztn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.26 15:37:27 | 000,000,000 | ---D | M] -- C:\Users\kuecho\AppData\Roaming\mozilla\Firefox\Profiles\oxva2ztn.default\extensions\fb_add_on@avm.de
[2010.07.03 21:37:15 | 000,000,000 | ---D | M] -- C:\Users\kuecho\AppData\Roaming\mozilla\Firefox\Profiles\oxva2ztn.default\extensions\foxmarks@kei.com
[2010.04.21 06:42:30 | 000,000,000 | ---D | M] -- C:\Users\kuecho\AppData\Roaming\mozilla\Firefox\Profiles\oxva2ztn.default\extensions\LDSI_plashcor@gmail.com
[2010.03.07 21:06:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.29 06:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{082994c2-559f-11df-932e-001fd06c7011}\Shell - "" = AutoRun
O33 - MountPoints2\{082994c2-559f-11df-932e-001fd06c7011}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{082994e3-559f-11df-932e-001fd06c7011}\Shell - "" = AutoRun
O33 - MountPoints2\{082994e3-559f-11df-932e-001fd06c7011}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{082994f8-559f-11df-932e-001fd06c7011}\Shell - "" = AutoRun
O33 - MountPoints2\{082994f8-559f-11df-932e-001fd06c7011}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.13 12:25:41 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\kuecho\Desktop\OTL.exe
[2010.07.12 16:34:55 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.07.12 16:34:55 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.07.12 16:34:55 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.07.12 16:34:42 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.07.12 16:34:42 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.07.12 16:34:41 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.07.12 16:34:41 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.07.12 16:34:40 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.07.12 16:34:37 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Doctor
[2010.07.12 16:34:37 | 000,000,000 | ---D | C] -- C:\Users\kuecho\AppData\Roaming\PC Tools
[2010.07.12 16:34:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools
[2010.07.12 16:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.07.12 16:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.07.12 09:40:21 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.07.12 08:36:47 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010.07.12 08:20:34 | 000,000,000 | ---D | C] -- C:\Users\kuecho\AppData\Local\poeviddsl
[2010.07.12 07:57:04 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.07.12 07:57:04 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.11 20:32:44 | 000,000,000 | ---D | C] -- C:\Users\kuecho\AppData\Roaming\Malwarebytes
[2010.07.11 20:32:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.11 20:32:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.11 20:32:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.11 20:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.24 09:55:08 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client
[2010.06.23 22:37:32 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.23 22:37:32 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.23 22:37:32 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.23 06:24:43 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.06.23 06:24:42 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.06.23 06:24:42 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.06.23 06:24:42 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.06.16 07:19:10 | 000,000,000 | ---D | C] -- C:\Geldtipps HomeBanking
[2010.06.16 07:16:17 | 000,000,000 | ---D | C] -- C:\Users\kuecho\AppData\Roaming\Akademische Arbeitsgemeinschaft
[2010.06.16 07:12:08 | 000,000,000 | ---D | C] -- C:\Programme\Akademische Arbeitsgemeinschaft
[2010.06.16 06:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Akademische Arbeitsgemeinschaft
[2010.06.16 06:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AAV
[2010.06.15 12:42:38 | 000,000,000 | ---D | C] -- C:\Programme\QS
[2010.06.15 12:42:32 | 000,000,000 | ---D | C] -- C:\Users\kuecho\temp
[2009.06.04 01:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.13 12:32:13 | 006,553,600 | -HS- | M] () -- C:\Users\kuecho\NTUSER.DAT
[2010.07.13 12:25:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\kuecho\Desktop\OTL.exe
[2010.07.13 12:25:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.13 09:37:27 | 000,055,808 | ---- | M] () -- C:\Users\kuecho\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.13 07:28:45 | 000,014,608 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.13 07:28:45 | 000,014,608 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.13 07:21:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.13 07:21:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.13 07:21:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.13 07:20:59 | 2817,433,600 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.12 20:18:06 | 000,054,568 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000001-00000000-00000009-00001102-00000005-00211102}.rfx
[2010.07.12 20:18:06 | 000,054,568 | ---- | M] () -- C:\Windows\System32\BMXState-{00000001-00000000-00000009-00001102-00000005-00211102}.rfx
[2010.07.12 20:18:06 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000001-00000000-00000009-00001102-00000005-00211102}.rfx
[2010.07.12 20:17:50 | 001,740,474 | -H-- | M] () -- C:\Users\kuecho\AppData\Local\IconCache.db
[2010.07.12 08:36:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.07.12 08:36:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.07.12 07:07:49 | 001,498,506 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.12 07:07:49 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.12 07:07:49 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.12 07:07:49 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.12 07:07:49 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.18 15:52:49 | 000,001,077 | ---- | M] () -- C:\Users\kuecho\Desktop\Downloads.lnk
[2010.06.16 06:45:07 | 000,001,506 | ---- | M] () -- C:\Users\kuecho\Desktop\itsk.lnk
 
========== Files Created - No Company Name ==========
 
[2010.07.12 16:34:55 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.07.12 16:34:55 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.07.12 16:34:55 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.07.12 16:34:55 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.07.12 16:34:55 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.07.12 16:34:42 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010.07.12 16:34:41 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010.07.12 16:34:41 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010.07.12 16:34:40 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010.07.12 08:36:48 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010.07.12 08:36:48 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010.06.16 06:42:42 | 000,001,506 | ---- | C] () -- C:\Users\kuecho\Desktop\itsk.lnk
[2010.05.19 14:21:20 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.05.19 14:21:20 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.04.17 19:56:22 | 000,000,026 | ---- | C] () -- C:\Windows\neosetup.INI
[2010.03.09 10:52:23 | 000,000,514 | ---- | C] () -- C:\Windows\wiso.ini
[2010.03.06 16:36:50 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010.03.06 16:36:50 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010.03.06 16:36:20 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL
[2010.03.06 14:08:34 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.04 02:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009.06.04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009.06.04 01:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009.05.27 10:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2005.01.19 09:30:54 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
--- --- ---



Und das Zweite (Extras.txt):

OTL Logfile:
Code:
OTL Extras logfile created on: 13.07.2010 12:30:22 - Run 1
OTL by OldTimer - Version 3.2.9.0    Folder = C:\Users\kuecho\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 53,48 Gb Free Space | 54,76% Space Free | Partition Type: NTFS
Drive D: | 498,51 Gb Total Space | 251,60 Gb Free Space | 50,47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MASTER
Current User Name: kuecho
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047A167B-0C6B-41F3-B5E6-E968F92468C1}" = ACDSee Image Decoder Update
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{29258311-EA49-11DE-967C-005056C00008}" = Paragon Festplatten Manager™ 2010 Kompakt
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Foto-Manager 2009
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44180AF6-7A2A-B2C6-CBC9-AF2547AFD8E6}" = ATI Catalyst Install Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7b7e564b-0c70-4506-9ab6-b7a2044425ab}" = Gigaset QuickSync
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95421851-D1B1-40D8-A7D2-2CFF2094137F}" = Geldtipps Homebanking 2010 1und1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E9BEF2F6-DBB3-489C-8F80-0CBCA11E1031}" = Nero 8
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"AVI Joiner_is1" = AVI Joiner version 1.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Carom3D" = Carom3D
"CCleaner" = CCleaner
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"Defraggler" = Defraggler
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EPSON Scanner" = EPSON Scan
"Exsate DV Capture Live_is1" = Exsate DV Capture Live
"FileZilla Client" = FileZilla Client 3.3.3
"FreePDF_XP" = FreePDF (Remove only)
"Gordian Knot" = Gordian Knot Rip Pack 0.35.0
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MobMap_is1" = MobMap 3.53
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
"MyDefrag v4.2.9_is1" = MyDefrag v4.2.9
"myphotobook" = myphotobook 3.65
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Smart Recorder" = Creative Smart Recorder
"Spyware Doctor" = Spyware Doctor 7.0
"Streamripper" = Streamripper (Remove only)
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 1.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.07.2010 10:34:25 | Computer Name = Master | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.07.2010 10:34:30 | Computer Name = Master | Source = PerfNet | ID = 2004
Description =
 
Error - 12.07.2010 10:35:04 | Computer Name = Master | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.07.2010 10:36:32 | Computer Name = Master | Source = PerfNet | ID = 2004
Description =
 
Error - 12.07.2010 10:37:15 | Computer Name = Master | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.07.2010 10:42:32 | Computer Name = Master | Source = PerfNet | ID = 2004
Description =
 
Error - 12.07.2010 11:06:00 | Computer Name = Master | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7600.16385,
 Zeitstempel: 0x4a5bc3e6  Name des fehlerhaften Moduls: MSIB2BF.tmp, Version: 14.0.0.168,
 Zeitstempel: 0x471383db  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0009371f  ID des fehlerhaften
 Prozesses: 0xdac  Startzeit der fehlerhaften Anwendung: 0x01cb21d3b68487d0  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\MsiExec.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\Installer\MSIB2BF.tmp  Berichtskennung: fb004c50-8dc6-11df-a5e5-001fd06c7011
 
Error - 12.07.2010 11:50:10 | Computer Name = Master | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "Vodafone Mobile Connect Service" konnte
 nicht neu gestartet werden.
 
Error - 13.07.2010 02:19:21 | Computer Name = Master | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\mozbackup\dll\DelZip179.dll".
 Fehler in Manifest- oder Richtliniendatei "c:\program files\mozbackup\dll\DelZip179.dll"
 in Zeile 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
 ungültig.
 
Error - 13.07.2010 02:20:10 | Computer Name = Master | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 06.05.2010 07:43:31 | Computer Name = Master | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?05.?2010 um 13:42:06 unerwartet heruntergefahren.
 
Error - 06.05.2010 15:34:59 | Computer Name = Master | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 12.05.2010 14:01:04 | Computer Name = Master | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 18.05.2010 00:48:20 | Computer Name = Master | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 19.05.2010 08:21:20 | Computer Name = Master | Source = Service Control Manager | ID = 7030
Description = Der Dienst "FsUsbExService" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 19.05.2010 08:23:42 | Computer Name = Master | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ServiceLayer" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 23.05.2010 02:45:49 | Computer Name = Master | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 02.06.2010 12:09:15 | Computer Name = Master | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?06.?2010 um 18:07:19 unerwartet heruntergefahren.
 
Error - 15.06.2010 12:50:41 | Computer Name = Master | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 19.06.2010 00:08:41 | Computer Name = Master | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?06.?2010 um 18:07:16 unerwartet heruntergefahren.
 
 
< End of report >
--- --- ---



Gruß
kuecho

cosinus 13.07.2010 12:10
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
O33 - MountPoints2\{082994c2-559f-11df-932e-001fd06c7011}\Shell - "" = AutoRun
O33 - MountPoints2\{082994c2-559f-11df-932e-001fd06c7011}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{082994e3-559f-11df-932e-001fd06c7011}\Shell - "" = AutoRun
O33 - MountPoints2\{082994e3-559f-11df-932e-001fd06c7011}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{082994f8-559f-11df-932e-001fd06c7011}\Shell - "" = AutoRun
O33 - MountPoints2\{082994f8-559f-11df-932e-001fd06c7011}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
[2010.07.12 16:34:55 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.07.12 16:34:55 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.07.12 16:34:55 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.07.12 16:34:55 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.07.12 16:34:55 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

kuecho 13.07.2010 14:13
Wow! Das geht ja echt schnell bei euch! :)
Hier das Log:
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{082994c2-559f-11df-932e-001fd06c7011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{082994c2-559f-11df-932e-001fd06c7011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{082994c2-559f-11df-932e-001fd06c7011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{082994c2-559f-11df-932e-001fd06c7011}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{082994e3-559f-11df-932e-001fd06c7011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{082994e3-559f-11df-932e-001fd06c7011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{082994e3-559f-11df-932e-001fd06c7011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{082994e3-559f-11df-932e-001fd06c7011}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{082994f8-559f-11df-932e-001fd06c7011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{082994f8-559f-11df-932e-001fd06c7011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{082994f8-559f-11df-932e-001fd06c7011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{082994f8-559f-11df-932e-001fd06c7011}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\setup.exe not found.
C:\Windows\UDB.zip moved successfully.
C:\Windows\BDTSupport.dll moved successfully.
C:\Windows\RegSDImport.xml moved successfully.
C:\Windows\RegISSImport.xml moved successfully.
C:\Windows\IDB.zip moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: kuecho
->Temp folder emptied: 885777 bytes
->Java cache emptied: 21971454 bytes
->FireFox cache emptied: 61987212 bytes
->Flash cache emptied: 3339 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3284 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 81,00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07132010_150659

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 13.07.2010 15:30
Ok, dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in smss.exe.
[IMG]http://saved.im/mtc0ntmzz2m4/smss.jpg[/IMG]
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte smss.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

kuecho 13.07.2010 19:15
So, habe ComboFix durchlaufen lassen.
Allerdings habe verpennt es vorher umzubenennen.
Und Ccleaner habe ich nach dem Scan mit ComboFix durchlaufen lassen.
Muss am Wetter liegen, Asche auf mein Haupt! :headbang:
Ich hoffe das ändert nichts wesentliches am Ergebnis.

Hier die Logdatei von ComboFix:

Combofix Logfile:
Code:
ComboFix 10-07-12.06 - kuecho 13.07.2010  19:58:19.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3583.2686 [GMT 2:00]
ausgeführt von:: c:\users\kuecho\Downloads\ComboFix.exe
.

(((((((((((((((((((((((  Dateien erstellt von 2010-06-13 bis 2010-07-13  ))))))))))))))))))))))))))))))
.

2010-07-13 18:02 . 2010-07-13 18:02        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-07-13 13:06 . 2010-07-13 13:06        --------        d-----w-        C:\_OTL
2010-07-12 07:40 . 2010-07-12 07:40        --------        d-----w-        c:\windows\Sun
2010-07-12 06:36 . 2010-07-12 06:36        --------        d--h--w-        c:\windows\PIF
2010-07-12 06:20 . 2010-07-12 07:05        --------        d-----w-        c:\users\kuecho\AppData\Local\poeviddsl
2010-07-12 05:57 . 2010-07-12 07:06        --------        d-----w-        c:\program files\trend micro
2010-07-12 05:57 . 2010-07-12 05:57        --------        d-----w-        C:\rsit
2010-07-11 18:32 . 2010-07-11 18:32        --------        d-----w-        c:\users\kuecho\AppData\Roaming\Malwarebytes
2010-07-11 18:32 . 2010-07-11 18:32        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-07-11 18:32 . 2010-07-11 18:32        --------        d-----w-        c:\programdata\Malwarebytes
2010-07-11 18:32 . 2010-04-29 10:19        38224        ------w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 18:32 . 2010-04-29 10:19        20952        ------w-        c:\windows\system32\drivers\mbam.sys
2010-07-03 04:46 . 2010-07-03 04:46        1201        ----a-w-        c:\programdata\Akademische Arbeitsgemeinschaft\Geldtipps HomeBanking\2\1und1\UpdateFiles\1und1_2.11.bat
2010-06-24 07:55 . 2010-06-24 07:55        --------        d-----w-        c:\program files\FileZilla FTP Client
2010-06-23 20:37 . 2009-11-25 10:47        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2010-06-23 20:37 . 2009-11-25 10:47        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2010-06-23 20:37 . 2009-11-25 10:47        297808        ----a-w-        c:\windows\system32\mscoree.dll
2010-06-23 20:37 . 2009-11-25 10:47        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2010-06-23 20:37 . 2009-11-25 10:47        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2010-06-23 04:24 . 2010-05-09 09:14        641536        ----a-w-        c:\windows\system32\CPFilters.dll
2010-06-23 04:24 . 2010-03-24 06:37        1286456        ----a-w-        c:\windows\system32\ntdll.dll
2010-06-23 04:24 . 2010-05-09 09:14        417792        ----a-w-        c:\windows\system32\msdri.dll
2010-06-16 08:38 . 2010-06-16 08:38        1201        ----a-w-        c:\programdata\Akademische Arbeitsgemeinschaft\Geldtipps HomeBanking\2\1und1\UpdateFiles\1und1_2.10.bat
2010-06-16 05:19 . 2010-06-16 05:19        --------        d-----w-        C:\Geldtipps HomeBanking
2010-06-16 05:16 . 2010-06-16 09:15        --------        d-----w-        c:\users\kuecho\AppData\Roaming\Akademische Arbeitsgemeinschaft
2010-06-16 05:13 . 2010-06-16 05:13        6650        ----a-w-        c:\programdata\AAV\SSE\15\UpdateFiles\SSEStandard_Patch_15.11.bat
2010-06-16 05:13 . 2010-06-16 05:13        20776        ----a-w-        c:\programdata\AAV\SSE\15\UpdateFiles\ApplyMsp.exe
2010-06-16 05:13 . 2010-06-16 05:13        18728        ----a-w-        c:\programdata\AAV\SSE\15\UpdateFiles\RepairVLH2010.exe
2010-06-16 05:12 . 2010-06-16 05:12        53248        ----a-r-        c:\users\kuecho\AppData\Roaming\Microsoft\Installer\{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}\ARPPRODUCTICON.exe
2010-06-16 05:12 . 2010-06-16 05:12        --------        d-----w-        c:\program files\Akademische Arbeitsgemeinschaft
2010-06-16 04:59 . 2010-06-16 05:13        --------        d-----w-        c:\programdata\AAV
2010-06-16 04:59 . 2010-06-16 04:59        --------        d-----w-        c:\programdata\Akademische Arbeitsgemeinschaft
2010-06-15 10:42 . 2010-06-15 10:42        --------        d-----w-        c:\program files\QS
2010-06-15 10:42 . 2010-06-15 10:42        --------        d-----w-        c:\users\kuecho\temp

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 17:56 . 2010-07-12 14:34        --------        d-----w-        c:\program files\Spyware Doctor
2010-07-12 15:10 . 2010-03-10 16:31        --------        d-----w-        c:\program files\Pinnacle
2010-07-12 15:08 . 2010-03-10 16:23        --------        d-----w-        c:\programdata\Pinnacle
2010-07-12 14:35 . 2010-07-12 14:34        --------        d-----w-        c:\program files\Common Files\PC Tools
2010-07-12 14:34 . 2010-07-12 14:34        --------        d-----w-        c:\users\kuecho\AppData\Roaming\PC Tools
2010-07-12 14:34 . 2010-07-12 14:34        --------        d-----w-        c:\programdata\PC Tools
2010-07-12 09:16 . 2010-03-06 07:16        --------        d-----w-        c:\program files\Mozilla Thunderbird
2010-07-12 08:36 . 2010-03-06 12:35        --------        d-----w-        c:\users\kuecho\AppData\Roaming\vlc
2010-07-12 06:41 . 2010-03-06 07:16        --------        d-----w-        c:\program files\CCleaner
2010-07-12 06:01 . 2010-05-05 11:50        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2010-07-12 05:07 . 2009-07-14 08:47        653928        ------w-        c:\windows\system32\perfh007.dat
2010-07-12 05:07 . 2009-07-14 08:47        129800        ------w-        c:\windows\system32\perfc007.dat
2010-07-06 08:13 . 2010-03-06 12:39        --------        d-----w-        c:\programdata\Blizzard Entertainment
2010-07-01 06:12 . 2010-03-06 18:53        --------        d-----w-        c:\users\kuecho\AppData\Roaming\Winamp
2010-06-30 05:13 . 2010-03-06 18:53        --------        d-----w-        c:\program files\Winamp
2010-06-30 05:13 . 2010-03-06 18:53        --------        d-----w-        c:\program files\Winamp Detect
2010-06-26 03:52 . 2010-03-06 07:29        --------        d-----w-        c:\program files\Microsoft.NET
2010-06-24 12:21 . 2010-05-05 17:40        --------        d-----w-        c:\users\kuecho\AppData\Roaming\FileZilla
2010-06-15 18:45 . 2010-05-12 17:51        --------        d-----w-        c:\program files\MyDefrag v4.2.9
2010-06-12 05:16 . 2010-03-06 07:28        --------        d-----w-        c:\programdata\Microsoft Help
2010-06-06 04:18 . 2010-03-09 13:35        --------        d-----w-        c:\program files\Microsoft Silverlight
2010-05-27 07:24 . 2010-06-11 12:41        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 12:41        293888        ----a-w-        c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2010-03-06 07:26        221568        ------w-        c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-11 12:41        977920        ----a-w-        c:\windows\system32\wininet.dll
2010-05-19 14:15 . 2010-05-19 14:15        --------        d-----w-        c:\users\kuecho\AppData\Roaming\PC Suite
2010-05-19 14:15 . 2010-05-19 14:15        --------        d-----w-        c:\programdata\PC Suite
2010-05-19 13:32 . 2010-03-06 14:36        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-05-19 13:32 . 2010-05-19 13:32        --------        d-----w-        c:\program files\MarkAnyContentSAFER
2010-05-19 13:32 . 2007-10-25 15:26        5632        ------w-        c:\windows\system32\drivers\StarOpen.sys
2010-05-19 13:31 . 2010-05-19 12:24        89280248        ----a-w-        c:\users\kuecho\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
2010-05-19 12:23 . 2010-05-19 12:20        --------        d-----w-        c:\program files\Samsung
2010-05-19 12:23 . 2010-05-19 12:23        --------        d-----w-        c:\program files\DIFX
2010-05-19 12:23 . 2010-05-19 12:21        --------        d-----w-        c:\program files\PC Connectivity Solution
2010-05-19 12:21 . 2010-05-19 12:21        --------        d-----w-        c:\users\kuecho\AppData\Roaming\Samsung
2010-05-19 12:21 . 2010-05-19 12:21        --------        d-----w-        c:\program files\MarkAny
2010-05-19 12:14 . 2010-03-06 07:18        --------        d-----w-        c:\program files\Common Files\Adobe
2010-05-18 09:57 . 2010-04-28 05:48        --------        d-----w-        c:\users\kuecho\AppData\Roaming\TeamViewer
2010-05-18 09:04 . 2010-04-28 05:47        --------        d-----w-        c:\program files\TeamViewer
2010-05-06 15:33 . 2010-03-06 12:17        101504        ----a-w-        c:\users\kuecho\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-06 13:01 . 2010-05-06 13:01        129784        ------w-        c:\windows\system32\pxafs.dll
2010-05-06 13:01 . 2010-05-06 13:01        43528        ------w-        c:\windows\system32\drivers\PxHelp20.sys
2010-05-06 13:01 . 2010-05-06 13:01        118520        ------w-        c:\windows\system32\pxinsi64.exe
2010-05-06 13:01 . 2010-05-06 13:01        116472        ------w-        c:\windows\system32\pxcpyi64.exe
2010-05-02 12:43 . 2010-05-02 12:37        30210700        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative Sound Blaster X-Fi Smart Recorder (Windows Vista) 2.40.20__\SMARTREC_PCAPP_LB_2_40_20.exe
2010-05-02 12:37 . 2010-05-02 12:35        12907880        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative WaveStudio 7.12.00__\WAVESTD_PCAPP_LB_7_12_00.exe
2010-05-02 12:35 . 2010-05-02 12:27        37634288        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.26.02__\CMS5_PCAPP_LB_5_26_02.exe
2010-05-02 12:27 . 2010-05-02 12:24        18323888        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative ALchemy 1.41.02__\ALMY_PCVTAPP_LB_1_41_02.exe
2010-05-02 12:24 . 2010-05-02 12:23        8512328        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative ALchemy 1.25.10__\ALMY_PCVTAPP_LB_1_25_10.exe
2010-05-02 12:23 . 2010-05-02 12:11        62234496        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative Console Launcher 2.61.09__\CSL_PCAPP_LB_2_61_09.exe
2010-05-01 14:49 . 2010-06-11 12:41        2326528        ----a-w-        c:\windows\system32\win32k.sys
2010-04-23 07:13 . 2010-05-26 05:49        2048        ----a-w-        c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42        396800        --sha-w-        c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-05-19 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^kuecho^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\kuecho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 07:30        132392        ----a-w-        c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2009-06-03 23:55        25600        ------w-        c:\windows\System32\Ctxfihlp.exe

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 135664]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-02 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-03-06 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-01-26 40560]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 172032]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 5313536]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 150016]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - FSUSBEXDISK
.
Inhalt des "geplante Tasks" Ordners

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 06:07]

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 06:07]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\kuecho\AppData\Roaming\Mozilla\Firefox\Profiles\oxva2ztn.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.de/nwshp?client=firefox-a&rls=org.mozilla:de:official&hl=de&tab=wn
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\kuecho\AppData\Roaming\Mozilla\Firefox\Profiles\oxva2ztn.default\extensions\fb_add_on@avm.de\components\FB_AddOn.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-NPSStartup - (no file)
MSConfigStartUp-MobileConnect - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-USBToolTip - c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.032"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.abr"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ani"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.apd"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.arw"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.bay"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.bw"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.crw"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cur"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dib"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.djv"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dng"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.emf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.eps"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.erf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.fff"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.gif"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.icl"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.icn"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ico"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-211803134-2689144973-1752860366-1001)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.int"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.inta"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jif"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpg"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mef"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mos"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.nef"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.orf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pct"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pef"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pic"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pict"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pix"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.png"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.psd"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.psp"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.raf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ras"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-211803134-2689144973-1752860366-1001)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rle"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rw2"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rwl"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.srf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.tga"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.thm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.tif"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xif"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xpm"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-07-13  20:04:30
ComboFix-quarantined-files.txt  2010-07-13 18:04

Vor Suchlauf: 12 Verzeichnis(se), 57.148.055.552 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 57.063.931.904 Bytes frei

- - End Of File - - 07DF8B961A5E3A53A5566DC04CD763CA[/INDENT]
--- --- ---


Gruß
kuecho

cosinus 13.07.2010 19:39
Mach bitte den Durchgang mit CF dann nochmal. Es gibt wirklich Schädlinge die sich vor einer "combofix.exe" tarnen - deswegen diese auch löschen und neu herunterladen, aber dann auch beim herunterladen umbenennen und nicht erst nachträglich!

kuecho 13.07.2010 21:52
Danke für deine Geduld!
Hier das Logfile, jetzt wie es sein soll^^!


Combofix Logfile:
Code:
ComboFix 10-07-12.06 - kuecho 13.07.2010  22:41:38.2.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3583.2655 [GMT 2:00]
ausgeführt von:: c:\users\kuecho\Desktop\smss.exe.exe
.

(((((((((((((((((((((((  Dateien erstellt von 2010-06-13 bis 2010-07-13  ))))))))))))))))))))))))))))))
.

2010-07-13 20:45 . 2010-07-13 20:45        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-07-13 20:45 . 2010-07-13 20:45        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-07-13 13:06 . 2010-07-13 13:06        --------        d-----w-        C:\_OTL
2010-07-12 07:40 . 2010-07-12 07:40        --------        d-----w-        c:\windows\Sun
2010-07-12 06:36 . 2010-07-12 06:36        --------        d--h--w-        c:\windows\PIF
2010-07-12 06:20 . 2010-07-12 07:05        --------        d-----w-        c:\users\kuecho\AppData\Local\poeviddsl
2010-07-12 05:57 . 2010-07-12 07:06        --------        d-----w-        c:\program files\trend micro
2010-07-12 05:57 . 2010-07-12 05:57        --------        d-----w-        C:\rsit
2010-07-11 18:32 . 2010-07-11 18:32        --------        d-----w-        c:\users\kuecho\AppData\Roaming\Malwarebytes
2010-07-11 18:32 . 2010-07-11 18:32        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-07-11 18:32 . 2010-07-11 18:32        --------        d-----w-        c:\programdata\Malwarebytes
2010-07-11 18:32 . 2010-04-29 10:19        38224        ------w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 18:32 . 2010-04-29 10:19        20952        ------w-        c:\windows\system32\drivers\mbam.sys
2010-07-03 04:46 . 2010-07-03 04:46        1201        ----a-w-        c:\programdata\Akademische Arbeitsgemeinschaft\Geldtipps HomeBanking\2\1und1\UpdateFiles\1und1_2.11.bat
2010-06-24 07:55 . 2010-06-24 07:55        --------        d-----w-        c:\program files\FileZilla FTP Client
2010-06-23 20:37 . 2009-11-25 10:47        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2010-06-23 20:37 . 2009-11-25 10:47        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2010-06-23 20:37 . 2009-11-25 10:47        297808        ----a-w-        c:\windows\system32\mscoree.dll
2010-06-23 20:37 . 2009-11-25 10:47        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2010-06-23 20:37 . 2009-11-25 10:47        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2010-06-23 04:24 . 2010-05-09 09:14        641536        ----a-w-        c:\windows\system32\CPFilters.dll
2010-06-23 04:24 . 2010-03-24 06:37        1286456        ----a-w-        c:\windows\system32\ntdll.dll
2010-06-23 04:24 . 2010-05-09 09:14        417792        ----a-w-        c:\windows\system32\msdri.dll
2010-06-16 08:38 . 2010-06-16 08:38        1201        ----a-w-        c:\programdata\Akademische Arbeitsgemeinschaft\Geldtipps HomeBanking\2\1und1\UpdateFiles\1und1_2.10.bat
2010-06-16 05:19 . 2010-06-16 05:19        --------        d-----w-        C:\Geldtipps HomeBanking
2010-06-16 05:16 . 2010-06-16 09:15        --------        d-----w-        c:\users\kuecho\AppData\Roaming\Akademische Arbeitsgemeinschaft
2010-06-16 05:13 . 2010-06-16 05:13        6650        ----a-w-        c:\programdata\AAV\SSE\15\UpdateFiles\SSEStandard_Patch_15.11.bat
2010-06-16 05:13 . 2010-06-16 05:13        20776        ----a-w-        c:\programdata\AAV\SSE\15\UpdateFiles\ApplyMsp.exe
2010-06-16 05:13 . 2010-06-16 05:13        18728        ----a-w-        c:\programdata\AAV\SSE\15\UpdateFiles\RepairVLH2010.exe
2010-06-16 05:12 . 2010-06-16 05:12        53248        ----a-r-        c:\users\kuecho\AppData\Roaming\Microsoft\Installer\{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}\ARPPRODUCTICON.exe
2010-06-16 05:12 . 2010-06-16 05:12        --------        d-----w-        c:\program files\Akademische Arbeitsgemeinschaft
2010-06-16 04:59 . 2010-06-16 05:13        --------        d-----w-        c:\programdata\AAV
2010-06-16 04:59 . 2010-06-16 04:59        --------        d-----w-        c:\programdata\Akademische Arbeitsgemeinschaft
2010-06-15 10:42 . 2010-06-15 10:42        --------        d-----w-        c:\program files\QS
2010-06-15 10:42 . 2010-06-15 10:42        --------        d-----w-        c:\users\kuecho\temp

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 17:56 . 2010-07-12 14:34        --------        d-----w-        c:\program files\Spyware Doctor
2010-07-12 15:10 . 2010-03-10 16:31        --------        d-----w-        c:\program files\Pinnacle
2010-07-12 15:08 . 2010-03-10 16:23        --------        d-----w-        c:\programdata\Pinnacle
2010-07-12 14:35 . 2010-07-12 14:34        --------        d-----w-        c:\program files\Common Files\PC Tools
2010-07-12 14:34 . 2010-07-12 14:34        --------        d-----w-        c:\users\kuecho\AppData\Roaming\PC Tools
2010-07-12 14:34 . 2010-07-12 14:34        --------        d-----w-        c:\programdata\PC Tools
2010-07-12 09:16 . 2010-03-06 07:16        --------        d-----w-        c:\program files\Mozilla Thunderbird
2010-07-12 08:36 . 2010-03-06 12:35        --------        d-----w-        c:\users\kuecho\AppData\Roaming\vlc
2010-07-12 06:41 . 2010-03-06 07:16        --------        d-----w-        c:\program files\CCleaner
2010-07-12 06:01 . 2010-05-05 11:50        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2010-07-12 05:07 . 2009-07-14 08:47        653928        ------w-        c:\windows\system32\perfh007.dat
2010-07-12 05:07 . 2009-07-14 08:47        129800        ------w-        c:\windows\system32\perfc007.dat
2010-07-06 08:13 . 2010-03-06 12:39        --------        d-----w-        c:\programdata\Blizzard Entertainment
2010-07-01 06:12 . 2010-03-06 18:53        --------        d-----w-        c:\users\kuecho\AppData\Roaming\Winamp
2010-06-30 05:13 . 2010-03-06 18:53        --------        d-----w-        c:\program files\Winamp
2010-06-30 05:13 . 2010-03-06 18:53        --------        d-----w-        c:\program files\Winamp Detect
2010-06-26 03:52 . 2010-03-06 07:29        --------        d-----w-        c:\program files\Microsoft.NET
2010-06-24 12:21 . 2010-05-05 17:40        --------        d-----w-        c:\users\kuecho\AppData\Roaming\FileZilla
2010-06-15 18:45 . 2010-05-12 17:51        --------        d-----w-        c:\program files\MyDefrag v4.2.9
2010-06-12 05:16 . 2010-03-06 07:28        --------        d-----w-        c:\programdata\Microsoft Help
2010-06-06 04:18 . 2010-03-09 13:35        --------        d-----w-        c:\program files\Microsoft Silverlight
2010-05-27 07:24 . 2010-06-11 12:41        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 12:41        293888        ----a-w-        c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2010-03-06 07:26        221568        ------w-        c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-11 12:41        977920        ----a-w-        c:\windows\system32\wininet.dll
2010-05-19 14:15 . 2010-05-19 14:15        --------        d-----w-        c:\users\kuecho\AppData\Roaming\PC Suite
2010-05-19 14:15 . 2010-05-19 14:15        --------        d-----w-        c:\programdata\PC Suite
2010-05-19 13:32 . 2010-03-06 14:36        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-05-19 13:32 . 2010-05-19 13:32        --------        d-----w-        c:\program files\MarkAnyContentSAFER
2010-05-19 13:32 . 2007-10-25 15:26        5632        ------w-        c:\windows\system32\drivers\StarOpen.sys
2010-05-19 13:31 . 2010-05-19 12:24        89280248        ----a-w-        c:\users\kuecho\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
2010-05-19 12:23 . 2010-05-19 12:20        --------        d-----w-        c:\program files\Samsung
2010-05-19 12:23 . 2010-05-19 12:23        --------        d-----w-        c:\program files\DIFX
2010-05-19 12:23 . 2010-05-19 12:21        --------        d-----w-        c:\program files\PC Connectivity Solution
2010-05-19 12:21 . 2010-05-19 12:21        --------        d-----w-        c:\users\kuecho\AppData\Roaming\Samsung
2010-05-19 12:21 . 2010-05-19 12:21        --------        d-----w-        c:\program files\MarkAny
2010-05-19 12:14 . 2010-03-06 07:18        --------        d-----w-        c:\program files\Common Files\Adobe
2010-05-18 09:57 . 2010-04-28 05:48        --------        d-----w-        c:\users\kuecho\AppData\Roaming\TeamViewer
2010-05-18 09:04 . 2010-04-28 05:47        --------        d-----w-        c:\program files\TeamViewer
2010-05-06 15:33 . 2010-03-06 12:17        101504        ----a-w-        c:\users\kuecho\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-06 13:01 . 2010-05-06 13:01        129784        ------w-        c:\windows\system32\pxafs.dll
2010-05-06 13:01 . 2010-05-06 13:01        43528        ------w-        c:\windows\system32\drivers\PxHelp20.sys
2010-05-06 13:01 . 2010-05-06 13:01        118520        ------w-        c:\windows\system32\pxinsi64.exe
2010-05-06 13:01 . 2010-05-06 13:01        116472        ------w-        c:\windows\system32\pxcpyi64.exe
2010-05-02 12:43 . 2010-05-02 12:37        30210700        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative Sound Blaster X-Fi Smart Recorder (Windows Vista) 2.40.20__\SMARTREC_PCAPP_LB_2_40_20.exe
2010-05-02 12:37 . 2010-05-02 12:35        12907880        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative WaveStudio 7.12.00__\WAVESTD_PCAPP_LB_7_12_00.exe
2010-05-02 12:35 . 2010-05-02 12:27        37634288        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.26.02__\CMS5_PCAPP_LB_5_26_02.exe
2010-05-02 12:27 . 2010-05-02 12:24        18323888        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative ALchemy 1.41.02__\ALMY_PCVTAPP_LB_1_41_02.exe
2010-05-02 12:24 . 2010-05-02 12:23        8512328        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative ALchemy 1.25.10__\ALMY_PCVTAPP_LB_1_25_10.exe
2010-05-02 12:23 . 2010-05-02 12:11        62234496        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative Console Launcher 2.61.09__\CSL_PCAPP_LB_2_61_09.exe
2010-05-01 14:49 . 2010-06-11 12:41        2326528        ----a-w-        c:\windows\system32\win32k.sys
2010-04-23 07:13 . 2010-05-26 05:49        2048        ----a-w-        c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42        396800        --sha-w-        c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-05-19 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^kuecho^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\kuecho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 07:30        132392        ----a-w-        c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2009-06-03 23:55        25600        ------w-        c:\windows\System32\Ctxfihlp.exe

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 135664]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-02 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-03-06 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-01-26 40560]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 172032]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 5313536]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 150016]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - FSUSBEXDISK
.
Inhalt des "geplante Tasks" Ordners

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 06:07]

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 06:07]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\kuecho\AppData\Roaming\Mozilla\Firefox\Profiles\oxva2ztn.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.de/nwshp?client=firefox-a&rls=org.mozilla:de:official&hl=de&tab=wn
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\kuecho\AppData\Roaming\Mozilla\Firefox\Profiles\oxva2ztn.default\extensions\fb_add_on@avm.de\components\FB_AddOn.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.032"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.abr"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ani"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.apd"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.arw"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.bay"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.bw"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.crw"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cur"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dib"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.djv"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dng"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.emf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.eps"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.erf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.fff"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.gif"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.icl"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.icn"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ico"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-211803134-2689144973-1752860366-1001)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.int"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.inta"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jif"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpg"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mef"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mos"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.nef"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.orf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pct"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pef"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pic"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pict"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pix"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.png"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.psd"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.psp"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.raf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ras"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-211803134-2689144973-1752860366-1001)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rle"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rw2"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rwl"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.srf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.tga"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.thm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.tif"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xif"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xpm"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-07-13  22:47:25
ComboFix-quarantined-files.txt  2010-07-13 20:47
ComboFix2.txt  2010-07-13 18:04

Vor Suchlauf: 16 Verzeichnis(se), 57.108.393.984 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 57.056.931.840 Bytes frei

- - End Of File - - E2698DC43A2A070B2E9CA9CCD5FADE2A[/INDENT]
--- --- ---

cosinus 13.07.2010 22:24
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Folder::
c:\users\kuecho\AppData\Local\poeviddsl
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

kuecho 14.07.2010 08:33
et voilà:

Combofix Logfile:
Code:
ComboFix 10-07-13.06 - kuecho 14.07.2010  9:22.3.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3583.2699 [GMT 2:00]
ausgeführt von:: c:\users\kuecho\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\kuecho\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\system volume information\WindowsImageBackup
c:\users\kuecho\AppData\Local\poeviddsl

.
(((((((((((((((((((((((  Dateien erstellt von 2010-06-14 bis 2010-07-14  ))))))))))))))))))))))))))))))
.

2010-07-14 07:27 . 2010-07-14 07:27        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-07-14 07:27 . 2010-07-14 07:27        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-07-13 20:41 . 2010-07-13 20:47        --------        d-----w-        C:\smss.exe
2010-07-13 13:06 . 2010-07-13 13:06        --------        d-----w-        C:\_OTL
2010-07-12 07:40 . 2010-07-12 07:40        --------        d-----w-        c:\windows\Sun
2010-07-12 06:36 . 2010-07-12 06:36        --------        d--h--w-        c:\windows\PIF
2010-07-12 05:57 . 2010-07-12 07:06        --------        d-----w-        c:\program files\trend micro
2010-07-12 05:57 . 2010-07-12 05:57        --------        d-----w-        C:\rsit
2010-07-11 18:32 . 2010-07-11 18:32        --------        d-----w-        c:\users\kuecho\AppData\Roaming\Malwarebytes
2010-07-11 18:32 . 2010-07-11 18:32        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-07-11 18:32 . 2010-07-11 18:32        --------        d-----w-        c:\programdata\Malwarebytes
2010-07-11 18:32 . 2010-04-29 10:19        38224        ------w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 18:32 . 2010-04-29 10:19        20952        ------w-        c:\windows\system32\drivers\mbam.sys
2010-07-03 04:46 . 2010-07-03 04:46        1201        ----a-w-        c:\programdata\Akademische Arbeitsgemeinschaft\Geldtipps HomeBanking\2\1und1\UpdateFiles\1und1_2.11.bat
2010-06-24 07:55 . 2010-06-24 07:55        --------        d-----w-        c:\program files\FileZilla FTP Client
2010-06-23 20:37 . 2009-11-25 10:47        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2010-06-23 20:37 . 2009-11-25 10:47        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2010-06-23 20:37 . 2009-11-25 10:47        297808        ----a-w-        c:\windows\system32\mscoree.dll
2010-06-23 20:37 . 2009-11-25 10:47        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2010-06-23 20:37 . 2009-11-25 10:47        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2010-06-23 04:24 . 2010-05-09 09:14        641536        ----a-w-        c:\windows\system32\CPFilters.dll
2010-06-23 04:24 . 2010-03-24 06:37        1286456        ----a-w-        c:\windows\system32\ntdll.dll
2010-06-23 04:24 . 2010-05-09 09:14        417792        ----a-w-        c:\windows\system32\msdri.dll
2010-06-16 08:38 . 2010-06-16 08:38        1201        ----a-w-        c:\programdata\Akademische Arbeitsgemeinschaft\Geldtipps HomeBanking\2\1und1\UpdateFiles\1und1_2.10.bat
2010-06-16 05:19 . 2010-06-16 05:19        --------        d-----w-        C:\Geldtipps HomeBanking
2010-06-16 05:16 . 2010-06-16 09:15        --------        d-----w-        c:\users\kuecho\AppData\Roaming\Akademische Arbeitsgemeinschaft
2010-06-16 05:13 . 2010-06-16 05:13        6650        ----a-w-        c:\programdata\AAV\SSE\15\UpdateFiles\SSEStandard_Patch_15.11.bat
2010-06-16 05:13 . 2010-06-16 05:13        20776        ----a-w-        c:\programdata\AAV\SSE\15\UpdateFiles\ApplyMsp.exe
2010-06-16 05:13 . 2010-06-16 05:13        18728        ----a-w-        c:\programdata\AAV\SSE\15\UpdateFiles\RepairVLH2010.exe
2010-06-16 05:12 . 2010-06-16 05:12        53248        ----a-r-        c:\users\kuecho\AppData\Roaming\Microsoft\Installer\{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}\ARPPRODUCTICON.exe
2010-06-16 05:12 . 2010-06-16 05:12        --------        d-----w-        c:\program files\Akademische Arbeitsgemeinschaft
2010-06-16 04:59 . 2010-06-16 05:13        --------        d-----w-        c:\programdata\AAV
2010-06-16 04:59 . 2010-06-16 04:59        --------        d-----w-        c:\programdata\Akademische Arbeitsgemeinschaft
2010-06-15 10:42 . 2010-06-15 10:42        --------        d-----w-        c:\program files\QS
2010-06-15 10:42 . 2010-06-15 10:42        --------        d-----w-        c:\users\kuecho\temp

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 17:56 . 2010-07-12 14:34        --------        d-----w-        c:\program files\Spyware Doctor
2010-07-12 15:10 . 2010-03-10 16:31        --------        d-----w-        c:\program files\Pinnacle
2010-07-12 15:08 . 2010-03-10 16:23        --------        d-----w-        c:\programdata\Pinnacle
2010-07-12 14:35 . 2010-07-12 14:34        --------        d-----w-        c:\program files\Common Files\PC Tools
2010-07-12 14:34 . 2010-07-12 14:34        --------        d-----w-        c:\users\kuecho\AppData\Roaming\PC Tools
2010-07-12 14:34 . 2010-07-12 14:34        --------        d-----w-        c:\programdata\PC Tools
2010-07-12 09:16 . 2010-03-06 07:16        --------        d-----w-        c:\program files\Mozilla Thunderbird
2010-07-12 08:36 . 2010-03-06 12:35        --------        d-----w-        c:\users\kuecho\AppData\Roaming\vlc
2010-07-12 06:41 . 2010-03-06 07:16        --------        d-----w-        c:\program files\CCleaner
2010-07-12 06:01 . 2010-05-05 11:50        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2010-07-12 05:07 . 2009-07-14 08:47        653928        ------w-        c:\windows\system32\perfh007.dat
2010-07-12 05:07 . 2009-07-14 08:47        129800        ------w-        c:\windows\system32\perfc007.dat
2010-07-06 08:13 . 2010-03-06 12:39        --------        d-----w-        c:\programdata\Blizzard Entertainment
2010-07-01 06:12 . 2010-03-06 18:53        --------        d-----w-        c:\users\kuecho\AppData\Roaming\Winamp
2010-06-30 05:13 . 2010-03-06 18:53        --------        d-----w-        c:\program files\Winamp
2010-06-30 05:13 . 2010-03-06 18:53        --------        d-----w-        c:\program files\Winamp Detect
2010-06-26 03:52 . 2010-03-06 07:29        --------        d-----w-        c:\program files\Microsoft.NET
2010-06-24 12:21 . 2010-05-05 17:40        --------        d-----w-        c:\users\kuecho\AppData\Roaming\FileZilla
2010-06-15 18:45 . 2010-05-12 17:51        --------        d-----w-        c:\program files\MyDefrag v4.2.9
2010-06-12 05:16 . 2010-03-06 07:28        --------        d-----w-        c:\programdata\Microsoft Help
2010-06-06 04:18 . 2010-03-09 13:35        --------        d-----w-        c:\program files\Microsoft Silverlight
2010-05-27 07:24 . 2010-06-11 12:41        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 12:41        293888        ----a-w-        c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2010-03-06 07:26        221568        ------w-        c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-11 12:41        977920        ----a-w-        c:\windows\system32\wininet.dll
2010-05-19 14:15 . 2010-05-19 14:15        --------        d-----w-        c:\users\kuecho\AppData\Roaming\PC Suite
2010-05-19 14:15 . 2010-05-19 14:15        --------        d-----w-        c:\programdata\PC Suite
2010-05-19 13:32 . 2010-03-06 14:36        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-05-19 13:32 . 2010-05-19 13:32        --------        d-----w-        c:\program files\MarkAnyContentSAFER
2010-05-19 13:32 . 2007-10-25 15:26        5632        ------w-        c:\windows\system32\drivers\StarOpen.sys
2010-05-19 13:31 . 2010-05-19 12:24        89280248        ----a-w-        c:\users\kuecho\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
2010-05-19 12:23 . 2010-05-19 12:20        --------        d-----w-        c:\program files\Samsung
2010-05-19 12:23 . 2010-05-19 12:23        --------        d-----w-        c:\program files\DIFX
2010-05-19 12:23 . 2010-05-19 12:21        --------        d-----w-        c:\program files\PC Connectivity Solution
2010-05-19 12:21 . 2010-05-19 12:21        --------        d-----w-        c:\users\kuecho\AppData\Roaming\Samsung
2010-05-19 12:21 . 2010-05-19 12:21        --------        d-----w-        c:\program files\MarkAny
2010-05-19 12:14 . 2010-03-06 07:18        --------        d-----w-        c:\program files\Common Files\Adobe
2010-05-18 09:57 . 2010-04-28 05:48        --------        d-----w-        c:\users\kuecho\AppData\Roaming\TeamViewer
2010-05-18 09:04 . 2010-04-28 05:47        --------        d-----w-        c:\program files\TeamViewer
2010-05-06 15:33 . 2010-03-06 12:17        101504        ----a-w-        c:\users\kuecho\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-06 13:01 . 2010-05-06 13:01        129784        ------w-        c:\windows\system32\pxafs.dll
2010-05-06 13:01 . 2010-05-06 13:01        43528        ------w-        c:\windows\system32\drivers\PxHelp20.sys
2010-05-06 13:01 . 2010-05-06 13:01        118520        ------w-        c:\windows\system32\pxinsi64.exe
2010-05-06 13:01 . 2010-05-06 13:01        116472        ------w-        c:\windows\system32\pxcpyi64.exe
2010-05-02 12:43 . 2010-05-02 12:37        30210700        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative Sound Blaster X-Fi Smart Recorder (Windows Vista) 2.40.20__\SMARTREC_PCAPP_LB_2_40_20.exe
2010-05-02 12:37 . 2010-05-02 12:35        12907880        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative WaveStudio 7.12.00__\WAVESTD_PCAPP_LB_7_12_00.exe
2010-05-02 12:35 . 2010-05-02 12:27        37634288        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.26.02__\CMS5_PCAPP_LB_5_26_02.exe
2010-05-02 12:27 . 2010-05-02 12:24        18323888        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative ALchemy 1.41.02__\ALMY_PCVTAPP_LB_1_41_02.exe
2010-05-02 12:24 . 2010-05-02 12:23        8512328        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative ALchemy 1.25.10__\ALMY_PCVTAPP_LB_1_25_10.exe
2010-05-02 12:23 . 2010-05-02 12:11        62234496        ----a-w-        c:\programdata\Creative\Software Update\cache\Creative Console Launcher 2.61.09__\CSL_PCAPP_LB_2_61_09.exe
2010-05-01 14:49 . 2010-06-11 12:41        2326528        ----a-w-        c:\windows\system32\win32k.sys
2010-04-23 07:13 . 2010-05-26 05:49        2048        ----a-w-        c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42        396800        --sha-w-        c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-05-19 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^kuecho^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\kuecho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 07:30        132392        ----a-w-        c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2009-06-03 23:55        25600        ------w-        c:\windows\System32\Ctxfihlp.exe

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 135664]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-02 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-03-06 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-01-26 40560]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 172032]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 5313536]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 150016]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - FSUSBEXDISK
.
Inhalt des "geplante Tasks" Ordners

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 06:07]

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 06:07]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\kuecho\AppData\Roaming\Mozilla\Firefox\Profiles\oxva2ztn.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.de/nwshp?client=firefox-a&rls=org.mozilla:de:official&hl=de&tab=wn
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\kuecho\AppData\Roaming\Mozilla\Firefox\Profiles\oxva2ztn.default\extensions\fb_add_on@avm.de\components\FB_AddOn.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.032"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.abr"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ani"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.apd"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.arw"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.bay"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.bw"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.crw"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cur"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dib"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.djv"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dng"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.emf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.eps"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.erf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.fff"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.gif"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.icl"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.icn"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ico"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-211803134-2689144973-1752860366-1001)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.int"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.inta"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jif"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpg"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mef"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mos"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.nef"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.orf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pct"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pef"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pic"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pict"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pix"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.png"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.psd"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.psp"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.raf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ras"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-211803134-2689144973-1752860366-1001)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rle"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rw2"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rwl"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.srf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.tga"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.thm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.tif"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xif"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-211803134-2689144973-1752860366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xpm"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-07-14  09:28:54
ComboFix-quarantined-files.txt  2010-07-14 07:28
ComboFix2.txt  2010-07-13 20:47
ComboFix3.txt  2010-07-13 18:04

Vor Suchlauf: 17 Verzeichnis(se), 56.831.791.104 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 56.783.958.016 Bytes frei

- - End Of File - - D8800DF8501B5A5C67F5A23E514628C5[/INDENT]
--- --- ---

Gruß
kuecho

cosinus 14.07.2010 10:18
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

kuecho 14.07.2010 10:56
GMER Logfile:

GMER Logfile:
GMER Logfile:
Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-07-14 11:43:58
Windows 6.1.7600
Running: l902t31u.exe; Driver: C:\Users\kuecho\AppData\Local\Temp\uxldypow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                        ZwCreateProcess [0x8C4452D6]
SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                        ZwCreateProcessEx [0x8C4454C8]
SSDT            80591FBC                                                                                                                                            ZwCreateThread
SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                        ZwCreateUserProcess [0x8C4456D0]
SSDT            80591FA8                                                                                                                                            ZwOpenProcess
SSDT            80591FAD                                                                                                                                            ZwOpenThread
SSDT            80591FB7                                                                                                                                            ZwTerminateProcess

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                            83047AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                            83047104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                            830473F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                            830302D8
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                            8302F898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                            830471DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                            83047958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                            830476F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                            83047F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                            830481A8

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                                                    82C60599 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                              82C84F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!RtlSidHashLookup + 32C                                                                                                                82C8C83C 8 Bytes  [D6, 52, 44, 8C, C8, 54, 44, ...]
.text          ntkrnlpa.exe!RtlSidHashLookup + 34C                                                                                                                82C8C85C 4 Bytes  [BC, 1F, 59, 80]
.text          ntkrnlpa.exe!RtlSidHashLookup + 364                                                                                                                82C8C874 4 Bytes  [D0, 56, 44, 8C]
.text          ntkrnlpa.exe!RtlSidHashLookup + 4E8                                                                                                                82C8C9F8 4 Bytes  [A8, 1F, 59, 80]
.text          ntkrnlpa.exe!RtlSidHashLookup + 508                                                                                                                82C8CA18 4 Bytes  JMP DBE8779F
.text          ...                                                                                                                                               
.text          C:\Windows\system32\DRIVERS\atipmdag.sys                                                                                                            section is writeable [0x92A35000, 0x2E6316, 0xE8000020]
.text          peauth.sys                                                                                                                                          9AF5EC9D 28 Bytes  [CF, F2, C9, 9B, 76, EE, 79, ...]
.text          peauth.sys                                                                                                                                          9AF5ECC1 28 Bytes  [CF, F2, C9, 9B, 76, EE, 79, ...]
PAGE            peauth.sys                                                                                                                                          9AF64B9B 72 Bytes  [E0, D4, 1F, 64, 94, EB, 27, ...]
PAGE            peauth.sys                                                                                                                                          9AF64BEC 111 Bytes  [6E, DB, E5, 3A, 75, 64, CD, ...]
PAGE            peauth.sys                                                                                                                                          9AF64E20 101 Bytes  [24, 20, 7E, DF, B3, 54, 2C, ...]
PAGE            ...                                                                                                                                               
?              C:\Users\kuecho\AppData\Local\Temp\catchme.sys                                                                                                      Das System kann die angegebene Datei nicht finden. !
?              C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                                                          Das System kann die angegebene Datei nicht finden. !
?              C:\Users\kuecho\AppData\Local\Temp\mbr.sys                                                                                                          Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1764] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [75A85E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1764] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [75A85E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1764] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [75A85E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1764] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [75A85E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1764] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]  [75A85E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[3996] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc]                                                                    [74782494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[3996] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup]                                                                [74765624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[3996] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown]                                                              [747656E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[3996] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree]                                                                      [7478250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[3996] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics]                                                            [74778573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[3996] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage]                                                              [74774D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[3996] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth]                                                            [747750CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[3996] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight]                                                            [747751A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[3996] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                                                  [747766D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[3996] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC]                                                            [747782CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[3996] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode]                                                        [74778819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[3996] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                                                      [7477907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[3996] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI]                                                            [7477E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[3996] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage]                                                                [74774C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000055                                                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                              hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                              hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158307d054                                                                       
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158307d054@002104086c02                                                            0x86 0x8D 0xC3 0x49 ...
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158307d054 (not active ControlSet)                                                   
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158307d054@002104086c02                                                                0x86 0x8D 0xC3 0x49 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                                                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b                                  0xE2 0x63 0x26 0xF1 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                                                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b                                  0x6A 0x9C 0xD6 0x61 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                                                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016                                  0x25 0xDA 0xEC 0x7E ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                                                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48                                  0x86 0x8C 0x21 0x01 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                                                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472                                  0xF5 0x1D 0x4D 0x73 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                                                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d                                  0xB0 0x18 0xED 0xA7 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                                                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b                                  0xFB 0xA7 0x78 0xE6 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                                                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d                                  0x83 0x6C 0x56 0x8B ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                                                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3                                  0xF6 0x0F 0x4E 0x58 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                                                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b                                  0xB1 0xCD 0x45 0x5A ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                                                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6                                  0xE3 0x0E 0x66 0xD5 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                                                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2                                  0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ---[/INDENT]-
--- --- ---

--- --- ---


Und Osam Logfile:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:54:41 on 14.07.2010

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.6

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CreativeAudioConsole" - "Creative Technology Ltd" - C:\Program Files\Creative\AudioCS\CTAudCS.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\kuecho\AppData\Local\Temp\catchme.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"hc3ServiceName" (hotcore3) - "Paragon Software Group" - C:\Windows\System32\DRIVERS\hotcore3.sys
"mbr" (mbr) - ? - C:\Users\kuecho\AppData\Local\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PCTools KDS" (PCTCore) - "PC Tools" - C:\Windows\System32\drivers\PCTCore.sys
"Pinnacle Marvin Bus" (MarvinBus) - "Pinnacle Systems GmbH" - C:\Windows\System32\DRIVERS\MarvinBus.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"uxldypow" (uxldypow) - ? - C:\Users\kuecho\AppData\Local\Temp\uxldypow.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "blue.shell" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{F6ACF75C-C32C-447B-9BEF-46B766368D29} "Creative Software AutoUpdate Support Package" - "Creative Technology Ltd" - C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\CTPID.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{472734EA-242A-422B-ADF8-83D1E48CC825} "PC Tools Browser Guard" - "Threat Expert Ltd." - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} "PC Tools Browser Guard BHO" - "Threat Expert Ltd." - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\kuecho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AAV UpdateService" (AAV UpdateService) - ? - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
"Adobe Active File Monitor V7" (AdobeActiveFileMonitor7.0) - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Browser Defender Update Service" (Browser Defender Update Service) - "Threat Expert Ltd." - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
"Creative ALchemy AL6 Licensing Service" (Creative ALchemy AL6 Licensing Service) - "Creative Labs" - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
"Creative Audio Engine Licensing Service" (Creative Audio Engine Licensing Service) - "Creative Labs" - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
"Creative Audio Service" (CTAudSvcService) - "Creative Technology Ltd" - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PC Tools Auxiliary Service" (sdAuxService) - "PC Tools" - C:\Program Files\Spyware Doctor\pctsAuxs.exe
"PC Tools Security Service" (sdCoreService) - "PC Tools" - C:\Program Files\Spyware Doctor\pctsSvc.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"PCTOOLS CONTENT FILTER PROVIDER" - "PC Tools Research Pty Ltd." - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/INDENT]

Gruß
kuecho

cosinus 14.07.2010 13:58
Sieht ok aus. Bitte den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.

Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

kuecho 14.07.2010 16:24
So, ich habe einen Unknown boot code auf PhysicalDrive0.
Ich war mal so frei einen dump zu machen. Irgendwie unleserlich das Ganze.
Ich poste es trotzdem mal. Als nächstes den fix durchlaufen lassen?

dump:

è¹ð¾|¿Wó¤Ã‹Nƒùu^CâûŒV ŒVuiŠV„Òybèö »ªUÍro;^\ujÑésf´BÆFëf‰¶öþŠD„Àt<t <tŠ€â€u˃ÆÄ\‰^ŒF
þŽùþuÒ°1ÆF×PˆFÔ¾j¬„Àt´³Íëóè ˆF¾®<uÆÍ3Ò‰V‰V
è} r¸¿ ‹ÜVPP2äÍX‹õÍX^sOuë°2r²@Šfž{ÆGr5u ˆW@ÄN‰OŒGyŠNˆO%€ÇþUªu…úÍu ÆGúéÇGû”ˆè ÿätΈW$ëÉ]3ÀŽØŽÀŽÐ¼ |U½¢üûôRÍr33ÛŠÞ‹F
3Òƒá?÷ñ‘—‹F÷÷B‡Ê;ÚrC÷óŠò†ÅÑèÑè
ÈÐÌÐÌ
ô„ät´A[ŠÓÃ
MBR Error
ress any key to boot from floppy...   | ù*¦ € þÿÿ? Y5 þÿÿþÿÿ15 4=P> Uª
Gruß
kuecho

cosinus 14.07.2010 18:34
Im MBR steht fast nur binärcode, kannst Du so nicht lesen.
Fixen kannst Du den MBR so:

Bitte mal die Konsole starten über Start, Ausführen, cmd eintippen, ok.

Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen:
Code:
remover.exe fix \\.\PhysicalDrive0
Falls der den Befehl remover.exe nicht findet, die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren!

kuecho 14.07.2010 19:09
Hallo Arne,

ich habe die remover.exe mit der Option fix ausgeführt, gefolgt von einem sofortigen Neustart, gefolgt von der Nachricht: "Fehler beim Start von Windows...". Ich habe dann per Windows-CD den MBR reparieren lassen und nach einem erfolgreichen Neustart die remover.exe erneut ausgeführt. Diesesmal mit der erfreulichen Nachricht: MBR Status: OK (DOS/Win32 Boot code found)

Kann ich davon ausgehen, das dadurch ein rootkit erfolgreich bekämpft wurde und meine Kiste jetzt wieder sauber ist?!

Gruß
kuecho

cosinus 14.07.2010 19:37
Ja, der MBR sollte nun ok sein.
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

kuecho 15.07.2010 09:43
Moin Arne,

der Log von SuperAntispyware zeigt meiner Meinung nach einen "False positiv" an. Zumindest gehört die Datei zu einer vertrauenswürdigen Software.

Antimalware scheint jetzt auch sauber zu sein.

SUPERAntiSpyware:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/15/2010 at 09:10 AM

Application Version : 4.40.1002

Core Rules Database Version : 5203
Trace Rules Database Version: 3015

Scan type : Complete Scan
Total Scan Time : 01:53:46

Memory items scanned : 681
Memory threats detected : 0
Registry items scanned : 9689
Registry threats detected : 0
File items scanned : 206713
File threats detected : 1

Adware.Vundo/Variant-X32[Header]
C:\COKTEL\JUNIOR2\CURSOR32.DLL

Anti-Malware:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4315

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.07.2010 09:44:26
mbam-log-2010-07-15 (09-44-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 221054
Laufzeit: 26 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Gruß
kuecho

cosinus 15.07.2010 10:02
Zitat:
Zumindest gehört die Datei zu einer vertrauenswürdigen Software.
Ja, das ist auch meiner Meinung nach ein Fehlalarm. :)
Malwarebytes hat nichts mehr gefunden, Rechner wieder ok?

kuecho 15.07.2010 10:56
Ja! Alles bestens!
Keine Alarme mehr, kein Anzeichen einer Schadsoftware.

Ich sage gaaanz doll DANKEEE!!
:dankeschoen:
für deine Mühe und die Zeit die du dir genommen hast! :daumenhoc

Gruß
kuecho

ps: euer Spendenkonto habe ich gefunden! ;)

cosinus 15.07.2010 11:45
Gut, dann bitte abschließend die Updates prüfen, nimm meinen Leitaden dazu als Hilfe:


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19