Häufigere Abstürze des Systems & des Hostprozesses

#1 Hallo zusammen,

seit ca. einer Woche stürzt häufiger der Hostprozess für Windows Dienste ab. Weiterhin hatte ich nun zum ersten Mal seit einigen Jahren wieder Blue Screens (verursacht durch iastor.sys).

Außerdem kann ich die Windows Update Seiten nicht öffnen & Google zu öffnen hat sehr lange gedauert. Google funktioniert mittlerweile wieder normal, der Systemstart ist aber immer noch sehr langsam.

Habe schon einen vollen System Scan mit AntiVir, Microsoft Security Essentials & anderen Online Scannern durchgeführt. Dort wurde ein Virus names Java/OpenConnect.CF und TR/Kazy* gefunden. Diese Dateien wurden in Quarantäne verschoben bzw. entfernt. Die Probleme sind aber noch weiterhin dort.

Über eure Hilfe würde ich mich freuen. Vielen Dank schon mal.

#2 Logs aus OTL:

OTL.log

Code

OTL logfile created on: 19.12.2010 15:33:14 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Christoph\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 86,97 Gb Free Space | 60,36% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 114,91 Gb Free Space | 79,80% Space Free | Partition Type: NTFS
 
Computer Name: CS | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Symantec Core LC) -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (SipIMNDI) -- C:\Windows\System32\DRIVERS\SipIMNDI.sys File not found
DRV - (pccsmcfd) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys File not found
DRV - (AgereSoftModem) -- C:\Windows\System32\DRIVERS\AGRSM.sys File not found
DRV - (ADDMEM) -- C:\Users\CHRIST~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\DRIVERS\iaNvStor.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.studivz.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.63
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.18 22:58:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.18 22:58:02 | 000,000,000 | ---D | M]
 
[2010.12.18 12:11:59 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions
[2010.12.19 13:46:29 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\td7sl4r4.default\extensions
[2010.12.19 13:46:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\td7sl4r4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.18 20:53:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\td7sl4r4.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.12.18 12:11:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1292763704009 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.12.19 15:31:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2010.12.19 14:04:17 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Cumulative Security Update for Internet Explorer 8 for Windows Vista for x64-based Systems (KB2416400)
[2010.12.18 23:10:05 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live Safety Center
[2010.12.18 22:12:09 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2010.12.18 22:10:55 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010.12.18 21:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.12.18 20:54:09 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\QuickScan
[2010.12.18 20:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.12.18 17:06:58 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Tygeb
[2010.12.18 17:01:59 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010.12.18 17:01:33 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2010.12.18 12:11:09 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2010.12.17 23:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.12.17 23:19:01 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Documents\Simply Super Software
[2010.12.17 13:00:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.12.15 10:09:41 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 10:09:37 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 10:09:36 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 10:09:36 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 10:09:34 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 10:09:32 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 10:09:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 10:09:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 10:09:26 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.15 10:09:25 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.12.15 10:09:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.15 10:09:23 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.12.15 10:09:23 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.15 10:09:23 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.15 10:09:23 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.15 10:09:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.15 10:09:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.15 10:09:22 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.15 10:09:22 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.15 10:09:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.12.15 10:09:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.12.15 10:09:22 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.12.15 10:09:22 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.15 10:09:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.15 10:09:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.15 10:09:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.14 13:55:21 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.11.29 23:29:50 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes
[2010.11.29 23:29:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 23:29:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.29 23:29:40 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.11.29 23:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.29 21:13:00 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Avira
[2010.11.29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.11.29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2006.11.24 06:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 06:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.12.19 15:32:04 | 000,078,199 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.12.19 15:31:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2010.12.19 15:27:34 | 000,634,352 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.19 15:27:34 | 000,601,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.19 15:27:34 | 000,128,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.19 15:27:34 | 000,105,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.19 15:22:09 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.19 15:22:09 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2010.12.19 15:22:09 | 000,000,388 | ---- | M] () -- C:\Windows\System32\dmlg.dat
[2010.12.19 15:01:01 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.19 15:01:00 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.19 15:00:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.19 14:59:59 | 3215,556,608 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.19 14:59:57 | 326,343,464 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.19 14:22:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.19 14:04:54 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.12.19 09:44:44 | 017,622,016 | ---- | M] () -- C:\Users\Christoph\Documents\Comunio_2010_2011 CS.xls
[2010.12.19 09:23:25 | 000,078,199 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.12.18 12:55:54 | 017,602,560 | ---- | M] () -- C:\Users\Christoph\Documents\Kopie von Comunio_2010_2011 CS.xls
[2010.12.18 12:51:55 | 017,601,024 | ---- | M] () -- C:\Users\Christoph\Documents\Sicherungskopie von Comunio_2010_2011 CS.xlk
[2010.12.17 12:05:40 | 000,370,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.16 17:57:52 | 000,050,088 | ---- | M] () -- C:\Users\Christoph\Desktop\Dok3.docx
[2010.12.08 11:22:24 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.02 07:22:47 | 000,009,502 | ---- | M] () -- C:\Users\Christoph\Documents\Note.xlsx
[2010.11.30 09:23:08 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.11.29 23:37:46 | 011,419,648 | ---- | M] () -- C:\Users\Christoph\Documents\2E978000
[2010.11.29 23:29:44 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.11.29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010.11.24 20:30:30 | 000,013,824 | ---- | M] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.22 21:55:20 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.12.19 13:25:04 | 326,343,464 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.12.18 10:18:18 | 000,000,065 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\AcroIEHelpe.txt
[2010.12.16 17:52:41 | 000,050,088 | ---- | C] () -- C:\Users\Christoph\Desktop\Dok3.docx
[2010.12.16 17:28:05 | 000,000,388 | ---- | C] () -- C:\Windows\System32\dmlg.dat
[2010.11.30 09:23:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.11.29 23:37:45 | 011,419,648 | ---- | C] () -- C:\Users\Christoph\Documents\2E978000
[2010.11.29 23:29:44 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.29 17:15:18 | 000,000,036 | ---- | C] () -- C:\Users\Christoph\AppData\Local\housecall.guid.cache
[2010.06.20 19:55:18 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009.12.18 21:05:17 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.12.18 21:05:17 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.12.18 21:04:39 | 000,002,006 | ---- | C] () -- \aqua_bitmap.cpp
[2009.09.24 18:50:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2008.10.09 11:50:47 | 000,000,680 | ---- | C] () -- C:\Users\Christoph\AppData\Local\d3d9caps.dat
[2008.10.03 17:37:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.10.03 17:18:32 | 000,024,206 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\UserTile.png
[2008.09.23 14:34:10 | 000,013,824 | ---- | C] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.08 10:03:06 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2008.09.08 10:03:06 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2008.06.26 12:26:52 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.06.25 22:03:28 | 3529,375,744 | -HS- | C] () -- 
[2008.06.25 07:13:55 | 3215,556,608 | -HS- | C] () -- 
[2008.06.25 06:48:51 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.06.25 06:30:30 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.06.25 06:30:30 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.06.25 06:23:34 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.06.25 06:22:16 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys
[2008.06.25 06:14:58 | 000,000,366 | ---- | C] () -- \RHDSetup.log
[2008.06.25 06:13:02 | 000,000,086 | ---- | C] () -- \Setup.log
[2008.02.08 10:31:21 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008.02.08 10:31:19 | 000,333,257 | RHS- | C] () -- \bootmgr
[2007.02.15 08:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.29 09:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 11:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 07:25:08 | 000,000,010 | ---- | C] () -- \config.sys
[2006.10.09 02:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2001.11.14 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009.03.11 18:39:44 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Canneverbe_Limited
[2009.03.22 13:17:02 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DeepBurner
[2010.07.27 16:53:06 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.10 22:54:47 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Fit3DLive
[2009.12.04 16:01:48 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\GARMIN
[2010.12.19 15:32:12 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ICQ
[2009.12.18 21:17:58 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\PC Suite
[2008.10.03 17:18:31 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\PeerNetworking
[2010.12.18 20:54:29 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\QuickScan
[2010.09.20 08:54:57 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ROUTE 66 Sync
[2009.12.18 18:04:34 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Safer Networking
[2010.02.08 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Samsung
[2008.11.20 09:45:39 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\temp
[2010.12.18 17:07:23 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Tygeb
[2010.12.19 15:21:06 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.19 15:22:09 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

Extras.log

Code

OTL Extras logfile created on: 19.12.2010 15:33:14 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Christoph\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 86,97 Gb Free Space | 60,36% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 114,91 Gb Free Space | 79,80% Space Free | Partition Type: NTFS
 
Computer Name: CS | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BBEB53-02B7-46BB-80B5-FC89944DF63C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{07C80AE5-AD30-4EAA-8F2D-E292159016DC}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0D8A82E3-FB25-467E-B5A7-30BE3D0DC581}" = lport=138 | protocol=17 | dir=in | app=system | 
"{186057B3-832B-4C0A-942C-67718ED74C29}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{2C10FD39-7F48-4C4B-9F29-560B3656F5FF}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{2C661C94-A73C-4682-93F7-E6C0F9A26A1B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{32DDD508-5184-4D9A-9121-D4E6C8228179}" = rport=137 | protocol=17 | dir=out | app=system | 
"{44BE61F2-EDA6-4B4F-88C8-019FAF40F38E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{584342B5-BC81-409A-B236-17278483CD02}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5D66085E-1BD5-4B5C-822F-EC650BB405BD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{6434D0AB-71AE-4FA4-99D9-A42F7C2A5CC1}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{77F9A9D8-4B54-4555-8C91-2B02D044A6A0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{96FF05F0-1E82-4D6A-9EF0-8174D5603070}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A75C3297-EC91-4445-BDAC-B0500CEF650E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AA31B417-EE46-4EFF-8885-12524BD02158}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B2C804F8-5AF9-4F4C-9648-8180417DB0C8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{BFBE7D0D-0E9F-4849-AA86-CB9CFA61FB30}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{C237F4E6-D45C-4C31-9BE4-9525F637D137}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{C3C7A3B6-F4A0-46B6-B8E4-7C343A0E6074}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C72611AF-2000-49D5-B768-91B00989F67D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C9CCEB5C-2ACE-465A-B389-062F7E1D21F2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{CE604CB4-3E53-4978-AB06-9F5AE57A7AA1}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{D0EDC48B-DB3F-4544-B5F9-A0F3B8D7E618}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{D8AC4681-D0AD-47B1-8D2F-A2C27617607C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DCAB2756-7503-4795-A1B6-FF834279B9B5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DDC2072C-E53A-4C1E-9199-EB3282A97891}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{E9231012-BCA5-4BDD-9C99-83059266001F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F40EB487-BC14-43AB-84BA-E8ADF8011404}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FEBD47A5-9F25-48E4-A20F-69CA2F6F9308}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12CB39AB-3DB3-40AB-9D73-4E4C223AA59E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{13C6FAC5-7FF6-45D8-8969-CFA2A25FB105}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1D7302E3-DB13-4D3B-AADE-1F49E957091C}" = protocol=17 | dir=in | app=c:\program files\konz\focus-money\konzsteuersoftware.exe | 
"{1F458807-35B1-464F-A817-65D225127AE9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1F685E04-7430-404D-B73B-C85B380FD9DC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1F9FC0C0-2E1B-4640-AA45-93CE80508062}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{29226A21-8959-4FF7-AFC9-C8C2B1B4C611}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2D2ADF53-D9B5-4FA8-8241-7BAF8F4731DA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3261315E-DE3D-43AA-BD5E-912CD89F5F89}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{35840F05-D87F-4E77-97FE-A5E8CC03AA01}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{416C4D4C-D509-4312-A700-22790C133D25}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{42B5CDE1-A8EE-43AF-BD15-C7E613243367}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{445749A4-9740-4F97-97A0-30B63B13257B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{445EB899-1E24-4156-A69D-C0192978E8F3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{446ED349-CC45-429D-82C1-56B7A28CC391}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{44838B93-397C-4287-A38B-9F0F167D94FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{465F6FE7-7284-4269-BFD5-813E6126C57E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4A63BF0E-B90C-47EA-9BBC-025D2828544D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4A6A3898-B9AA-4043-9676-76A9592FA5BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4BF75E5A-B936-4831-BA15-A0F1903C3321}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{54556A9B-2FD9-44C5-9757-FFA49439B732}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{54FC9B81-4F96-45F2-B8BF-5641C464D152}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5601C12D-EB6B-44BC-9D7D-8F0AA2C3D2BB}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{56E587F7-B30F-475D-AF1D-CE66A0FA9729}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{57AF50AE-6B9C-4758-8F69-B19ED76E661C}" = protocol=6 | dir=in | app=c:\program files\konz\focus-money\konzsteuersoftware.exe | 
"{59C4DE04-2D4D-4399-8F13-E51CA106F878}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5A37E396-E936-4478-BA14-21AB69C5E736}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5EEBB47F-6545-449C-B992-DD9C643DDFDD}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{6FC7D064-3968-438D-B195-9DD0531545BC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{765F0A4F-C3C5-492F-87B2-AB043C90598D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{76CC4428-E95E-48AC-B31E-013081431423}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{7C9EB5CF-2740-4D92-920A-46155C842834}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{81CD10CD-26AF-441D-B1A6-E645AC30C835}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{8479BB6E-7602-46C3-B10F-6A98CE654B8C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8709DA3C-C600-419C-935A-16E289ED7513}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{89D62246-6371-419E-A50B-A3F8BC153A2E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8B0AAE0D-C2AD-441A-9B48-C7817C7ABE60}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8F3E33F4-844F-4BDA-B6FE-F7DEACFB4BAD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{92F2E679-7B25-4157-8128-8D60D1BCE291}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9695325A-B26F-441A-89F7-CD4EEEE9E6C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{97CF5F05-FB95-452F-8BEA-06829472A547}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{9F8F9D31-88D9-443D-B912-0EFB234225F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A3572F52-D9CD-4ED0-9F6B-A9841DB14EA8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A72FC73E-1FE3-4671-A487-04C7F8786EC4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A76E9744-EB16-4277-8852-141BE5C18FFC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A794E2B9-F001-4164-AB7A-DDA926FD8B60}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B1DF57A8-556B-4E50-9680-526B466B2BA1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B3C5D727-2D1F-4BEB-BAE5-3FBBF06FC7BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BA5B2731-392A-4DFD-A062-AC6CF6FFD4C8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{BA7DC72A-C683-4FF3-8F05-61E2A7EE5C48}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{BC7D020E-9F2F-4B99-B7A4-1C7F3D2937C3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BDA90668-816C-4009-99D5-AD4727C227F4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C1965459-C0FE-43F9-B3E4-95393BFA8245}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CE2B933D-3832-4F85-BF26-EBD531DDCC2A}" = protocol=6 | dir=in | app=c:\program files\konz\focus-money\ep_konz.exe | 
"{D8525B8A-EE1C-4945-BE25-090C509080D6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{DDF1DC1A-11A6-42FE-B44D-1113982776A3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{DF2A6DE0-C30B-40E5-BC56-F909A04200FD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E07D0B3C-FBA6-4FF9-B276-1B4F3B1722B9}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{E1E10F8A-86FA-4C2D-A45A-75209ED1D7E9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EC02F637-2858-48CE-A05D-076445488434}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ED939D7A-8C25-4B54-9C34-51F9DCBAA62C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{ED9F88B6-AA65-4040-8A2D-D6501A59CE66}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EEC0A45B-F4BC-4ED7-888F-FB727523277C}" = protocol=17 | dir=in | app=c:\program files\konz\focus-money\ep_konz.exe | 
"{F1259967-1E0D-49EC-83CF-D01D6EF0E102}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F40C9E27-8637-4ABB-8DCE-75289F76A0B6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F8D5E3BD-3C0A-47B0-A6B3-2F5D9A77D408}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FAA0CA2C-0A7C-4EED-9F89-37F509CB67A0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FEE04928-5E8B-45D0-8BA7-9130E4CF886E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{09E9A041-822C-4678-8136-F4051BA68F08}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"TCP Query User{108A0009-90A1-4C10-92EE-B75B017B4F6A}D:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe | 
"TCP Query User{2FF790CF-879F-4A5C-9833-092175E22E5E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{31D2C267-A46D-4304-93D3-22F1A011939C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{3499307D-F89C-4EE2-A51A-5A509DB6BD2F}C:\program files\route 66\route 66 sync\sync9loader.exe" = protocol=6 | dir=in | app=c:\program files\route 66\route 66 sync\sync9loader.exe | 
"TCP Query User{4972F2E9-9EB1-4232-B4D9-72A4F433F3BC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{BDB7C3C2-5BB4-452A-8EA8-DAECF0A9D045}D:\programme\icq6\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6\icq.exe | 
"TCP Query User{EEDB491E-0B3A-40F8-8E43-41BCB0478026}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{1875A7C8-7D89-4D28-9E8B-760D6EC26102}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"UDP Query User{2F923B68-BAF3-485E-86C5-C421CAE610E6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{72752AB4-64E5-4E10-9C4E-FDF1EFB30417}D:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe | 
"UDP Query User{79C5A1C8-5102-45A1-9A14-F49A10F1F91A}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{818E54E5-AB73-428F-BEFC-AEE3EFB7480B}C:\program files\route 66\route 66 sync\sync9loader.exe" = protocol=17 | dir=in | app=c:\program files\route 66\route 66 sync\sync9loader.exe | 
"UDP Query User{93C684DB-3636-4DBE-A279-E6CD6EC829A5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{AD5EB39B-4582-440C-9D61-248C95323EA6}D:\programme\icq6\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6\icq.exe | 
"UDP Query User{B62F8EA5-D6B8-44A2-9A94-9BCFDF760C88}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1D6721B-9C28-4E3F-9DE1-C6584B99465D}" = Intel(R) PROSet/Wireless WiFi-Software
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DB306600-E862-43B3-9C52-CA1D6C5B192B}" = ROUTE 66 Sync
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo WinOptimizer 4 FREE_is1" = Ashampoo WinOptimizer 4 FREE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"bwin" = bwin Poker (remove only)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"HijackThis" = HijackThis 2.0.2
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"InstallShield_{DB306600-E862-43B3-9C52-CA1D6C5B192B}" = ROUTE 66 Sync
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"WinRAR archiver" = WinRAR archiver
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 19.10.2009 14:39:33 | Computer Name = CS | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.10.2009 14:44:01 | Computer Name = CS | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.10.2009 01:11:21 | Computer Name = CS | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.10.2009 07:39:11 | Computer Name = CS | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.10.2009 08:37:49 | Computer Name = CS | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.10.2009 08:49:01 | Computer Name = CS | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.10.2009 08:49:01 | Computer Name = CS | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.10.2009 08:49:01 | Computer Name = CS | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.10.2009 09:48:23 | Computer Name = CS | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 21.10.2009 01:57:37 | Computer Name = CS | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 13.07.2010 16:03:20 | Computer Name = CS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 11280
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 05.11.2010 15:50:34 | Computer Name = CS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10310
 seconds with 660 seconds of active time.  This session ended with a crash.
 
Error - 17.12.2010 12:19:06 | Computer Name = CS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6566
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19.12.2010 09:32:31 | Computer Name = CS | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 19.12.2010 um 14:30:48 unerwartet heruntergefahren.
 
Error - 19.12.2010 09:33:26 | Computer Name = CS | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.12.2010 09:33:49 | Computer Name = CS | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 19.12.2010 09:35:58 | Computer Name = CS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 19.12.2010 10:00:08 | Computer Name = CS | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 19.12.2010 um 14:58:19 unerwartet heruntergefahren.
 
Error - 19.12.2010 10:01:14 | Computer Name = CS | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.12.2010 10:04:05 | Computer Name = CS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 19.12.2010 10:22:37 | Computer Name = CS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 19.12.2010 10:23:07 | Computer Name = CS | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 19.12.2010 10:23:07 | Computer Name = CS | Source = Service Control Manager | ID = 7032
Description = 
 
 
< End of report >

Gmer Log

Code

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-19 15:47:32
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 TOSHIBA_ rev.LV01
Running: gr7u2j5d.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\pxldqpow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                                                     sector 00 (MBR): rootkit-like behavior; 
Disk            \Device\Harddisk0\DR0                                                                                                                                     sector 01: rootkit-like behavior; 
Disk            \Device\Harddisk0\DR0                                                                                                                                     sector 03: rootkit-like behavior; 
Disk            \Device\Harddisk0\DR0                                                                                                                                     sector 04: rootkit-like behavior; 
Disk            \Device\Harddisk0\DR0                                                                                                                                     sectors 625142192 (+255): rootkit-like behavior; 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                   Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                                   Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskTOSHIBA_MK3252GSX_______________________LV011E__#4&1f68091a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}  device not found

---- EOF - GMER 1.0.15 ----

#3 Schritt 1

Teatimer abstellen

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

Schritt 2

Ich sehe DU hast Malwarebytes. Hast Du damit gescannt und wurde was gefunden?

Schritt 3

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte
während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking
und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
• Dein Anti-Virus-Programm während des Scans deaktivieren.
• Button drücken.Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
• IE-User: müssen das Installieren eines ActiveX Elements erlauben.
• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Remove found threads" und "Scan archives".• drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde

• Klicke Finish.• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
• Logfile hier posten.

#4 Danke für die schnelle Antwort.
Die einzelnen Schritte habe ich erledigt. Die Ergebnisse folgen unten.

Schritt 2: Malwarebytes Scan
Da ich die Logdatei vom 17.12. zuerst nicht gesehen habe, habe ich einen erneuten Scan vorgenommen. Beim vollständigen Scan kam zweimal ein Bluescreen, weswegen ich dann zunächst einen Quick Scan und dann einen vollständigen durchgeführt habe. Danach habe ich das Ergebnis vom 17.12. gefunden - es war das: C:\Users\Christoph\AppData\Local\Temp\0.9154218856040218.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Ansonsten wurde nichts gefunden.

Die Ergebnisse von heute:

Quick Scan:

Code

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5214

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

20.12.2010 13:19:24
mbam-log-2010-12-20 (13-19-24).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150460
Laufzeit: 8 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hwefutiyayiyoh (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bdidomurediqatar (Trojan.Agent.U) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bdidomurediqatar (Trojan.Agent.U) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\config\systemprofile\AppData\Local\psvrents.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\update.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\ewewibiq.dll (Trojan.Agent.U) -> Delete on reboot.

Ergebnis des vollständigen Scans nach dem Reboot:

Code

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5214

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

20.12.2010 14:53:29
mbam-log-2010-12-20 (14-53-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 274832
Laufzeit: 1 Stunde(n), 28 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bdidomurediqatar (Trojan.Agent.U) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\config\systemprofile\AppData\Local\739975.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF15SB84\.exe[1] (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Windows\Temp\0.2568205231313194.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Schritt 3: ESET Online Scanner

Code

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=9043f2557d90384b96872369767e872c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-20 03:30:42
# local_time=2010-12-20 04:30:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 26616576 26616576 0 0
# compatibility_mode=1797 16775165 100 94 188412 29387941 187526 0
# compatibility_mode=5892 16776574 100 95 39033534 130387413 0 0
# compatibility_mode=8192 67108863 100 0 3702 3702 0 0
# scanned=134117
# found=2
# cleaned=2
# scan_time=4356
C:\Windows\Temp\gghreqCvBN.dll    Win32/Adware.HDDRescue application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Windows\Temp\vWLKdLDhCL.exe    Win32/Adware.HDDRescue application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C

Vielen Dank schon mal!

#5 Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

• BleepingComputer
• ForoSpyware**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**




• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
• Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
• Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

#6 Leider kann ich ComboFix nicht ausführen! Ich habe mehrmals einen Bluescreen erhalten - es war entweder keine Datei oder die oben bereits genannte "iaStor.sys" angegeben.

Einmal bin ich zumindest bis zu den ComboFix Bedingungen gekommen, danach war mein Notebook zunächst "überlastet" und irgendwann hat es neugestartet.

#7 CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

#8 Danke für die Antwort.

Gerade konnte ich hier im Forum nichtmals mehr einen Beitrag schreiben. Jedesmal kam dann "Seite kann nicht angezeigt werden". Musste den PC wechseln, um den Beitrag hier zu schreiben.

Die OTL.txt ist unten zu finden, eine Datei Extra.txt wurde bei mir nicht erstellt?!

Code

OTL logfile created on: 21.12.2010 18:56:23 - Run 2

OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Christoph\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18999)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy


3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,09 Gb Total Space | 86,42 Gb Free Space | 59,97% Space Free | Partition Type: NTFS

Drive D: | 144,00 Gb Total Space | 114,91 Gb Free Space | 79,80% Space Free | Partition Type: NTFS


Computer Name: CS | User Name: Christoph | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)

PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)


 

[color=#E56717]========== Modules (SafeList) ==========[/color]


MOD - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


 

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (PEVSystemStart) -- C:\32788R22FWJFW\pev.exe ()

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (Symantec Core LC) -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()

SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)

SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


 

[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - (SipIMNDI) -- C:\Windows\System32\DRIVERS\SipIMNDI.sys File not found

DRV - (pccsmcfd) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys File not found

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys File not found

DRV - (AgereSoftModem) -- C:\Windows\System32\DRIVERS\AGRSM.sys File not found

DRV - (ADDMEM) -- C:\Users\CHRIST~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS File not found

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)

DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)

DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()

DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)

DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\DRIVERS\iaNvStor.sys (Intel Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)

DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)

DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)


 

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


 

[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.studivz.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.63

FF - prefs.js..extensions.enabledItems: {DECD4CDC-AA42-4A5D-B5FF-EE05A87BFF50}:1.9.1

FF - prefs.js..extensions.enabledItems: {960A8EAA-4705-4A58-A2DA-916D0B04DEED}:1.9.1

FF - prefs.js..network.proxy.type: 0


 

FF - HKLM\software\mozilla\Firefox\Extensions\\{DECD4CDC-AA42-4A5D-B5FF-EE05A87BFF50}: C:\Windows\system32\config\systemprofile\AppData\Local\{DECD4CDC-AA42-4A5D-B5FF-EE05A87BFF50}\ [2010.12.20 11:38:57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.18 22:58:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.18 22:58:02 | 000,000,000 | ---D | M]


[2010.12.18 12:11:59 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions

[2010.12.21 15:43:12 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\td7sl4r4.default\extensions

[2010.12.19 13:46:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\td7sl4r4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.12.18 20:53:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\td7sl4r4.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2010.12.18 12:11:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml


O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1292763704009 (MUCatalogWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found


Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)

Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.I420 - MSh263.drv File not found

Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)

Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)


CREATERESTOREPOINT

Error creating restore point.


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2010.12.21 14:18:06 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010.12.21 14:18:06 | 000,000,000 | R--D | C] -- \32788R22FWJFW

[2010.12.21 10:45:42 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010.12.21 10:45:42 | 000,000,000 | ---D | C] -- \Qoobox

[2010.12.20 15:16:23 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2010.12.20 12:11:06 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{960A8EAA-4705-4A58-A2DA-916D0B04DEED}

[2010.12.19 15:31:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe

[2010.12.19 14:04:17 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Cumulative Security Update for Internet Explorer 8 for Windows Vista for x64-based Systems (KB2416400)

[2010.12.18 23:10:05 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live Safety Center

[2010.12.18 22:12:09 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client

[2010.12.18 21:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure

[2010.12.18 20:54:09 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\QuickScan

[2010.12.18 20:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

[2010.12.18 17:06:58 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Tygeb

[2010.12.18 17:01:59 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys

[2010.12.18 17:01:33 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security

[2010.12.18 12:11:09 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox

[2010.12.17 23:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2010.12.17 13:00:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010.12.14 13:55:21 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime

[2010.11.29 23:29:50 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes

[2010.11.29 23:29:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.11.29 23:29:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.11.29 23:29:40 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.11.29 23:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.11.29 21:13:00 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Avira

[2006.11.24 06:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll

[2006.11.24 06:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2010.12.21 18:55:22 | 000,078,199 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010.12.21 18:22:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010.12.21 17:42:44 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job

[2010.12.21 17:23:40 | 000,634,352 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.12.21 17:23:40 | 000,601,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.12.21 17:23:40 | 000,128,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.12.21 17:23:40 | 000,105,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.12.21 17:18:31 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010.12.21 17:18:15 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010.12.21 17:18:15 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010.12.21 17:17:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.12.21 17:17:36 | 3215,556,608 | -HS- | M] () -- C:\hiberfil.sys

[2010.12.21 17:17:33 | 353,807,144 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010.12.21 14:17:14 | 000,078,199 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010.12.21 09:59:19 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010.12.21 09:56:12 | 003,995,649 | ---- | M] () -- C:\Users\Christoph\Desktop\Combo-Fix.exe

[2010.12.21 09:46:15 | 017,638,400 | ---- | M] () -- C:\Users\Christoph\Documents\Comunio_2010_2011 CS.xls

[2010.12.20 14:52:43 | 000,001,469 | ---- | M] () -- C:\Users\Christoph\Desktop\mbam-log-2010-12-20 (14-52-35) - 2

[2010.12.20 11:19:38 | 017,635,840 | ---- | M] () -- C:\Users\Christoph\Documents\Sicherungskopie von Comunio_2010_2011 CS.xlk

[2010.12.20 06:40:40 | 000,000,485 | ---- | M] () -- C:\Windows\System32\dmlg.dat

[2010.12.19 15:41:19 | 000,296,448 | ---- | M] () -- C:\Users\Christoph\Desktop\gr7u2j5d.exe

[2010.12.19 15:31:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe

[2010.12.18 12:55:54 | 017,602,560 | ---- | M] () -- C:\Users\Christoph\Documents\Kopie von Comunio_2010_2011 CS.xls

[2010.12.17 12:05:40 | 000,370,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010.12.16 17:57:52 | 000,050,088 | ---- | M] () -- C:\Users\Christoph\Desktop\Dok3.docx

[2010.12.16 14:18:59 | 000,141,824 | ---- | M] () -- C:\Users\Christoph\Documents\bundesliga2010-2011-Christoph.xls

[2010.12.08 11:22:24 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2010.12.02 07:22:47 | 000,009,502 | ---- | M] () -- C:\Users\Christoph\Documents\Note.xlsx

[2010.11.30 09:23:08 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat

[2010.11.29 23:37:46 | 011,419,648 | ---- | M] () -- C:\Users\Christoph\Documents\2E978000

[2010.11.29 23:29:44 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.11.24 20:30:30 | 000,013,824 | ---- | M] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.11.22 21:55:20 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2010.12.21 09:55:56 | 003,995,649 | ---- | C] () -- C:\Users\Christoph\Desktop\Combo-Fix.exe

[2010.12.20 14:52:42 | 000,001,469 | ---- | C] () -- C:\Users\Christoph\Desktop\mbam-log-2010-12-20 (14-52-35) - 2

[2010.12.19 15:41:15 | 000,296,448 | ---- | C] () -- C:\Users\Christoph\Desktop\gr7u2j5d.exe

[2010.12.19 13:25:04 | 353,807,144 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010.12.18 10:18:18 | 000,000,065 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\AcroIEHelpe.txt

[2010.12.16 17:52:41 | 000,050,088 | ---- | C] () -- C:\Users\Christoph\Desktop\Dok3.docx

[2010.12.16 17:28:05 | 000,000,485 | ---- | C] () -- C:\Windows\System32\dmlg.dat

[2010.11.30 09:23:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010.11.29 23:37:45 | 011,419,648 | ---- | C] () -- C:\Users\Christoph\Documents\2E978000

[2010.11.29 23:29:44 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.29 17:15:18 | 000,000,036 | ---- | C] () -- C:\Users\Christoph\AppData\Local\housecall.guid.cache

[2010.06.20 19:55:18 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll

[2009.12.18 21:05:17 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll

[2009.12.18 21:05:17 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys

[2009.12.18 21:04:39 | 000,002,006 | ---- | C] () -- \aqua_bitmap.cpp

[2009.09.24 18:50:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL

[2008.10.09 11:50:47 | 000,000,680 | ---- | C] () -- C:\Users\Christoph\AppData\Local\d3d9caps.dat

[2008.10.03 17:37:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2008.10.03 17:18:32 | 000,024,206 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\UserTile.png

[2008.09.23 14:34:10 | 000,013,824 | ---- | C] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.09.08 10:03:06 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS

[2008.09.08 10:03:06 | 000,000,000 | RHS- | C] () -- \IO.SYS

[2008.06.26 12:26:52 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008.06.25 22:03:28 | 3529,375,744 | -HS- | C] () --

[2008.06.25 07:13:55 | 3215,556,608 | -HS- | C] () --

[2008.06.25 06:48:51 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini

[2008.06.25 06:30:30 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini

[2008.06.25 06:30:30 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini

[2008.06.25 06:23:34 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll

[2008.06.25 06:22:16 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys

[2008.06.25 06:14:58 | 000,000,366 | ---- | C] () -- \RHDSetup.log

[2008.06.25 06:13:02 | 000,000,086 | ---- | C] () -- \Setup.log

[2008.02.08 10:31:21 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK

[2008.02.08 10:31:19 | 000,333,257 | RHS- | C] () -- \bootmgr

[2007.02.15 08:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll

[2006.11.29 09:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2006.11.02 11:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 07:25:08 | 000,000,010 | ---- | C] () -- \config.sys

[2006.10.09 02:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll

[2001.11.14 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll


[color=#E56717]========== LOP Check ==========[/color]


[2009.03.11 18:39:44 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Canneverbe_Limited

[2009.03.22 13:17:02 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DeepBurner

[2010.07.27 16:53:06 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.03.10 22:54:47 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Fit3DLive

[2009.12.04 16:01:48 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\GARMIN

[2010.12.21 18:55:03 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ICQ

[2009.12.18 21:17:58 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\PC Suite

[2008.10.03 17:18:31 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\PeerNetworking

[2010.12.18 20:54:29 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\QuickScan

[2010.09.20 08:54:57 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ROUTE 66 Sync

[2009.12.18 18:04:34 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Safer Networking

[2010.02.08 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Samsung

[2008.11.20 09:45:39 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\temp

[2010.12.18 17:07:23 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Tygeb

[2010.12.21 13:42:19 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010.12.21 17:42:44 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job


[color=#E56717]========== Purity Check ==========[/color]


 

 

[color=#E56717]========== Custom Scans ==========[/color]


 

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]

[2009.12.18 21:04:39 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp

[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2008.02.08 10:31:21 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2010.12.21 17:17:36 | 3215,556,608 | -HS- | M] () -- C:\hiberfil.sys

[2008.09.08 10:03:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008.09.08 10:03:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010.12.21 17:17:34 | 3529,375,744 | -HS- | M] () -- C:\pagefile.sys

[2008.06.25 06:15:35 | 000,000,366 | ---- | M] () -- C:\RHDSetup.log

[2008.10.08 16:41:56 | 000,000,086 | ---- | M] () -- C:\Setup.log


[color=#A23BEC]< %systemroot%\system32\*.wt >[/color]


[color=#A23BEC]< %systemroot%\system32\*.ruy >[/color]


[color=#A23BEC]< %systemroot%\Fonts\*.com >[/color]

[2006.11.02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2006.11.02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2006.11.02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009.09.24 20:06:20 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont


[color=#A23BEC]< %systemroot%\Fonts\*.dll >[/color]


[color=#A23BEC]< %systemroot%\Fonts\*.ini >[/color]

[2006.09.18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

[color=#A23BEC]< %systemroot%\Fonts\*.ini2 >[/color]


[color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color]

[2006.11.02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

[2007.04.09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

[2006.10.26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll


[color=#A23BEC]< %systemroot%\REPAIR\*.bak1 >[/color]


[color=#A23BEC]< %systemroot%\REPAIR\*.ini >[/color]


[color=#A23BEC]< %systemroot%\system32\*.jpg >[/color]


[color=#A23BEC]< %systemroot%\*.scr >[/color]


[color=#A23BEC]< %systemroot%\*._sy >[/color]


[color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color]


[color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color]


[color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color]


[color=#A23BEC]< %PROGRAMFILES%\*.* >[/color]

[2008.01.21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini

[color=#A23BEC]< %APPDATA%\Update\*.* >[/color]


[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]


[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]

[2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\rsaenh.dll

[2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\SLC.dll


[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]


[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]

[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV


[color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color]

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\user32.dll


[color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color]

[2008.01.21 03:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\ws2_32.dll


[color=#A23BEC]< %systemroot%\system32\ws2help.dll /md5 >[/color]

[2006.11.02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll


 

[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]

[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe


[color=#A23BEC]< MD5 for: WININIT.EXE  >[/color]

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe


[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe


[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]


[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-17 11:02:24


 

< End of report >

#9 Hast Du noch Probleme?

#10 Hallo,

ja, habe noch Probleme.. wie bereits gestern gesagt, kam gestern, als ich hier im Forum auf Antwort erstellen geklickt habe, immer "Seite kann nicht angezeigt werden". Dazu kam eben wieder "Hostserver für Windows Dienste funktioniert nicht mehr". Und nahezu im Minutentakt meldet AntiVir im Moment einen Fund.

#11 Vielleicht noch folgender Hinweis. Ich habe im Online Banking zuletzt auch ein "zusätzliches TAN-Fenster" bekommen. Gerade habe ich gesehen, dass meine Bank dazu auch einen Hinweis gegeben hat.

Zitat

Details zum aktuellen Virus
Die in diesem Fall beschriebene TAN-Abfrage wird durch einen Schädling aus der Zeus-Familie verursacht. Hierbei handelt es sich um einen Schädling, der in einschlägigen Internetforen gekauft und sich wie in einem Baukastensystem zusammenstellen lässt. Aus dem Baukastensystem können Hacker eine Vielzahl von maßgeschneiderten Schädlingen fertigen.

Ist der Rechner einmal infiziert, können beliebige Schadfunktionen ausgeführt werden, da der Rechner durch den Initiator des Angriffs ferngesteuert wird. Dazu gehört als erste Aktion immer die Manipulation des installierten Virenscanners mit Hilfe von Rootkitfunktionen (Administratorenrechte), um den Schädling für den Virenscanner unsichtbar zu machen. Das ist der Grund, warum viele Virenscanner trotz aktualisierter Signaturen nicht in der Lage sind, den Schädling zu entfernen.

Selbst wenn der Schädling entfernt werden kann, bleibt die Gefahr bestehen, dass die durch den Schädling verursachten Veränderungen am System bestehen bleiben und so weitere Hintertüren oder Schwachstellen die Sicherheit des Rechners und damit auch die Sicherheit des Kunden gefährden.

Auch eine Formatierung der Festplatte reicht nicht immer aus, um den Schädling zu entfernen, da es Varianten gibt, die sich im Master Boot Record (MBR) der Festplatte einnisten und bei jedem Rechnerstart wieder aktiv werden.

Wir empfehlen daher, eine Analyse durch einen Fachmann vornehmen zu lassen, der den Schädling entfernen kann. Eine vorherige externe Sicherung wichtiger Dokumente ist empfehlenswert. Alle Authentifikationsdaten (PIN, Passwörter etc.), die an dem befallenen PC in letzter Zeit genutzt wurden, sollten umgehend an einem nicht befallenen PC geändert werden.

Eine Neuinstallation scheint mittlerweile unumgänglich. Kann mir jemand sagen, wie ich meine MBRs sauber kriege, damit mein neues System nicht direkt wieder befallen ist? Und ob ich meine persönlichen Dateien (E-Mails, Dokumente etc.) übertragen kann, ohne dass ich mich selbst wieder infiziere? Welche Programm sollten dann zum Schutz direkt installiert werden?

Vielen Dank!

#12 Also dann würe ich Dir Vorschlagen das System kmplett neu aufzusetzen. Alles andere wäre zu Riskant und ohne Erfolg.