Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   20 TANs von Deutsche Bank OnlineBanking gefordert (https://www.trojaner-board.de/95266-20-tans-deutsche-bank-onlinebanking-gefordert.html)

aomira 31.01.2011 21:50
20 TANs von Deutsche Bank OnlineBanking gefordert
 
Hallo,

auch ich habe das Problem, dass nach dem Login in mein OnlineBanking bei der Deutschen Bank 20 TANs gefordert wurden (die ich natürlich nicht eingegeben habe, stattdessen habe ich von einem anderen Rechner aus zunächst meine PIN geändert). Fast zeitgleich hat sich Microsoft Office Outlook zerschossen, es stürzt beim Versuch, neue Mails abzurufen, ab mit der Meldung "Das Programm funktioniert nicht mehr."

McAfee hat bei einem anschließend folgenden Scan neben diversen "Verfolgungs-Cookies" den Trojaner "Exploit-ByteVerify" und isoliert. Weitere Recherche hat mich schnell auf eure Seite geführt.

Ich habe mir inzwischen bei euch "Load" heruntergeladen und die enthaltene Anleitung abgearbeitet.
Gmer ist dabei abgestürzt, auch mit der nichtssagenden Fehlermeldung "Das Programm funktioniert nicht mehr", anschließend hat sich der ganze Rechner mit einem BlueScreen verabschiedet, den ich leider nicht so schnell lesen konnte.

Anbei daher alle Logfiles mit Ausnahme von Gmer:

1. Malwarebytes

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5642

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

30.01.2011 23:22:17
mbam-log-2011-01-30 (23-22-17).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145250
Laufzeit: 7 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spy.qwas.exe (Spyware.Passwords.XGen) -> Value: spy.qwas.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\spy.qwas\spy.qwas.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
2. defogger

Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:30 on 30/01/2011 (aidualc)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
3. OTL

OTL Logfile:
Code:
OTL logfile created on: 30.01.2011 23:53:06 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\aidualc\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 72,61 Gb Free Space | 50,40% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 130,47 Gb Free Space | 90,60% Space Free | Partition Type: NTFS
 
Computer Name: AIDUALC2009 | User Name: aidualc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.01.30 22:57:05 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\aidualc\Desktop\MFTools\OTL.exe
PRC - [2010.10.13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010.10.13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010.09.30 13:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2010.08.24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2010.03.15 09:58:30 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2010.03.10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010.01.20 16:49:04 | 000,308,640 | ---- | M] (Panasonic Corporation) -- C:\Programme\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.11.24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.10.08 01:19:12 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008.10.06 10:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.08.26 01:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2008.08.07 03:55:38 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.07.10 12:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.07.10 12:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.04.17 03:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.12 05:19:52 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.02.12 05:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.01.16 09:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
PRC - [2007.12.13 16:36:46 | 000,049,220 | ---- | M] (Samsung) -- C:\Programme\SEC\Natural Color Pro\NCProTray.exe
PRC - [2007.08.23 15:05:18 | 000,045,056 | ---- | M] () -- C:\Programme\MagicTune Premium\MagicTuneEngine.exe
PRC - [2007.07.18 01:08:45 | 002,094,352 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2007.07.18 00:30:12 | 000,414,992 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
PRC - [2007.07.18 00:30:03 | 001,687,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2007.07.18 00:29:52 | 000,460,048 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
PRC - [2007.07.18 00:29:34 | 000,479,504 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
PRC - [2007.07.18 00:29:24 | 000,278,288 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
PRC - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2007.01.15 16:18:00 | 000,036,864 | ---- | M] () -- C:\Programme\MagicTune Premium\GammaTray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.01.30 22:57:05 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\aidualc\Desktop\MFTools\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.05.04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009.09.25 03:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009.04.11 07:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009.04.11 07:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009.04.11 07:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008.01.21 03:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008.01.21 03:24:56 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008.01.21 03:23:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.01.05 10:17:51 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010.10.13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010.10.13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010.10.07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010.08.24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010.03.10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010.03.10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010.03.10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010.03.10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.07.10 12:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.07.10 12:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.05.13 00:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.01.16 09:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)
SRV - [2007.08.23 15:05:18 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.10.13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010.10.13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010.10.13 22:28:54 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010.10.13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010.10.13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010.10.13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010.10.13 22:28:54 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010.10.13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010.10.13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009.12.17 15:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.04.11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.11.07 01:19:36 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2008.08.05 19:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.07.28 13:52:06 | 000,272,384 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\Windows\System32\drivers\ui11rdr.SYS -- (ui11rdr)
DRV - [2008.07.26 20:24:00 | 007,548,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.22 07:33:02 | 000,319,000 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.05.08 10:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2008.04.17 08:31:00 | 002,098,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.03.28 11:19:54 | 001,363,088 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2008.02.14 00:17:10 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.28 02:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.10.26 06:39:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.07.15 23:20:26 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007.07.15 23:20:24 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006.11.28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.10.19 03:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006.08.28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2006.08.28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTictwl.sys -- (MagicTune)
DRV - [2006.02.20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15421&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.13.184
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.93
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NRO2&o=15418&locale=de_DE&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.23 21:34:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.28 15:24:29 | 000,000,000 | ---D | M]
 
[2009.06.15 06:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aidualc\AppData\Roaming\mozilla\Extensions
[2011.01.29 17:10:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aidualc\AppData\Roaming\mozilla\Firefox\Profiles\j57r7wh3.default\extensions
[2011.01.06 11:10:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\aidualc\AppData\Roaming\mozilla\Firefox\Profiles\j57r7wh3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.04 08:30:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\aidualc\AppData\Roaming\mozilla\Firefox\Profiles\j57r7wh3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.01.06 11:10:33 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\aidualc\AppData\Roaming\mozilla\Firefox\Profiles\j57r7wh3.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010.11.10 21:59:08 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Users\aidualc\AppData\Roaming\mozilla\Firefox\Profiles\j57r7wh3.default\extensions\toolbar@ask.com
[2011.01.30 21:47:05 | 000,002,255 | ---- | M] () -- C:\Users\aidualc\AppData\Roaming\Mozilla\Firefox\Profiles\j57r7wh3.default\searchplugins\askcom.xml
[2010.08.09 15:45:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.06.15 06:20:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.08.09 15:45:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.01.03 12:56:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.08.09 15:45:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.11.25 12:08:32 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.25 12:08:32 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.25 12:08:32 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.25 12:08:32 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.25 12:08:32 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20101110152655.dll (McAfee, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.187.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{025ead0b-178d-11de-a726-002269c8bef0}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\{220f2dc6-16b4-11df-895e-002269c8bef0}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O33 - MountPoints2\{73b9ad0f-07c5-11df-9617-002269c8bef0}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\{78e27f8d-026a-11de-ac97-002269c8bef0}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\{c0bf4b52-e22b-11dd-a130-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c0bf4b52-e22b-11dd-a130-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.clmp3enc - C:\Programme\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - MSh263.drv File not found
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.30 23:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.01.30 23:12:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.01.30 23:11:19 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.01.30 23:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.01.30 22:59:38 | 000,000,000 | ---D | C] -- C:\Users\aidualc\AppData\Roaming\Malwarebytes
[2011.01.30 22:59:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.30 22:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.30 22:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.30 22:59:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.30 22:59:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.01.30 22:57:00 | 000,000,000 | ---D | C] -- C:\Users\aidualc\Desktop\MFTools
[2006.11.24 06:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 06:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.30 23:50:02 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.30 23:50:02 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.30 23:50:02 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.30 23:50:02 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.30 23:45:42 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011.01.30 23:44:58 | 000,231,985 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.01.30 23:42:25 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.30 23:42:25 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.30 23:42:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.30 23:42:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.30 23:42:08 | 3215,577,088 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.30 23:42:06 | 305,966,114 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.01.30 23:39:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.30 23:30:05 | 000,000,000 | ---- | M] () -- C:\Users\aidualc\defogger_reenable
[2011.01.30 23:24:08 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.01.30 23:11:20 | 000,000,733 | ---- | M] () -- C:\Users\aidualc\Desktop\NTREGOPT.lnk
[2011.01.30 23:11:20 | 000,000,714 | ---- | M] () -- C:\Users\aidualc\Desktop\ERUNT.lnk
[2011.01.30 23:04:32 | 000,377,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.01.30 22:59:25 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.30 22:57:39 | 000,296,448 | ---- | M] () -- C:\Users\aidualc\Desktop\g2m3e4r.exe
[2011.01.30 22:57:38 | 000,050,477 | ---- | M] () -- C:\Users\aidualc\Desktop\defogger.exe
[2011.01.30 22:55:27 | 000,472,098 | ---- | M] () -- C:\Users\aidualc\Desktop\Load.exe
[2011.01.30 13:51:09 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BA39F505-D21E-4D1D-AC6F-5C41D19CAE9C}.job
[2011.01.29 15:02:54 | 000,000,162 | -H-- | M] () -- C:\Users\aidualc\Documents\~$Tobi.doc
[2011.01.28 17:43:15 | 001,923,584 | ---- | M] () -- C:\Users\aidualc\Documents\Tobi.doc
[2011.01.27 23:19:57 | 002,166,402 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011.01.27 23:08:57 | 000,512,992 | ---- | M] () -- C:\Users\aidualc\Desktop\sdsetup.exe
[2011.01.27 16:24:12 | 000,417,792 | ---- | M] () -- C:\Users\aidualc\Documents\Regionale Firmenliste Tab.doc
[2011.01.13 15:34:27 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\HD Writer AE 2.0.lnk
[2011.01.13 15:34:13 | 000,001,949 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
[2011.01.09 20:54:55 | 000,226,502 | ---- | M] () -- C:\Users\aidualc\Desktop\pixmania-camcorder.xps
[2011.01.06 15:20:38 | 001,625,088 | ---- | M] () -- C:\Users\aidualc\Documents\Regionale Firmenliste.doc
[2011.01.01 21:46:14 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2011.01.01 21:44:44 | 000,002,218 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2011.01.01 21:42:43 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2011.01.01 21:40:04 | 000,002,376 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2011.01.01 21:39:28 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
 
========== Files Created - No Company Name ==========
 
[2011.01.30 23:30:05 | 000,000,000 | ---- | C] () -- C:\Users\aidualc\defogger_reenable
[2011.01.30 23:11:20 | 000,000,733 | ---- | C] () -- C:\Users\aidualc\Desktop\NTREGOPT.lnk
[2011.01.30 23:11:20 | 000,000,714 | ---- | C] () -- C:\Users\aidualc\Desktop\ERUNT.lnk
[2011.01.30 22:59:25 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.30 22:57:39 | 000,296,448 | ---- | C] () -- C:\Users\aidualc\Desktop\g2m3e4r.exe
[2011.01.30 22:57:37 | 000,050,477 | ---- | C] () -- C:\Users\aidualc\Desktop\defogger.exe
[2011.01.30 22:55:17 | 000,472,098 | ---- | C] () -- C:\Users\aidualc\Desktop\Load.exe
[2011.01.29 15:02:54 | 000,000,162 | -H-- | C] () -- C:\Users\aidualc\Documents\~$Tobi.doc
[2011.01.28 16:47:23 | 001,923,584 | ---- | C] () -- C:\Users\aidualc\Documents\Tobi.doc
[2011.01.27 23:19:13 | 002,166,402 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011.01.27 23:09:23 | 000,512,992 | ---- | C] () -- C:\Users\aidualc\Desktop\sdsetup.exe
[2011.01.13 15:34:27 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\HD Writer AE 2.0.lnk
[2011.01.13 15:34:13 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
[2011.01.09 20:54:52 | 000,226,502 | ---- | C] () -- C:\Users\aidualc\Desktop\pixmania-camcorder.xps
[2011.01.06 16:03:25 | 000,417,792 | ---- | C] () -- C:\Users\aidualc\Documents\Regionale Firmenliste Tab.doc
[2011.01.06 15:12:25 | 001,625,088 | ---- | C] () -- C:\Users\aidualc\Documents\Regionale Firmenliste.doc
[2011.01.01 21:46:14 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2011.01.01 21:44:44 | 000,002,218 | ---- | C] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2011.01.01 21:42:43 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2011.01.01 21:40:04 | 000,002,376 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2011.01.01 21:39:28 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2009.07.30 08:53:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.03.16 22:27:38 | 000,000,600 | ---- | C] () -- C:\Users\aidualc\AppData\Roaming\winscp.rnd
[2009.02.26 09:08:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.02.25 22:10:12 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.02.25 21:26:34 | 000,000,025 | ---- | C] () -- C:\Windows\CDESX100DEFGIPS.ini
[2009.02.25 20:33:59 | 000,013,312 | ---- | C] () -- C:\Windows\System32\drivers\MTictwl.sys
[2009.02.24 18:29:48 | 000,003,953 | ---- | C] () -- C:\Windows\System32\coinst.dll
[2009.02.24 13:27:25 | 000,024,206 | ---- | C] () -- C:\Users\aidualc\AppData\Roaming\UserTile.png
[2009.02.24 11:44:10 | 000,012,288 | ---- | C] () -- C:\Users\aidualc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.14 11:35:21 | 000,231,985 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.01.14 11:35:13 | 000,231,985 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.11.07 01:40:10 | 000,004,222 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.11.07 01:36:09 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.11.07 01:36:09 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.11.07 01:15:28 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys
[2008.11.07 01:13:53 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.11.06 09:16:34 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.02.15 08:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.29 09:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.09 02:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2001.11.14 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.02.26 09:44:54 | 000,000,000 | ---D | M] -- C:\Users\aidualc\AppData\Roaming\1&1
[2009.02.25 22:31:17 | 000,000,000 | ---D | M] -- C:\Users\aidualc\AppData\Roaming\EPSON
[2010.12.10 18:43:53 | 000,000,000 | ---D | M] -- C:\Users\aidualc\AppData\Roaming\IrfanView
[2009.02.24 13:27:25 | 000,000,000 | ---D | M] -- C:\Users\aidualc\AppData\Roaming\PeerNetworking
[2011.01.30 23:24:11 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.30 13:51:09 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BA39F505-D21E-4D1D-AC6F-5C41D19CAE9C}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.02.08 10:31:21 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011.01.30 23:42:08 | 3215,577,088 | -HS- | M] () -- C:\hiberfil.sys
[2008.11.19 01:21:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.11.19 01:21:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.01.30 23:42:06 | 3529,379,840 | -HS- | M] () -- C:\pagefile.sys
[2008.11.07 01:07:29 | 000,000,366 | ---- | M] () -- C:\RHDSetup.log
[2009.02.24 11:49:13 | 000,000,169 | ---- | M] () -- C:\setup.log
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.30 09:50:35 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.11.02 10:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP3.DLL
[2006.11.02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2007.02.26 08:49:10 | 001,744,896 | ---- | M] (TopThinks, INC.) -- C:\Windows\imagine digital freedom.scr
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008.01.21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 03:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008.01.21 03:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 03:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-13 14:54:08
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
 
< End of report >
--- --- ---



4. Extras.txt

OTL Logfile:
Code:
OTL Extras logfile created on: 30.01.2011 23:53:06 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\aidualc\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 72,61 Gb Free Space | 50,40% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 130,47 Gb Free Space | 90,60% Space Free | Partition Type: NTFS
 
Computer Name: AIDUALC2009 | User Name: aidualc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D12E98-6790-417D-8D01-91F14AA0165E}" = lport=138 | protocol=17 | dir=in | app=system |
"{0CAF1993-0752-4BDA-92F9-1F9F282E996D}" = rport=137 | protocol=17 | dir=out | app=system |
"{1E57B702-C5BF-4333-8514-338452C4F7AD}" = lport=137 | protocol=17 | dir=in | app=system |
"{46F3AA34-628B-48B4-9868-7DE8E3B36840}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5096C65B-8D2D-4C1F-851F-3B6078B4CB6B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5F50643B-B71E-4299-824D-ADDA243CD509}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{62F435A4-80CC-4A33-AF50-9CE0D2A6BE23}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A37D125-7874-4E0E-A73C-5C5C3E81121C}" = rport=138 | protocol=17 | dir=out | app=system |
"{A16DBCBB-C900-4EAD-B784-813BE3179E6D}" = lport=139 | protocol=6 | dir=in | app=system |
"{C803ED19-F946-4240-A32C-E1742F5074E1}" = lport=49294 | protocol=6 | dir=in | name=akamai netsession interface |
"{D5439D30-1E0A-4BEF-9ABB-102ECD4B3BE1}" = rport=445 | protocol=6 | dir=out | app=system |
"{F37FA39F-FC40-4B32-8B9D-1550D3F66C04}" = lport=445 | protocol=6 | dir=in | app=system |
"{FC29DAE6-E454-4EBB-9CBD-685D0E8B4B2C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2D63AF93-9193-42FC-9A7C-727C61598261}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2DD2AD2C-96D9-48E1-B55A-83A3876124FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{35395672-A936-4815-A631-7C3270F3F7DA}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9411ACE0-FC38-40AE-A707-B5F69DC687D8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{944D382D-F1A1-4988-AEFB-7C13DFA4C9BC}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{96A8AD7D-DEA8-4031-BB2D-9F2728401707}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A110EC1A-7D14-45E5-9266-486F8556727F}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{AF638C56-234E-4F46-8706-194E0CD714E2}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{D022B504-12AD-4D9D-95D8-A2E4BE57B336}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{808FAA20-4C3A-11D4-8A57-00201853C903}" = PC-Linq
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84639CB3-04D4-4758-B1D0-82E531D21F59}" = HD Writer AE 2.0
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_SMALLBUSINESSR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{948BE614-F37B-4A73-AD43-0245F23C110D}" = Logitech GamePanel Software 2.00
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{cf0195a1-0299-405d-bdbc-f76d47f51801}" = Nero 9 Lite
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"1&1 Upload-Manager" = 1&1 Upload-Manager
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface
"Bubble Shooter Premium_is1" = Bubble Shooter Premium
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"ConsideoModeler" = Consideo Modeler - Consideo GmbH
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 Benutzerhandbuch" = EPSON Stylus SX100_TX100 Handbuch
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"IC-soft" = IC-soft
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"Pharaohs Bubbles_is1" = Pharaohs Bubbles 1.2
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---



Wie gehe ich am besten weiter vor? Schon einmal vorab vielen Dank für eure Hilfe!

aomira

cosinus 31.01.2011 22:40
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.

aomira 31.01.2011 22:52
Hallo Arne,

nein, es gibt nur diese eine Logdatei unter diesem Reiter.

Sollte das anders sein?

Gruß und schonmal danke!
aomira

cosinus 01.02.2011 10:06
Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

aomira 01.02.2011 14:10
Hier ein aktuelles Logfile von Malwarebytes:

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5653

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

01.02.2011 14:07:26
mbam-log-2011-02-01 (14-07-26).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145413
Laufzeit: 8 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Und noch einmal das von vorgestern (steht aber auch schon oben) - wie gesagt, weitere gibt es nicht.

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5642

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

30.01.2011 23:22:17
mbam-log-2011-01-30 (23-22-17).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145250
Laufzeit: 7 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spy.qwas.exe (Spyware.Passwords.XGen) -> Value: spy.qwas.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\spy.qwas\spy.qwas.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
Viele Grüße!
aomira

aomira 01.02.2011 14:20
Sorry, ich war etwas blind (mir kriecht ein Baby um die Füße). Die VOLLSCAN-Logdatei folgt!

aomira 01.02.2011 21:10
So, da ist sie:

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5653

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

01.02.2011 15:43:46
mbam-log-2011-02-01 (15-43-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 272043
Laufzeit: 1 Stunde(n), 22 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 01.02.2011 21:24
Dann brauch ich jetzt neue OTL-Logs:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

aomira 01.02.2011 21:43
Okay:

OTL Logfile:
Code:
OTL logfile created on: 01.02.2011 21:32:43 - Run 2
OTL by OldTimer - Version 3.2.20.6    Folder = C:\Users\aidualc\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 77,53 Gb Free Space | 53,81% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 130,47 Gb Free Space | 90,60% Space Free | Partition Type: NTFS
 
Computer Name: AIDUALC2009 | User Name: aidualc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\aidualc\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
PRC - C:\Programme\SEC\Natural Color Pro\NCProTray.exe (Samsung)
PRC - C:\Programme\MagicTune Premium\MagicTuneEngine.exe ()
PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Programme\MagicTune Premium\GammaTray.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\aidualc\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
SRV - (MagicTuneEngine) -- C:\Programme\MagicTune Premium\MagicTuneEngine.exe ()
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ui11rdr) -- C:\Windows\System32\drivers\ui11rdr.SYS (1&1 Internet AG)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\DRIVERS\iaNvStor.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (NCPro) -- C:\Windows\system32\drivers\MTictwl.sys ()
DRV - (MagicTune) -- C:\Windows\System32\drivers\MTictwl.sys ()
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15421&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.13.184
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.93
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NRO2&o=15418&locale=de_DE&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.23 21:34:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.28 15:24:29 | 000,000,000 | ---D | M]
 
[2009.06.15 06:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aidualc\AppData\Roaming\mozilla\Extensions
[2011.02.01 17:46:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aidualc\AppData\Roaming\mozilla\Firefox\Profiles\j57r7wh3.default\extensions
[2011.01.06 11:10:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\aidualc\AppData\Roaming\mozilla\Firefox\Profiles\j57r7wh3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.04 08:30:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\aidualc\AppData\Roaming\mozilla\Firefox\Profiles\j57r7wh3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.01.06 11:10:33 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\aidualc\AppData\Roaming\mozilla\Firefox\Profiles\j57r7wh3.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010.11.10 21:59:08 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Users\aidualc\AppData\Roaming\mozilla\Firefox\Profiles\j57r7wh3.default\extensions\toolbar@ask.com
[2011.01.31 22:15:02 | 000,002,255 | ---- | M] () -- C:\Users\aidualc\AppData\Roaming\Mozilla\Firefox\Profiles\j57r7wh3.default\searchplugins\askcom.xml
[2010.08.09 15:45:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.06.15 06:20:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.08.09 15:45:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.01.03 12:56:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.08.09 15:45:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.11.25 12:08:32 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.25 12:08:32 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.25 12:08:32 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.25 12:08:32 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.25 12:08:32 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20101110152655.dll (McAfee, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.187.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{025ead0b-178d-11de-a726-002269c8bef0}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\{220f2dc6-16b4-11df-895e-002269c8bef0}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O33 - MountPoints2\{73b9ad0f-07c5-11df-9617-002269c8bef0}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\{78e27f8d-026a-11de-ac97-002269c8bef0}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\{c0bf4b52-e22b-11dd-a130-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c0bf4b52-e22b-11dd-a130-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.01 13:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.01.30 23:12:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.01.30 23:11:19 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.01.30 23:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.01.30 22:59:38 | 000,000,000 | ---D | C] -- C:\Users\aidualc\AppData\Roaming\Malwarebytes
[2011.01.30 22:59:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.30 22:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.30 22:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.30 22:59:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.30 22:59:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.01.30 22:57:00 | 000,000,000 | ---D | C] -- C:\Users\aidualc\Desktop\MFTools
[2011.01.12 09:05:45 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 09:05:37 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2006.11.24 06:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 06:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.01 20:39:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.01 19:54:57 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.01 19:54:57 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.01 19:54:23 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BA39F505-D21E-4D1D-AC6F-5C41D19CAE9C}.job
[2011.02.01 18:39:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.01 14:03:06 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.01 14:03:06 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.01 14:03:06 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.01 14:03:06 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.01 13:57:14 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011.02.01 13:55:42 | 000,231,985 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.02.01 13:55:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.01 13:54:54 | 3215,577,088 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.30 23:42:06 | 305,966,114 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.01.30 23:30:05 | 000,000,000 | ---- | M] () -- C:\Users\aidualc\defogger_reenable
[2011.01.30 23:24:08 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.01.30 23:11:20 | 000,000,733 | ---- | M] () -- C:\Users\aidualc\Desktop\NTREGOPT.lnk
[2011.01.30 23:11:20 | 000,000,714 | ---- | M] () -- C:\Users\aidualc\Desktop\ERUNT.lnk
[2011.01.30 23:04:32 | 000,377,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.01.30 22:59:25 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.30 22:57:39 | 000,296,448 | ---- | M] () -- C:\Users\aidualc\Desktop\g2m3e4r.exe
[2011.01.30 22:57:38 | 000,050,477 | ---- | M] () -- C:\Users\aidualc\Desktop\defogger.exe
[2011.01.30 22:55:27 | 000,472,098 | ---- | M] () -- C:\Users\aidualc\Desktop\Load.exe
[2011.01.29 15:02:54 | 000,000,162 | -H-- | M] () -- C:\Users\aidualc\Documents\~$Tobi.doc
[2011.01.28 17:43:15 | 001,923,584 | ---- | M] () -- C:\Users\aidualc\Documents\Tobi.doc
[2011.01.27 23:19:57 | 002,166,402 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011.01.27 23:08:57 | 000,512,992 | ---- | M] () -- C:\Users\aidualc\Desktop\sdsetup.exe
[2011.01.27 16:24:12 | 000,417,792 | ---- | M] () -- C:\Users\aidualc\Documents\Regionale Firmenliste Tab.doc
[2011.01.13 15:34:27 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\HD Writer AE 2.0.lnk
[2011.01.13 15:34:13 | 000,001,949 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
[2011.01.09 20:54:55 | 000,226,502 | ---- | M] () -- C:\Users\aidualc\Desktop\pixmania-camcorder.xps
[2011.01.06 15:20:38 | 001,625,088 | ---- | M] () -- C:\Users\aidualc\Documents\Regionale Firmenliste.doc
 
========== Files Created - No Company Name ==========
 
[2011.01.30 23:30:05 | 000,000,000 | ---- | C] () -- C:\Users\aidualc\defogger_reenable
[2011.01.30 23:11:20 | 000,000,733 | ---- | C] () -- C:\Users\aidualc\Desktop\NTREGOPT.lnk
[2011.01.30 23:11:20 | 000,000,714 | ---- | C] () -- C:\Users\aidualc\Desktop\ERUNT.lnk
[2011.01.30 22:59:25 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.30 22:57:39 | 000,296,448 | ---- | C] () -- C:\Users\aidualc\Desktop\g2m3e4r.exe
[2011.01.30 22:57:37 | 000,050,477 | ---- | C] () -- C:\Users\aidualc\Desktop\defogger.exe
[2011.01.30 22:55:17 | 000,472,098 | ---- | C] () -- C:\Users\aidualc\Desktop\Load.exe
[2011.01.29 15:02:54 | 000,000,162 | -H-- | C] () -- C:\Users\aidualc\Documents\~$Tobi.doc
[2011.01.28 16:47:23 | 001,923,584 | ---- | C] () -- C:\Users\aidualc\Documents\Tobi.doc
[2011.01.27 23:19:13 | 002,166,402 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011.01.27 23:09:23 | 000,512,992 | ---- | C] () -- C:\Users\aidualc\Desktop\sdsetup.exe
[2011.01.13 15:34:27 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\HD Writer AE 2.0.lnk
[2011.01.13 15:34:13 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
[2011.01.09 20:54:52 | 000,226,502 | ---- | C] () -- C:\Users\aidualc\Desktop\pixmania-camcorder.xps
[2011.01.06 16:03:25 | 000,417,792 | ---- | C] () -- C:\Users\aidualc\Documents\Regionale Firmenliste Tab.doc
[2011.01.06 15:12:25 | 001,625,088 | ---- | C] () -- C:\Users\aidualc\Documents\Regionale Firmenliste.doc
[2009.07.30 08:53:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.03.16 22:27:38 | 000,000,600 | ---- | C] () -- C:\Users\aidualc\AppData\Roaming\winscp.rnd
[2009.02.26 09:08:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.02.25 22:10:12 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.02.25 21:26:34 | 000,000,025 | ---- | C] () -- C:\Windows\CDESX100DEFGIPS.ini
[2009.02.25 20:33:59 | 000,013,312 | ---- | C] () -- C:\Windows\System32\drivers\MTictwl.sys
[2009.02.24 18:29:48 | 000,003,953 | ---- | C] () -- C:\Windows\System32\coinst.dll
[2009.02.24 13:27:25 | 000,024,206 | ---- | C] () -- C:\Users\aidualc\AppData\Roaming\UserTile.png
[2009.02.24 11:44:10 | 000,012,288 | ---- | C] () -- C:\Users\aidualc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.14 11:35:21 | 000,231,985 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.01.14 11:35:13 | 000,231,985 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.11.07 01:40:10 | 000,004,222 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.11.07 01:36:09 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.11.07 01:36:09 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.11.07 01:15:28 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys
[2008.11.07 01:13:53 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.11.06 09:16:34 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.02.15 08:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.29 09:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.09 02:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2001.11.14 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
--- --- ---


Und:

OTL Logfile:
Code:
OTL Extras logfile created on: 01.02.2011 21:32:43 - Run 2
OTL by OldTimer - Version 3.2.20.6    Folder = C:\Users\aidualc\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 77,53 Gb Free Space | 53,81% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 130,47 Gb Free Space | 90,60% Space Free | Partition Type: NTFS
 
Computer Name: AIDUALC2009 | User Name: aidualc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D12E98-6790-417D-8D01-91F14AA0165E}" = lport=138 | protocol=17 | dir=in | app=system |
"{0CAF1993-0752-4BDA-92F9-1F9F282E996D}" = rport=137 | protocol=17 | dir=out | app=system |
"{1E57B702-C5BF-4333-8514-338452C4F7AD}" = lport=137 | protocol=17 | dir=in | app=system |
"{46F3AA34-628B-48B4-9868-7DE8E3B36840}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5096C65B-8D2D-4C1F-851F-3B6078B4CB6B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5F50643B-B71E-4299-824D-ADDA243CD509}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{62F435A4-80CC-4A33-AF50-9CE0D2A6BE23}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A37D125-7874-4E0E-A73C-5C5C3E81121C}" = rport=138 | protocol=17 | dir=out | app=system |
"{A16DBCBB-C900-4EAD-B784-813BE3179E6D}" = lport=139 | protocol=6 | dir=in | app=system |
"{C803ED19-F946-4240-A32C-E1742F5074E1}" = lport=49294 | protocol=6 | dir=in | name=akamai netsession interface |
"{D5439D30-1E0A-4BEF-9ABB-102ECD4B3BE1}" = rport=445 | protocol=6 | dir=out | app=system |
"{F37FA39F-FC40-4B32-8B9D-1550D3F66C04}" = lport=445 | protocol=6 | dir=in | app=system |
"{FC29DAE6-E454-4EBB-9CBD-685D0E8B4B2C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2D63AF93-9193-42FC-9A7C-727C61598261}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2DD2AD2C-96D9-48E1-B55A-83A3876124FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{35395672-A936-4815-A631-7C3270F3F7DA}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9411ACE0-FC38-40AE-A707-B5F69DC687D8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{944D382D-F1A1-4988-AEFB-7C13DFA4C9BC}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{96A8AD7D-DEA8-4031-BB2D-9F2728401707}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A110EC1A-7D14-45E5-9266-486F8556727F}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{AF638C56-234E-4F46-8706-194E0CD714E2}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{D022B504-12AD-4D9D-95D8-A2E4BE57B336}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{808FAA20-4C3A-11D4-8A57-00201853C903}" = PC-Linq
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84639CB3-04D4-4758-B1D0-82E531D21F59}" = HD Writer AE 2.0
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_SMALLBUSINESSR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{948BE614-F37B-4A73-AD43-0245F23C110D}" = Logitech GamePanel Software 2.00
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{cf0195a1-0299-405d-bdbc-f76d47f51801}" = Nero 9 Lite
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"1&1 Upload-Manager" = 1&1 Upload-Manager
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface
"Bubble Shooter Premium_is1" = Bubble Shooter Premium
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"ConsideoModeler" = Consideo Modeler - Consideo GmbH
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 Benutzerhandbuch" = EPSON Stylus SX100_TX100 Handbuch
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"IC-soft" = IC-soft
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"Pharaohs Bubbles_is1" = Pharaohs Bubbles 1.2
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

cosinus 01.02.2011 21:47
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{025ead0b-178d-11de-a726-002269c8bef0}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\{220f2dc6-16b4-11df-895e-002269c8bef0}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O33 - MountPoints2\{73b9ad0f-07c5-11df-9617-002269c8bef0}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\{78e27f8d-026a-11de-ac97-002269c8bef0}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\{c0bf4b52-e22b-11dd-a130-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c0bf4b52-e22b-11dd-a130-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

aomira 01.02.2011 22:02
Hallo Arne, hier das Ergebnis:

Zitat:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{025ead0b-178d-11de-a726-002269c8bef0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{025ead0b-178d-11de-a726-002269c8bef0}\ not found.
File .\MigWiz\migsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{220f2dc6-16b4-11df-895e-002269c8bef0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{220f2dc6-16b4-11df-895e-002269c8bef0}\ not found.
File F:\StartPortableApps.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73b9ad0f-07c5-11df-9617-002269c8bef0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73b9ad0f-07c5-11df-9617-002269c8bef0}\ not found.
File .\MigWiz\migsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78e27f8d-026a-11de-ac97-002269c8bef0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78e27f8d-026a-11de-ac97-002269c8bef0}\ not found.
File .\MigWiz\migsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0bf4b52-e22b-11dd-a130-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0bf4b52-e22b-11dd-a130-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0bf4b52-e22b-11dd-a130-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0bf4b52-e22b-11dd-a130-806e6f6e6963}\ not found.
File E:\setup.exe not found.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: aidualc
->Temp folder emptied: 180892 bytes
->Temporary Internet Files folder emptied: 502974 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36107092 bytes
->Flash cache emptied: 884 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 495368 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 36,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02012011_215516

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Schön mal zwischendurch: :dankeschoen:

cosinus 01.02.2011 22:32
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

aomira 01.02.2011 23:17
Hier das Ergebnis von ComboFix:

Combofix Logfile:
Code:
ComboFix 11-01-31.02 - aidualc 01.02.2011  23:03:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.2169 [GMT 1:00]
ausgeführt von:: c:\users\aidualc\Desktop\cofi.exe.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\aidualc\setup.exe

.
(((((((((((((((((((((((  Dateien erstellt von 2011-01-01 bis 2011-02-01  ))))))))))))))))))))))))))))))
.

2011-02-01 22:11 . 2011-02-01 22:11        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-01-30 22:11 . 2011-01-30 22:12        --------        d-----w-        c:\program files\ERUNT
2011-01-30 21:59 . 2011-01-30 21:59        --------        d-----w-        c:\users\aidualc\AppData\Roaming\Malwarebytes
2011-01-30 21:59 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-30 21:59 . 2011-01-30 21:59        --------        d-----w-        c:\programdata\Malwarebytes
2011-01-30 21:59 . 2011-01-30 21:59        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-01-30 21:59 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-01-12 08:05 . 2010-12-28 15:55        413696        ----a-w-        c:\windows\system32\odbc32.dll
2011-01-12 08:05 . 2010-12-28 15:53        253952        ----a-w-        c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 08:05 . 2010-12-28 15:53        241664        ----a-w-        c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 08:05 . 2010-12-28 15:53        708608        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 08:05 . 2010-12-28 15:53        57344        ----a-w-        c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 08:05 . 2010-12-28 15:53        180224        ----a-w-        c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 08:05 . 2010-12-14 14:49        1169408        ----a-w-        c:\windows\system32\sdclt.exe

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-04 18:56 . 2010-12-16 12:39        345600        ----a-w-        c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-16 12:39        352768        ----a-w-        c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-16 12:39        270336        ----a-w-        c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-16 12:39        601600        ----a-w-        c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-16 12:39        171520        ----a-w-        c:\windows\system32\taskeng.exe
2010-10-13 21:28 . 2010-11-10 14:26        24376        ----a-w-        c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 15:12        1244040        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"MultiScreen"="c:\program files\MultiScreen\MultiScreen.exe" [2008-02-22 114688]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-28 1406248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2009-2-25 36864]
HD Writer.lnk - c:\program files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2011-1-13 308640]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2009-2-25 49220]
PHOTOfunSTUDIO 5.1 HD Edition.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2010-6-13 172544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 84264]
R3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2008-05-08 226328]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 164840]
S1 ui11rdr;ui11rdr;c:\windows\system32\DRIVERS\ui11rdr.sys [2008-07-28 272384]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-11-07 13312]
S2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-13 141792]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2008-01-16 31248]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 313288]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2008-03-28 1363088]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
Akamai        REG_MULTI_SZ          Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 08:56        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2011-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 17:34]

2011-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 17:34]

2011-02-01 c:\windows\Tasks\User_Feed_Synchronization-{BA39F505-D21E-4D1D-AC6F-5C41D19CAE9C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com?o=15421&l=dis
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {7525F760-1066-4213-BD4E-9937A59A7877} = 192.168.115.1
FF - ProfilePath - c:\users\aidualc\AppData\Roaming\Mozilla\Firefox\Profiles\j57r7wh3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NRO2&o=15418&locale=de_DE&q=
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\program files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: BabelFish: {ca0849e8-2c76-42ae-9abe-34e14d337acf} - %profile%\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Nero Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - user.js: yahoo.homepage.dontask - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-01 23:11
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-02-01  23:14:07
ComboFix-quarantined-files.txt  2011-02-01 22:14

Vor Suchlauf: 11 Verzeichnis(se), 83.673.563.136 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 83.607.228.416 Bytes frei

- - End Of File - - 4E8E9CC41DC766F47FC8A0E4CE80B217
--- --- ---

cosinus 01.02.2011 23:40
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

aomira 02.02.2011 00:23
Hier das Ergebnis von gmer:

Zitat:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit quick scan 2011-02-02 00:17:48
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000
Running: qvpreb0r.exe; Driver: C:\Users\aidualc\AppData\Local\Temp\uwldrfog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
osam.exe wird von McAfee gelöscht, weil ein Virus enthalten sei (Artemis!xxx). Ist das wirklich korrekt? McAfee also auch für diesen Schritt deaktivieren? :confused:

cosinus 02.02.2011 09:24
McAfee deaktivieren oder notfalls deinstallieren.

aomira 02.02.2011 15:00
Okay... Es ging tatsächlich erst nach Deinstallation von McAfee. Doofes Gefühl...

Hier das Logfile:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 14:51:23 on 02.02.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"lgLcdCpl" - "Logitech Inc." - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Nero BackItUp and BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero BackItUp & Burn\Nero BurnRights\NeroBurnRights_bb.cpl
"Nero BurnRights 10" - "Nero AG" - C:\Program Files\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\aidualc\AppData\Local\Temp\catchme.sys  (File not found)
"cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\Windows\system32\drivers\cdrbsdrv.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MagicTune" (MagicTune) - ? - C:\Windows\System32\drivers\MTiCtwl.sys  (File found, but it contains no detailed information)
"McAfee Inc." (mfeavfk01) - ? - C:\Windows\system32\drivers\mfeavfk01.sys  (File not found)
"McAfee Inc. cfwids" (cfwids) - ? - C:\Windows\System32\drivers\cfwids.sys  (File not found)
"McAfee Inc. mfeapfk" (mfeapfk) - ? - C:\Windows\System32\drivers\mfeapfk.sys  (File not found)
"McAfee Inc. mfeavfk" (mfeavfk) - ? - C:\Windows\System32\drivers\mfeavfk.sys  (File not found)
"McAfee Inc. mfebopk" (mfebopk) - ? - C:\Windows\System32\drivers\mfebopk.sys  (File not found)
"McAfee Inc. mfefirek" (mfefirek) - ? - C:\Windows\System32\drivers\mfefirek.sys  (File not found)
"McAfee Inc. mfehidk" (mfehidk) - ? - C:\Windows\System32\drivers\mfehidk.sys  (File not found)
"McAfee Inc. mferkdet" (mferkdet) - ? - C:\Windows\System32\drivers\mferkdet.sys  (File not found)
"McAfee Inc. mfewfpk" (mfewfpk) - ? - C:\Windows\System32\drivers\mfewfpk.sys  (File not found)
"NCPro" (NCPro) - ? - C:\Windows\system32\drivers\MTictwl.sys  (File found, but it contains no detailed information)
"ui11rdr" (ui11rdr) - "1&1 Internet AG" - C:\Windows\System32\DRIVERS\ui11rdr.sys
"USB Bridge Cable Driver" (Wdm1) - ? - C:\Windows\System32\Drivers\usbbc.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "{F9DB5320-233E-11D1-9F84-707F02C10627}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{62DF97A2-3635-4412-AE30-80B164BC88AD} "ShellContextMenuHandler Class" - "1&1 Internet AG" - C:\Program Files\1&1\1&1 Upload-Manager\SHNDLERS.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Nero Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
<binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor" - ? -  (File not found | COM-object registry key not found)
<binary data> "Nero Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Nero Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\aidualc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"GammaTray.lnk" - ? - C:\Program Files\MagicTune Premium\GammaTray.exe  (Shortcut exists | File exists)
"HD Writer.lnk" - ? - C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe  (Shortcut exists | File exists)
"NCProTray.lnk" - "Samsung" - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe  (Shortcut exists | File exists)
"PHOTOfunSTUDIO 5.1 HD Edition.lnk" - "Panasonic Corporation" - C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"LanguageShortcut" - ? - "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"Launch LCDMon" - "Logitech Inc." - "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
"Launch LGDCore" - "Logitech Inc." - "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
"MultiScreen" - ? - C:\Program Files\MultiScreen\MultiScreen.exe
"NBAgent" - "Nero AG" - "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"RemoteControl" - "Cyberlink Corp." - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"1&1 SmartDrive" - "1&1 Internet AG" - C:\Windows\System32\ui11np.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_dbc0250.dll  (File found, but it contains no detailed information)
"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\Windows\System32\bgsvcgen.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"MagicTuneEngine" (MagicTuneEngine) - ? - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe  (File found, but it contains no detailed information)
"McAfee Application Installer Cleanup (0140901296654434)" (0140901296654434mcinstcleanup) - "McAfee, Inc." - C:\Users\aidualc\AppData\Local\Temp\014090~1.EXE
"McAfee Firewall Core Service" (mfefire) - ? - "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"  (File not found)
"McAfee Validation Trust Protection Service" (mfevtp) - ? - "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe"  (File not found)
"McShield" (McShield) - ? - "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe"  (File not found)
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe  (File found, but it contains no detailed information)
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "TopThinks, INC." - C:\Windows\IMAGIN~1.SCR

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index[/QUOTE]

Und hier das von MBRCheck:

Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: Q210/P210
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 152):
0x8281B000 \SystemRoot\system32\ntoskrnl.exe
0x82BC6000 \SystemRoot\system32\hal.dll
0x83406000 \SystemRoot\system32\kdcom.dll
0x8340D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8347D000 \SystemRoot\system32\PSHED.dll
0x8348E000 \SystemRoot\system32\BOOTVID.dll
0x83496000 \SystemRoot\system32\CLFS.SYS
0x834D7000 \SystemRoot\system32\CI.dll
0x835B7000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83633000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83640000 \SystemRoot\system32\drivers\acpi.sys
0x83686000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8368F000 \SystemRoot\system32\drivers\msisadrv.sys
0x83697000 \SystemRoot\system32\drivers\pci.sys
0x836BE000 \SystemRoot\System32\drivers\partmgr.sys
0x836CD000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x836D0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x836DA000 \SystemRoot\system32\drivers\volmgr.sys
0x836E9000 \SystemRoot\System32\drivers\volmgrx.sys
0x83733000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AC0C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8ACDC000 \SystemRoot\system32\DRIVERS\iaNvStor.sys
0x8AD24000 \SystemRoot\system32\drivers\atapi.sys
0x8AD2C000 \SystemRoot\system32\drivers\ataport.SYS
0x8AD4A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AD7C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AD8C000 \SystemRoot\system32\drivers\mfehidk.sys
0x8ADE9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AE5A000 \SystemRoot\system32\drivers\ndis.sys
0x8AF65000 \SystemRoot\system32\drivers\msrpc.sys
0x8AF90000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B001000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B111000 \SystemRoot\system32\drivers\volsnap.sys
0x8B14A000 \SystemRoot\System32\Drivers\spldr.sys
0x8B152000 \SystemRoot\System32\Drivers\mup.sys
0x8B161000 \SystemRoot\System32\drivers\ecache.sys
0x8B188000 \SystemRoot\system32\drivers\disk.sys
0x8B199000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B1BA000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B2A0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B2AB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8F405000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8FB38000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FBD9000 \SystemRoot\System32\drivers\watchdog.sys
0x8FBE5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B2B4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FBF0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B2F2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FC08000 \SystemRoot\system32\DRIVERS\athr.sys
0x8FD31000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8FD7D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8FD81000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FD94000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FD9F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8FDCD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FDCF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FDDA000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0x8FDE3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FDFB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8FE0A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FE39000 \SystemRoot\system32\DRIVERS\storport.sys
0x8FE7A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FE85000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FE9C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FEA7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FECA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FED9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FEED000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FF02000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FF39000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FF3B000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FF65000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FF6F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FF7C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FFB1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90406000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90606000 \SystemRoot\system32\drivers\portcls.sys
0x90633000 \SystemRoot\system32\drivers\drmk.sys
0x90658000 \SystemRoot\system32\drivers\nvhda32v.sys
0x90666000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9066F000 \SystemRoot\System32\Drivers\Null.SYS
0x90676000 \SystemRoot\System32\Drivers\Beep.SYS
0x9067D000 \SystemRoot\system32\drivers\MTictwl.sys
0x9068A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90691000 \SystemRoot\System32\drivers\vga.sys
0x9069D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x906BE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x906C6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x906CE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x906D9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x906E7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x906F0000 \SystemRoot\System32\drivers\tcpip.sys
0x907DA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8FFC2000 \SystemRoot\system32\drivers\mfewfpk.sys
0x8FFE9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FF12000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B37F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B3B1000 \SystemRoot\system32\drivers\afd.sys
0x8AFCB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8AFE1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x83743000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x83756000 \SystemRoot\System32\DRIVERS\ui11rdr.sys
0x8379E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x907F5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x837DA000 \SystemRoot\System32\Drivers\dfsc.sys
0x90C03000 \SystemRoot\system32\drivers\mfeavfk.sys
0x90C72000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90C7F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x90D4F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x994A0000 \SystemRoot\System32\win32k.sys
0x90D66000 \SystemRoot\System32\drivers\Dxapi.sys
0x90D70000 \SystemRoot\System32\Drivers\StkCMini.sys
0x9B80B000 \SystemRoot\System32\Drivers\StkCPipe.sys
0x9C461000 \SystemRoot\System32\Drivers\StkCSF.sys
0x9C490000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9C49F000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x9C4AC000 \SystemRoot\System32\Drivers\bthport.sys
0x9C52C000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x9C555000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x9C55F000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x9C579000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x9C588000 \SystemRoot\system32\drivers\modem.sys
0x9C595000 \SystemRoot\system32\drivers\btwavdt.sys
0x9C5FC000 \SystemRoot\system32\drivers\btwaudio.sys
0x9C67C000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x9C67F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x996C0000 \SystemRoot\System32\TSDDD.dll
0x996E0000 \SystemRoot\System32\cdd.dll
0x9C68F000 \SystemRoot\system32\drivers\luafv.sys
0x9C6AA000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys
0x9C6B2000 \SystemRoot\system32\drivers\spsys.sys
0x9C762000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C772000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9C79C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C7A6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C7B9000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9C7CE000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x90EBC000 \SystemRoot\system32\drivers\HTTP.sys
0x9C7E0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x90F29000 \SystemRoot\system32\DRIVERS\bowser.sys
0x90F42000 \SystemRoot\System32\drivers\mpsdrv.sys
0x90F57000 \SystemRoot\system32\drivers\mrxdav.sys
0x90F78000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x90F97000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x90FD0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8B1C3000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8B1EB000 \SystemRoot\System32\DRIVERS\srv.sys
0xA7009000 \SystemRoot\system32\drivers\peauth.sys
0xA70E7000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA70F1000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA712D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76DB0000 \Windows\System32\ntdll.dll

Processes (total 90):
0 System Idle Process
4 System
580 C:\Windows\System32\smss.exe
712 csrss.exe
776 C:\Windows\System32\wininit.exe
788 csrss.exe
820 C:\Windows\System32\services.exe
840 C:\Windows\System32\lsass.exe
848 C:\Windows\System32\lsm.exe
992 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\nvvsvc.exe
1068 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\winlogon.exe
1332 C:\Windows\System32\audiodg.exe
1376 C:\Windows\System32\SLsvc.exe
1440 C:\Windows\System32\svchost.exe
1628 C:\Windows\System32\rundll32.exe
1652 C:\Windows\System32\svchost.exe
1948 C:\Windows\System32\dwm.exe
1972 C:\Windows\explorer.exe
2036 C:\Windows\System32\taskeng.exe
332 C:\Windows\System32\spoolsv.exe
420 C:\Windows\System32\svchost.exe
424 WUDFHost.exe
688 C:\Windows\System32\taskeng.exe
1684 C:\Windows\System32\rundll32.exe
1752 C:\Windows\RtHDVCpl.exe
1944 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1720 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
772 C:\Windows\System32\taskeng.exe
672 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
548 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
2084 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
2264 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
2296 C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
2304 C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
2368 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2752 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
2760 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
2768 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
2776 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
2872 C:\Windows\System32\svchost.exe
2884 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
2896 C:\Windows\System32\bgsvcgen.exe
2908 C:\Windows\System32\svchost.exe
2948 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
3008 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3016 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3100 C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
3156 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe.85b2.deleteme
3240 C:\Program Files\Nero\Update\NASvc.exe
3264 C:\Program Files\Windows Sidebar\sidebar.exe
3272 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3304 C:\Windows\ehome\ehtray.exe
3336 C:\Windows\System32\IoctlSvc.exe
3360 C:\Program Files\Windows Media Player\wmpnscfg.exe
3380 C:\Windows\System32\svchost.exe
3408 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
3436 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3548 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
3564 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3572 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3604 C:\Windows\System32\svchost.exe
3640 C:\Windows\System32\StkCSrv.exe
3652 C:\Program Files\MagicTune Premium\GammaTray.exe
3664 C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
3700 C:\Windows\System32\svchost.exe
3760 C:\Windows\System32\SearchIndexer.exe
3772 C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
3860 C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
3868 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe.3126.deleteme
1060 C:\Windows\ehome\ehmsas.exe
2744 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
3512 taskeng.exe
5452 C:\Program Files\Windows Media Player\wmpnetwk.exe
5776 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3904 C:\Program Files\McAfee\MSM\McSmtFwk.exe
5552 C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe
5028 C:\Windows\System32\svchost.exe
4180 C:\Windows\System32\conime.exe
2112 C:\Program Files\Mozilla Firefox\firefox.exe
4816 C:\Windows\System32\notepad.exe
5024 C:\Windows\System32\wermgr.exe
3428 C:\Windows\explorer.exe
876 dllhost.exe
1368 dllhost.exe
5816 C:\Users\aidualc\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`85d00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2320BHG2, Rev: 00000009

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 898F3CF28E8EC7228D29035E39B672E205D702F2


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

cosinus 02.02.2011 20:05
Zitat:
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 898F3CF28E8EC7228D29035E39B672E205D702F2
Hast Du noch andere Betriebssysteme außer Vista installiert?

Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.

aomira 02.02.2011 23:04
Ja, hat problemlos geklappt :crazy:

Und nu?

cosinus 03.02.2011 00:00
Dann jetzt ein neues Log mit MBRCheck machen :)

aomira 03.02.2011 09:02
Guten Morgen!

Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: Q210/P210
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 157):
0x82848000 \SystemRoot\system32\ntoskrnl.exe
0x82815000 \SystemRoot\system32\hal.dll
0x8340F000 \SystemRoot\system32\kdcom.dll
0x83416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83486000 \SystemRoot\system32\PSHED.dll
0x83497000 \SystemRoot\system32\BOOTVID.dll
0x8349F000 \SystemRoot\system32\CLFS.SYS
0x834E0000 \SystemRoot\system32\CI.dll
0x835C0000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8363C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83649000 \SystemRoot\system32\drivers\acpi.sys
0x8368F000 \SystemRoot\system32\drivers\WMILIB.SYS
0x83698000 \SystemRoot\system32\drivers\msisadrv.sys
0x836A0000 \SystemRoot\system32\drivers\pci.sys
0x836C7000 \SystemRoot\System32\drivers\partmgr.sys
0x836D6000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x836D9000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x836E3000 \SystemRoot\system32\drivers\volmgr.sys
0x836F2000 \SystemRoot\System32\drivers\volmgrx.sys
0x8373C000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AC08000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8ACD8000 \SystemRoot\system32\DRIVERS\iaNvStor.sys
0x8AD20000 \SystemRoot\system32\drivers\atapi.sys
0x8AD28000 \SystemRoot\system32\drivers\ataport.SYS
0x8AD46000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AD78000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AD88000 \SystemRoot\system32\drivers\mfehidk.sys
0x8ADE5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AE56000 \SystemRoot\system32\drivers\ndis.sys
0x8AF61000 \SystemRoot\system32\drivers\msrpc.sys
0x8AF8C000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B00D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B11D000 \SystemRoot\system32\drivers\volsnap.sys
0x8B156000 \SystemRoot\System32\Drivers\spldr.sys
0x8B15E000 \SystemRoot\System32\Drivers\mup.sys
0x8B16D000 \SystemRoot\System32\drivers\ecache.sys
0x8B194000 \SystemRoot\system32\drivers\disk.sys
0x8B1A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B1C6000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B2AC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B2B7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8EC06000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F339000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F3DA000 \SystemRoot\System32\drivers\watchdog.sys
0x8F3E6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B2C0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F3F1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B2FE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F40A000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F533000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8F57F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F583000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F596000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F5A1000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F5CF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F5D1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F5DC000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0x8F5E5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F5FD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F60C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F63B000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F67C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F687000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F69E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F6A9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F6CC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F6DB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F6EF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F704000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F73B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F73D000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F767000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F771000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F77E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F7B3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8FC0F000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8FE0F000 \SystemRoot\system32\drivers\portcls.sys
0x8FE3C000 \SystemRoot\system32\drivers\drmk.sys
0x8FE61000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8FE6F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FE78000 \SystemRoot\System32\Drivers\Null.SYS
0x8FE7F000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FE86000 \SystemRoot\system32\drivers\MTictwl.sys
0x8FE93000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FE9A000 \SystemRoot\System32\drivers\vga.sys
0x8FEA6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FEC7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FECF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FED7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FEE2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FEF0000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FEF9000 \SystemRoot\System32\drivers\tcpip.sys
0x8FFE3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8F7C4000 \SystemRoot\system32\drivers\mfewfpk.sys
0x8F714000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F7EB000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B38B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8374C000 \SystemRoot\system32\drivers\afd.sys
0x8B3BD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FC00000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x8F72A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B3D3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x83794000 \SystemRoot\System32\DRIVERS\ui11rdr.sys
0x90000000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9003C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90046000 \SystemRoot\System32\Drivers\dfsc.sys
0x9005D000 \SystemRoot\system32\drivers\mfeavfk.sys
0x90081000 \SystemRoot\system32\drivers\mfefirek.sys
0x900CC000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x900D9000 \SystemRoot\System32\Drivers\bthport.sys
0x90159000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x90182000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x9018C000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x901A6000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x901B5000 \SystemRoot\system32\drivers\modem.sys
0x901C2000 \SystemRoot\system32\drivers\btwavdt.sys
0x90229000 \SystemRoot\system32\drivers\btwaudio.sys
0x902A9000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x902AC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x902BC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91402000 \SystemRoot\System32\Drivers\StkCMini.sys
0x9180F000 \SystemRoot\System32\Drivers\StkCPipe.sys
0x92465000 \SystemRoot\System32\Drivers\StkCSF.sys
0x92494000 \SystemRoot\System32\Drivers\crashdmp.sys
0x924A1000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x984E0000 \SystemRoot\System32\win32k.sys
0x92571000 \SystemRoot\System32\drivers\Dxapi.sys
0x9257B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98700000 \SystemRoot\System32\TSDDD.dll
0x98720000 \SystemRoot\System32\cdd.dll
0x9258A000 \SystemRoot\system32\drivers\luafv.sys
0x925A5000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys
0x925AD000 \SystemRoot\system32\drivers\spsys.sys
0x9265D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9266D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x92697000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x926A1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x926B4000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x926C9000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x926DB000 \SystemRoot\system32\drivers\HTTP.sys
0x92748000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x92765000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9277E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x92793000 \SystemRoot\system32\drivers\mrxdav.sys
0x927B4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9154E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x927D3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x91587000 \SystemRoot\System32\DRIVERS\srv2.sys
0x915AF000 \SystemRoot\System32\DRIVERS\srv.sys
0x91615000 \SystemRoot\system32\drivers\peauth.sys
0x927EB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x91800000 \SystemRoot\System32\drivers\tcpipreg.sys
0x91717000 \SystemRoot\system32\drivers\cfwids.sys
0x91739000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9174F000 \SystemRoot\system32\drivers\mfeapfk.sys
0x927F5000 \SystemRoot\system32\drivers\mfebopk.sys
0x77220000 \Windows\System32\ntdll.dll

Processes (total 83):
0 System Idle Process
4 System
556 C:\Windows\System32\smss.exe
644 csrss.exe
696 C:\Windows\System32\wininit.exe
708 csrss.exe
740 C:\Windows\System32\services.exe
752 C:\Windows\System32\lsass.exe
760 C:\Windows\System32\lsm.exe
916 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\nvvsvc.exe
988 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\audiodg.exe
1228 C:\Windows\System32\SLsvc.exe
1252 C:\Windows\System32\winlogon.exe
1300 C:\Windows\System32\svchost.exe
1460 C:\Windows\System32\svchost.exe
1596 C:\Windows\System32\rundll32.exe
1872 C:\Windows\System32\dwm.exe
1888 C:\Windows\explorer.exe
2000 C:\Windows\System32\taskeng.exe
2008 C:\Windows\System32\spoolsv.exe
2044 C:\Windows\System32\svchost.exe
304 WUDFHost.exe
620 C:\Windows\System32\taskeng.exe
1524 C:\Windows\System32\taskeng.exe
1772 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
616 C:\Windows\System32\svchost.exe
1448 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
2092 C:\Windows\System32\bgsvcgen.exe
2120 C:\Windows\System32\rundll32.exe
2128 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
2152 C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
2160 C:\Windows\System32\svchost.exe
2216 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2224 C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
2320 C:\Windows\RtHDVCpl.exe
2376 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2396 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2408 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
2488 C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
2560 C:\Windows\System32\mfevtps.exe
2580 C:\Program Files\Nero\Update\NASvc.exe
2648 C:\Windows\System32\IoctlSvc.exe
2672 C:\Windows\System32\svchost.exe
2692 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2728 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2808 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2832 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2856 C:\Windows\System32\svchost.exe
2868 C:\Windows\System32\StkCSrv.exe
2936 C:\Windows\System32\svchost.exe
3036 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
3096 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
3228 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
3352 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
3576 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
3672 C:\Program Files\McAfee.com\Agent\mcagent.exe
3680 C:\Program Files\Windows Sidebar\sidebar.exe
3692 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3700 C:\Windows\ehome\ehtray.exe
3712 C:\Program Files\Windows Media Player\wmpnscfg.exe
3720 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
4052 C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
4088 C:\Windows\ehome\ehmsas.exe
1388 C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
816 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
2068 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
392 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
1996 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
2032 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
4284 taskeng.exe
5200 C:\Program Files\Windows Media Player\wmpnetwk.exe
5580 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5328 C:\Program Files\Mozilla Firefox\firefox.exe
3248 <unknown>
4384 dllhost.exe
1864 dllhost.exe
4916 C:\Users\aidualc\Desktop\MBRCheck.exe
4548 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`85d00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2320BHG2, Rev: 00000009

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
Hier also das neue Logfile.

Ich muss mal eben zwischendurch sagen, dass ich echt dankbar bin, dass Menschen wie du sich mit Menschen wie mir und ihrem Ungeziefer die Nächte um die Ohren schlagen!!! :dankeschoen:

cosinus 03.02.2011 12:21
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

aomira 03.02.2011 16:06
Darf ich womöglich langsam anfangen, mich zu freuen?

Malwarebytes:
Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5666

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

03.02.2011 14:23:35
mbam-log-2011-02-03 (14-23-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 273690
Laufzeit: 1 Stunde(n), 21 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
SUPERAntiSpyware:
Zitat:
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 02/03/2011 bei 04:02 PM

Version der Applikation : 4.48.1000

Version der Kern-Datenbank : 6331
Version der Spur-Datenbank : 4143

Scan Art : kompletter Scann
Totale Scann-Zeit : 01:30:08

Gescannte Speicherelemente : 773
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 10172
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 131037
Erfasste Datei-Elemente : 0

aomira 03.02.2011 17:56
Ach so - falls mein Rechner jetzt wirklich sauber ist: gibst du mir noch ein paar Tipps, ihn sicherer zu machen (damit ich dich hier nicht so bald wieder beschäftigen muss)?

cosinus 03.02.2011 19:37
So keine Funde. Wieder alles ok?

Zitat:
gibst du mir noch ein paar Tipps, ihn sicherer zu machen (damit ich dich hier nicht so bald wieder beschäftigen muss)?
Halte Dich am besten grob an diese fünf Regeln:

1) Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
2) Halte Windows und alle verwendeten Programme immer aktuell
3) Führe regelmäßig Backups auf externe Medien durch
4) Arbeite mit eingeschränkten Rechten
5) Nutze sichere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen

Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?

aomira 04.02.2011 14:10
Mmmh, bin noch nicht ganz sicher - habe mich gerade zum ersten Mal wieder auf die Bankseite getraut und komme da im Augenblick nicht rein, muss aber erstmal checken, ob das überhaupt an diesem Rechner liegt.

Ich kümmere mich und sage dann nochmal Bescheid, ob alles klar ist!

aomira 10.02.2011 12:50
Hallo Arne,

meine Bank versucht nun schon seit einer Woche vergeblich, mein Online-Banking wieder freizuschalten, aber das ist alles nicht mehr euer Problem.

Mein Rechner verhält sich brav, ich danke dir sehr sehr sehr und werde auch eurer Spendenkonto bedenken, sofern ich jemals wieder in der Lage bin, eine Überweisung zu tätigen ;-)

Herzliche Grüße, ich hoffe, ich muss euch nicht so bald wieder eure Zeit rauben!
aomira

cosinus 10.02.2011 13:32
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27