trojaner OTL.txt

lissy200681 · 16.02.2013, 18:01

hallo zusammen! ich habe mich hier quer durchs forum gelesen und es bis hier hin (OTL.txt) geschafft. nun brauche ich aber hilfe, weil ich keine ahnung habe wie es jetzt weitergeht und so wie ich es verstanden habe sind diese OTL.txt immer nur für den infizierten pc und nicht allgemein ich schick euch mal den text durch und würde mich wirklich sehr über hilfe freuen:

OTL logfile created on: 2/16/2013 5:05:16 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Basic (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.16473)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

894.00 Mb Total Physical Memory | 690.00 Mb Available Physical Memory | 77.00% Memory free
806.00 Mb Paging File | 717.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.67 Gb Total Space | 36.36 Gb Free Space | 52.95% Space Free | Partition Type: NTFS
Drive D: | 5.86 Gb Total Space | 2.65 Gb Free Space | 45.28% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2007/06/19 06:31:37 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/03/12 03:22:00 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/01/10 23:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2007/01/09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/08 07:42:27 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/11/08 07:42:27 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2006/11/02 04:46:13 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2006/11/02 04:46:12 | 000,167,424 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/26 18:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006/10/13 09:29:12 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/09/20 12:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2005/11/17 08:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2004/12/12 22:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2008/11/11 07:23:09 | 000,045,344 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008/11/11 07:23:01 | 000,485,920 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/06/19 06:34:49 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/06/07 03:24:04 | 000,212,280 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070612.005\IDSvix86.sys -- (IDSvix86)
DRV - [2007/05/15 03:00:00 | 000,852,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070618.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/05/15 03:00:00 | 000,389,432 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/05/15 03:00:00 | 000,106,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2007/05/15 03:00:00 | 000,077,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070618.019\NAVENG.SYS -- (NAVENG)
DRV - [2007/04/23 11:47:20 | 000,219,136 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\viahduaa.sys -- (HdAudAddService)
DRV - [2007/03/27 10:11:42 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/03/27 10:11:42 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/03/27 10:11:42 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/02/05 07:53:42 | 000,842,752 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VTGKModeDX32.sys -- (S3GIGP)
DRV - [2007/01/06 16:05:42 | 000,199,680 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2006/11/02 02:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/10/25 07:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 07:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/10/24 07:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/10/24 07:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/10/06 08:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/12/23 10:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ULCDRHlp.sys -- (ULCDRHlp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\BUDA_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kabeldeutschland.de/portal
IE - HKU\BUDA_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\BUDA_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/10 04:23:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/02/10 04:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BUDA\AppData\Roaming\Mozilla\Extensions
[2013/02/10 04:23:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/12/21 02:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 00:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/21 00:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 00:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/21 00:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/21 00:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/21 00:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CHotkey] C:\Windows\mHotkey.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.)
O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Lexmark 1200 Series] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [showwnd] C:\Windows\ShowWnd.exe ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\BUDA_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\BUDA_ON_C..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\BUDA_ON_C..\Run: [Teikel] C:\Users\BUDA\AppData\Roaming\Uwadb\eneg.exe ()
O4 - HKU\BUDA_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\BUDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\BUDA_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\BUDA_ON_C Winlogon: Shell - (C:\Users\BUDA\AppData\Roaming\skype.dat) - C:\Users\BUDA\AppData\Roaming\skype.dat ()
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2368f650-3516-11dc-9054-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2368f650-3516-11dc-9054-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/02/16 10:43:03 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2013/02/14 15:17:34 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Roaming\Uwadb
[2013/02/14 15:17:34 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Roaming\Opfi
[2013/02/14 15:17:34 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Roaming\Bikuva
[2013/02/11 11:54:35 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/02/11 11:54:33 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/02/11 11:43:43 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/02/11 11:36:01 | 000,374,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2013/02/11 11:34:19 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2013/02/11 11:34:19 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2013/02/11 11:31:02 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013/02/11 11:31:02 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013/02/11 11:29:19 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2013/02/11 11:27:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2013/02/11 11:26:22 | 000,713,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2013/02/11 11:24:55 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2013/02/11 11:23:30 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2013/02/11 11:23:29 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2013/02/11 11:23:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2013/02/11 11:23:29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2013/02/11 11:15:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/02/11 11:13:43 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2013/02/11 11:12:30 | 000,109,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/02/11 11:12:30 | 000,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2013/02/11 11:11:12 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013/02/11 11:09:18 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2013/02/11 11:09:18 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll
[2013/02/11 11:09:18 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/02/11 11:09:17 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/02/11 10:10:14 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013/02/11 10:10:08 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2013/02/11 10:10:07 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2013/02/11 09:44:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2013/02/11 09:44:43 | 004,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2013/02/11 09:44:43 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/02/11 09:43:34 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2013/02/11 09:43:34 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2013/02/11 09:43:33 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2013/02/11 09:43:33 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2013/02/11 09:43:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2013/02/11 09:43:30 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2013/02/11 09:43:28 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2013/02/11 09:43:27 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2013/02/11 09:41:57 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2013/02/11 09:40:13 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2013/02/11 09:37:08 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2013/02/11 09:37:08 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2013/02/11 09:36:07 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2013/02/11 09:35:13 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2013/02/11 09:33:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2013/02/11 09:32:34 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013/02/11 09:32:32 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2013/02/11 09:32:32 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2013/02/11 09:32:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2013/02/11 09:32:31 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2013/02/11 09:30:49 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2013/02/11 09:29:27 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013/02/11 09:29:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2013/02/11 09:29:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2013/02/11 09:29:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2013/02/11 09:29:08 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2013/02/10 14:22:26 | 000,232,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/02/10 04:23:27 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Roaming\Mozilla
[2013/02/10 04:23:27 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Local\Mozilla
[2013/02/10 04:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/10 03:50:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3192C226-BD81-479F-822D-6CF72EE1AB45}
[2013/02/10 03:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Kabel Deutschland
[2013/02/10 03:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kabel Deutschland
[2013/02/10 03:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\mquadr.at
[2013/02/10 03:47:55 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Local\PackageAware
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/16 10:51:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/16 10:50:13 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/16 10:50:13 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/16 10:49:55 | 937,541,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/16 10:43:31 | 000,000,004 | ---- | M] () -- C:\Users\BUDA\AppData\Roaming\skype.ini
[2013/02/16 09:20:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5CDEEC43-AD70-4717-8A64-53F46756EE77}.job
[2013/02/14 16:27:44 | 022,396,928 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2013/02/14 16:27:43 | 000,049,152 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2013/02/14 16:27:43 | 000,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2013/02/14 15:34:13 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/14 15:34:12 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/02/14 15:34:12 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/02/14 15:34:12 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/14 15:02:28 | 000,001,768 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2013/02/14 15:02:21 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2013/02/14 15:02:20 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades
[2013/02/14 14:56:38 | 000,394,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/11 11:54:36 | 003,502,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/02/11 11:54:34 | 003,468,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/02/11 11:43:43 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/02/11 11:36:01 | 000,374,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2013/02/11 11:34:19 | 000,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2013/02/11 11:34:19 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2013/02/11 11:31:02 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013/02/11 11:31:02 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013/02/11 11:29:19 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2013/02/11 11:27:48 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2013/02/11 11:26:22 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2013/02/11 11:24:55 | 000,356,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2013/02/11 11:23:30 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2013/02/11 11:23:29 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2013/02/11 11:23:29 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2013/02/11 11:23:29 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2013/02/11 11:15:07 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/02/11 11:13:43 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2013/02/11 11:12:30 | 000,109,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/02/11 11:12:30 | 000,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2013/02/11 11:11:12 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013/02/11 11:09:18 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2013/02/11 11:09:18 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll
[2013/02/11 11:09:18 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/02/11 11:09:17 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/02/11 10:10:14 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013/02/11 10:10:08 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2013/02/11 10:10:07 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2013/02/11 09:44:49 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2013/02/11 09:44:43 | 004,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2013/02/11 09:44:43 | 001,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/02/11 09:43:35 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2013/02/11 09:43:34 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2013/02/11 09:43:33 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2013/02/11 09:43:33 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2013/02/11 09:43:33 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2013/02/11 09:43:30 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2013/02/11 09:43:29 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2013/02/11 09:43:28 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2013/02/11 09:41:57 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2013/02/11 09:40:14 | 001,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2013/02/11 09:37:08 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2013/02/11 09:37:08 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2013/02/11 09:36:07 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2013/02/11 09:35:13 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2013/02/11 09:33:35 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2013/02/11 09:32:32 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2013/02/11 09:32:32 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2013/02/11 09:32:32 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2013/02/11 09:32:32 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2013/02/11 09:30:49 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2013/02/11 09:29:28 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013/02/11 09:29:21 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2013/02/11 09:29:20 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2013/02/11 09:29:08 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2013/02/10 04:23:11 | 000,000,875 | ---- | M] () -- C:\Users\BUDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/10 04:23:11 | 000,000,863 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/10 04:23:11 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/10 03:49:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kabel Deutschland
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/16 10:49:55 | 937,541,632 | -HS- | C] () -- C:\hiberfil.sys
[2013/02/14 15:24:12 | 000,000,004 | ---- | C] () -- C:\Users\BUDA\AppData\Roaming\skype.ini
[2013/02/11 10:16:35 | 000,049,152 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2013/02/11 10:16:35 | 000,016,384 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2013/02/11 10:16:34 | 022,396,928 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2013/02/10 04:23:11 | 000,000,875 | ---- | C] () -- C:\Users\BUDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/10 04:23:11 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/10 04:23:11 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/12/08 12:03:20 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010/12/08 12:02:42 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010/06/08 08:19:24 | 000,692,224 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2010/06/08 08:19:24 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2009/07/19 06:17:41 | 000,552,960 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/07/19 06:17:41 | 000,159,744 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/07/19 06:17:41 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2008/09/18 09:52:50 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2008/09/18 09:05:04 | 000,087,312 | ---- | C] () -- C:\Windows\mws.exe
[2008/01/22 11:04:22 | 000,000,680 | ---- | C] () -- C:\Users\BUDA\AppData\Local\d3d9caps.dat
[2008/01/11 14:26:59 | 000,000,042 | ---- | C] () -- C:\Users\BUDA\AppData\default.pls
[2007/12/21 09:24:01 | 000,013,574 | ---- | C] () -- C:\Users\BUDA\AppData\Roaming\wklnhst.dat
[2007/11/29 13:40:06 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2007/11/29 13:40:06 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2007/11/29 13:40:06 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2007/11/29 13:40:06 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2007/11/29 13:40:06 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2007/11/29 13:40:06 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2007/11/29 13:40:06 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2007/11/29 13:40:06 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2007/11/29 13:40:06 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2007/11/29 13:40:06 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2007/11/29 13:40:06 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2007/11/29 13:40:06 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2007/11/29 13:40:06 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2007/11/29 13:40:06 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2007/11/29 13:40:06 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2007/11/29 13:40:06 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2007/11/29 13:40:06 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2007/11/29 13:40:06 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2007/11/29 13:40:06 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/11/29 13:31:10 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2007/10/18 02:43:30 | 000,000,441 | ---- | C] () -- C:\Windows\hwsolii.ini
[2007/07/27 13:43:31 | 000,000,092 | ---- | C] () -- C:\Windows\lexstat.ini
[2007/07/27 13:43:01 | 000,155,648 | ---- | C] () -- C:\Windows\System32\LEXPING.EXE
[2007/07/27 13:42:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2007/07/27 13:42:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE
[2007/07/25 16:51:56 | 000,036,864 | ---- | C] () -- C:\Users\BUDA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/19 03:36:32 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
[2007/06/19 03:36:31 | 000,547,840 | ---- | C] () -- C:\Windows\mHotkey.exe
[2007/06/19 03:36:31 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2007/06/19 03:36:31 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2007/06/19 03:36:31 | 000,011,776 | ---- | C] () -- C:\Windows\HIDMNT.dll
[2007/06/19 03:34:09 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007/01/24 00:08:03 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 10:38:05 | 000,641,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 10:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 10:38:05 | 000,116,706 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 10:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,394,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:31:23 | 000,122,880 | -HS- | C] () -- C:\Users\BUDA\AppData\Roaming\skype.dat
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/10/27 01:26:56 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2006/01/30 07:42:22 | 000,000,270 | ---- | C] () -- C:\Windows\System32\lxczcoin.ini
[1997/12/12 21:05:06 | 000,000,008 | ---- | C] () -- C:\Windows\pkkeor.ini

========== LOP Check ==========

[2013/02/14 15:17:34 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\Bikuva
[2008/03/06 14:54:59 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\EPSON
[2008/09/18 09:04:48 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\InterVideo
[2008/09/18 09:14:43 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\Leadertech
[2010/12/08 12:10:49 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\MAGIX
[2013/02/14 15:17:44 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\Opfi
[2008/02/01 11:56:44 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\Sigel
[2007/12/21 09:24:27 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\Template
[2013/02/14 15:17:34 | 000,000,000 | ---D | M] -- C:\Users\BUDA\AppData\Roaming\Uwadb
[2007/07/24 16:42:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2007/07/24 16:42:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2007/07/24 16:42:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2007/11/29 13:39:22 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2007/07/24 16:42:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2010/12/08 13:57:04 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2013/02/10 03:49:44 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at
[2009/11/28 01:15:38 | 000,000,000 | ---D | M] -- C:\ProgramData\SF
[2007/07/24 16:42:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/03/11 17:48:30 | 000,000,000 | ---D | M] -- C:\ProgramData\UDL
[2007/07/24 16:42:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/02/10 03:50:25 | 000,000,000 | -H-D | M] -- C:\ProgramData\{3192C226-BD81-479F-822D-6CF72EE1AB45}
[2007/06/19 04:07:46 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2013/02/16 10:51:00 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/02/16 09:20:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5CDEEC43-AD70-4717-8A64-53F46756EE77}.job

========== Purity Check ==========

< End of report >

aharonov · 16.02.2013, 18:22

Hallo lissy200681 und

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich.
Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.
Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.

Hinweise zum Ablauf

Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
- Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
- Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles gesammelt in einer Antwort.
- Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
- Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.

Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert. Deshalb: Bitte
- .. lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
- .. installiere oder deinstalliere während der Bereinigung keine Software.
- .. frag nicht parallel in anderen Foren nach Hilfe (Crossposting).

Ich kann dir keine Garantien geben, dass die Bereinigung schlussendlich erfolgreich sein wird und wir alles finden werden.
- Ein Formatieren und Neuinstallieren ist meist der schnellere und immer der sicherere Weg.
- Sollte ich eine schwerwiegende Infektion bei dir finden, werde ich dich nochmals darauf hinweisen. Es bleibt aber deine Entscheidung.

Los geht's: Alle Tools immer auf den Desktop speichern und von dort starten.

Ich übernehme jetzt die Problembeschreibung für dich: Ein Sperrbildschirm hindert dich daran, den Rechner normal aufzustarten und du möchtest ihn gerne loswerden. Korrekt?

Im ersten Schritt entfernen wir diese Sperre. Versuche dann wieder normal nach Windows zu starten und die restlichen Schritte dort auszuführen:

Schritt 1

Starte den infizierten Rechner mit der OTLpe-CD und öffne OTLpe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:OTL
O4 - HKU\BUDA_ON_C..\Run: [Teikel] C:\Users\BUDA\AppData\Roaming\Uwadb\eneg.exe ()
O20 - HKU\BUDA_ON_C Winlogon: Shell - (C:\Users\BUDA\AppData\Roaming\skype.dat) - C:\Users\BUDA\AppData\Roaming\skype.dat ()
[2013/02/14 15:17:34 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Roaming\Uwadb
[2013/02/14 15:17:34 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Roaming\Opfi
[2013/02/14 15:17:34 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Roaming\Bikuva
[2013/02/14 15:24:12 | 000,000,004 | ---- | C] () -- C:\Users\BUDA\AppData\Roaming\skype.ini

Klicke jetzt auf den Fix Button.
Starte danach neu und versuche wieder in den normalen Modus von Windows zu booten.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\OTL\MovedFiles\<time_date.log>)
Kopiere nun dessen Inhalt hier in deinen Thread.

Jetzt wieder normal nach Windows starten.

Schritt 2

Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.

Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
Schliesse bitte alle anderen Programme.
Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Sollte sich ein Fenster mit folgender Warnung öffnen
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
dann klicke unbedingt auf No.
Entferne rechts den Haken bei:
- IAT/EAT
- Show all
Setze rechts den Haken bei deiner Systempartition (normalerweise C:\).
Starte den Scan mit einem Klick auf Scan.
Mache gar nichts am Computer, während der Scan läuft!
Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
Füge bitte den Inhalt des Logfiles hier in deine Thread ein.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.

Schritt 3

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTLpe
Log von Gmer
Logs von OTL

lissy200681 · 16.02.2013, 21:06

Hi, Hallo! Sorry das es sooo lange gedauert hat. Er funktioniert wieder. VIELEN LIEBEN DANK!!

GMER
GMER Logfile:

Code:

ATTFilter

GMER 2.1.18952 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-02-16 20:20:24
Windows 6.0.6000  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD800BEAS-22RRT0 rev.04.01G04 74,53GB
Running: l97e9c9m.exe; Driver: C:\Users\BUDA\AppData\Local\Temp\kxtdqpow.sys


---- System - GMER 2.1 ----

SSDT            83E77BC8                                                                         ZwConnectPort

---- User code sections - GMER 2.1 ----

?               C:\Windows\system32\svchost.exe[1760] C:\Windows\system32\smss.exe               image checksum mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dllunknown module: urlmon.dllunknown module: VERSION.dll
.text           C:\Windows\system32\svchost.exe[1760] USER32.dll!DialogBoxIndirectParamAorW      7717146C 5 Bytes  [33, C0, C2, 18, 00] {XOR EAX, EAX; RET 0x18}

---- Devices - GMER 2.1 ----

Device                                                                                           Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
Device                                                                                           fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                          SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                          SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice                                                                                   fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Processes - GMER 2.1 ----

Process          (*** hidden *** )                                                               [4] 82E54AB0                                                                                                                          
Library         c:\windows\system32\z (*** hidden *** ) @ C:\Windows\Explorer.EXE [424]          0x6A300000                                                                                                                            
Library         c:\windows\system32\z (*** hidden *** ) @ C:\Windows\system32\svchost.exe [968]  0x6A300000
                                                                                                                            
---- EOF - GMER 2.1 ----

--- --- ---
OTLOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.02.2013 20:26:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16473)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
893,50 Mb Total Physical Memory | 264,10 Mb Available Physical Memory | 29,56% Memory free
2,00 Gb Paging File | 1,11 Gb Available in Paging File | 55,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,67 Gb Total Space | 36,32 Gb Free Space | 52,90% Space Free | Partition Type: NTFS
Drive D: | 5,86 Gb Total Space | 2,65 Gb Free Space | 45,22% Space Free | Partition Type: NTFS
Drive F: | 991,22 Mb Total Space | 976,13 Mb Free Space | 98,48% Space Free | Partition Type: FAT
 
Computer Name: BUDA-PC | User Name: BUDA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.16 15:31:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2013.02.11 17:11:12 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.11.13 18:38:28 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.3\program\soffice.bin
PRC - [2007.11.13 18:38:26 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.3\program\soffice.exe
PRC - [2007.06.19 12:31:37 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007.05.23 10:13:22 | 001,187,840 | ---- | M] (VIA.) -- C:\Programme\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe
PRC - [2007.05.16 16:59:18 | 000,259,632 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NeroGadgetCMServer.exe
PRC - [2007.05.16 08:27:38 | 001,209,904 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.05.16 08:27:16 | 000,153,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.03.01 07:01:00 | 000,180,736 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
PRC - [2007.01.11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2007.01.09 21:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe
PRC - [2007.01.09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006.12.15 14:04:26 | 000,176,128 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\Windows\System32\s3trayp.exe
PRC - [2006.12.13 10:22:48 | 004,530,176 | ---- | M] () -- C:\Programme\Hotkey_Driver\HotKeyDriver.exe
PRC - [2006.11.08 13:42:27 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006.11.02 13:34:31 | 001,196,032 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2006.11.02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006.11.02 10:44:50 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2006.10.26 19:24:54 | 000,098,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2006.09.20 18:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2005.12.15 16:40:10 | 000,547,840 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2005.06.23 19:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004.12.13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2002.05.03 10:47:46 | 000,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.08.08 18:15:02 | 000,828,416 | ---- | M] () -- C:\Programme\OpenOffice.org 2.3\program\libxml2.dll
MOD - [2006.12.13 10:22:48 | 004,530,176 | ---- | M] () -- C:\Programme\Hotkey_Driver\HotKeyDriver.exe
MOD - [2006.12.11 16:10:26 | 000,049,152 | ---- | M] () -- C:\Programme\Hotkey_Driver\AudioControlDLL.dll
MOD - [2006.11.08 16:15:50 | 000,009,384 | ---- | M] () -- C:\Programme\Norton Internet Security\Norton AntiVirus\NAVShExt.loc
MOD - [2005.12.15 16:40:10 | 000,547,840 | ---- | M] () -- C:\Windows\mHotkey.exe
MOD - [2001.07.02 19:36:30 | 000,024,576 | ---- | M] () -- C:\Windows\HKNTDLL.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2007.06.19 12:31:37 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007.03.12 09:22:00 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007.01.11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2007.01.09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007.01.09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007.01.09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007.01.09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006.11.08 13:42:27 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006.11.08 13:42:27 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2006.11.02 13:34:59 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.11.02 10:46:13 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2006.11.02 10:46:12 | 000,167,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.10.27 00:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006.10.26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.13 15:29:12 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006.09.20 18:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2004.12.13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\BUDA\AppData\Local\Temp\kxtdqpow.sys -- (kxtdqpow)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008.11.11 13:23:09 | 000,045,344 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008.11.11 13:23:01 | 000,485,920 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007.06.19 12:34:49 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007.06.07 09:24:04 | 000,212,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070612.005\IDSvix86.sys -- (IDSvix86)
DRV - [2007.05.15 09:00:00 | 000,852,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070618.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2007.05.15 09:00:00 | 000,389,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007.05.15 09:00:00 | 000,106,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2007.05.15 09:00:00 | 000,077,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070618.019\NAVENG.SYS -- (NAVENG)
DRV - [2007.04.23 17:47:20 | 000,219,136 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (HdAudAddService)
DRV - [2007.03.27 16:11:42 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007.03.27 16:11:42 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007.03.27 16:11:42 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007.02.05 13:53:42 | 000,842,752 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VTGKModeDX32.sys -- (S3GIGP)
DRV - [2007.01.06 22:05:42 | 000,199,680 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.10.25 13:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006.10.25 13:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006.10.24 13:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2006.10.24 13:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2006.10.06 14:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004.12.23 16:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2618493930-3193780919-2297282783-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Kabel Deutschland Kundenportal*-*Startseite
IE - HKU\S-1-5-21-2618493930-3193780919-2297282783-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2618493930-3193780919-2297282783-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2618493930-3193780919-2297282783-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2618493930-3193780919-2297282783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.10 10:23:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.02.10 10:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BUDA\AppData\Roaming\mozilla\Extensions
[2013.02.10 10:23:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CHotkey] C:\Windows\mHotkey.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.)
O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [showwnd] C:\Windows\ShowWnd.exe ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2618493930-3193780919-2297282783-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2618493930-3193780919-2297282783-1000..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2618493930-3193780919-2297282783-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\BUDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\BUDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Programme\OpenOffice.org 2.3\program\quickstart.exe ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27370B25-1C7F-4629-B44C-2D81DCD0E1FD}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2618493930-3193780919-2297282783-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\BUDA\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\BUDA\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2368f650-3516-11dc-9054-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2368f650-3516-11dc-9054-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.17 00:48:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.16 18:52:10 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2013.02.11 17:54:35 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.11 17:54:33 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.11 17:36:01 | 000,374,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2013.02.11 17:34:19 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2013.02.11 17:34:19 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2013.02.11 17:31:02 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.02.11 17:31:02 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.02.11 17:29:19 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2013.02.11 17:27:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2013.02.11 17:26:22 | 000,713,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2013.02.11 17:24:55 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2013.02.11 17:23:30 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2013.02.11 17:23:29 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2013.02.11 17:23:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2013.02.11 17:23:29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2013.02.11 17:15:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.02.11 17:12:30 | 000,109,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013.02.11 17:12:30 | 000,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2013.02.11 17:11:12 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013.02.11 17:09:18 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2013.02.11 17:09:18 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll
[2013.02.11 17:09:18 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013.02.11 17:09:17 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013.02.11 16:10:14 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013.02.11 16:10:08 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2013.02.11 16:10:07 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2013.02.11 15:44:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2013.02.11 15:44:43 | 004,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2013.02.11 15:44:43 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013.02.11 15:43:34 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2013.02.11 15:43:34 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2013.02.11 15:43:33 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2013.02.11 15:43:33 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2013.02.11 15:43:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2013.02.11 15:43:30 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2013.02.11 15:43:28 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2013.02.11 15:43:27 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2013.02.11 15:41:57 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2013.02.11 15:40:13 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2013.02.11 15:36:07 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2013.02.11 15:35:13 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2013.02.11 15:33:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2013.02.11 15:32:34 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.02.11 15:32:32 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2013.02.11 15:32:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2013.02.11 15:30:49 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2013.02.11 15:29:27 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013.02.11 15:29:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2013.02.11 15:29:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2013.02.11 15:29:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2013.02.11 15:29:08 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2013.02.10 20:22:26 | 000,232,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.02.10 10:23:27 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Roaming\Mozilla
[2013.02.10 10:23:27 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Local\Mozilla
[2013.02.10 10:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.10 09:50:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3192C226-BD81-479F-822D-6CF72EE1AB45}
[2013.02.10 09:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Kabel Deutschland
[2013.02.10 09:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kabel Deutschland
[2013.02.10 09:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\mquadr.at
[2013.02.10 09:47:55 | 000,000,000 | ---D | C] -- C:\Users\BUDA\AppData\Local\PackageAware
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.16 20:25:02 | 000,000,280 | ---- | M] () -- C:\Users\BUDA\Desktop\OTL - Verknüpfung.lnk
[2013.02.16 19:51:51 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.16 19:51:51 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.16 19:41:33 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5CDEEC43-AD70-4717-8A64-53F46756EE77}.job
[2013.02.16 18:56:45 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.16 18:56:45 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.16 18:56:45 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.16 18:56:45 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.16 18:55:20 | 000,000,301 | ---- | M] () -- C:\Users\BUDA\Desktop\l97e9c9m - Verknüpfung.lnk
[2013.02.16 18:51:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.16 18:51:34 | 937,541,632 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.14 22:27:44 | 022,396,928 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2013.02.14 22:27:43 | 000,049,152 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2013.02.14 22:27:43 | 000,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2013.02.14 20:56:38 | 000,394,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.11 17:54:36 | 003,502,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.11 17:54:34 | 003,468,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.11 17:36:01 | 000,374,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2013.02.11 17:34:19 | 000,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2013.02.11 17:34:19 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2013.02.11 17:31:02 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.02.11 17:31:02 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.02.11 17:29:19 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2013.02.11 17:27:48 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2013.02.11 17:26:22 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2013.02.11 17:24:55 | 000,356,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2013.02.11 17:23:30 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2013.02.11 17:23:29 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2013.02.11 17:23:29 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2013.02.11 17:23:29 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2013.02.11 17:15:07 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.02.11 17:12:30 | 000,109,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013.02.11 17:12:30 | 000,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2013.02.11 17:11:12 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013.02.11 17:09:18 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2013.02.11 17:09:18 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll
[2013.02.11 17:09:18 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013.02.11 17:09:17 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013.02.11 16:10:14 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013.02.11 16:10:08 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2013.02.11 16:10:07 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2013.02.11 15:44:49 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2013.02.11 15:44:43 | 004,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2013.02.11 15:44:43 | 001,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013.02.11 15:43:35 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2013.02.11 15:43:34 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2013.02.11 15:43:33 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2013.02.11 15:43:33 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2013.02.11 15:43:33 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2013.02.11 15:43:30 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2013.02.11 15:43:29 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2013.02.11 15:43:28 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2013.02.11 15:41:57 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2013.02.11 15:40:14 | 001,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2013.02.11 15:36:07 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2013.02.11 15:35:13 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2013.02.11 15:33:35 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2013.02.11 15:32:32 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2013.02.11 15:32:32 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2013.02.11 15:30:49 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2013.02.11 15:29:28 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013.02.11 15:29:21 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2013.02.11 15:29:20 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2013.02.11 15:29:08 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.16 20:25:02 | 000,000,280 | ---- | C] () -- C:\Users\BUDA\Desktop\OTL - Verknüpfung.lnk
[2013.02.16 18:55:20 | 000,000,301 | ---- | C] () -- C:\Users\BUDA\Desktop\l97e9c9m - Verknüpfung.lnk
[2013.02.16 16:49:55 | 937,541,632 | -HS- | C] () -- C:\hiberfil.sys
[2013.02.11 16:16:35 | 000,049,152 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2013.02.11 16:16:35 | 000,016,384 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2013.02.11 16:16:34 | 022,396,928 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2013.02.10 10:23:11 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2008.01.25 18:05:54 | 004,448,986 | ---- | C] () -- C:\Users\BUDA\images.zip
[2008.01.22 17:04:22 | 000,000,680 | ---- | C] () -- C:\Users\BUDA\AppData\Local\d3d9caps.dat
[2007.12.21 15:24:01 | 000,013,574 | ---- | C] () -- C:\Users\BUDA\AppData\Roaming\wklnhst.dat
[2007.07.25 22:51:56 | 000,036,864 | ---- | C] () -- C:\Users\BUDA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2618493930-3193780919-2297282783-1000\$85afa5f3bf7d7e37b90ac9a7f69dbcba\n. -- File not found
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.11 17:16:39 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\$Recycle.Bin\S-1-5-18\$85afa5f3bf7d7e37b90ac9a7f69dbcba\n. -- File not found
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

--- --- ---
EXTRAOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 16.02.2013 20:26:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16473)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
893,50 Mb Total Physical Memory | 264,10 Mb Available Physical Memory | 29,56% Memory free
2,00 Gb Paging File | 1,11 Gb Available in Paging File | 55,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,67 Gb Total Space | 36,32 Gb Free Space | 52,90% Space Free | Partition Type: NTFS
Drive D: | 5,86 Gb Total Space | 2,65 Gb Free Space | 45,22% Space Free | Partition Type: NTFS
Drive F: | 991,22 Mb Total Space | 976,13 Mb Free Space | 98,48% Space Free | Partition Type: FAT
 
Computer Name: BUDA-PC | User Name: BUDA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}" = REALTEK RTL8187 Wireless LAN Driver
"{08976F97-548A-4084-B6D4-0F0D766365C4}" = Kartendesigner für Visitenkarten 2
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{293C9DF5-7669-4826-BBB2-E1F182D71031}" = Nero 7 Essentials
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}" = Ulead COOL 360 1.0
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7A92A322-1A10-4153-B551-D547AA9B4649}" = Die Legende von Kongo King
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{917E3E34-0EBD-421A-8DEA-C0AE8E1677C7}" = Symantec Real Time Storage Protection Component
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B729B3C1-55A9-45FB-B7AD-D6A42DA8C883}" = Hotkey_Driver
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD5B65F7-7CA5-4DE4-AEE7-7E8F26BF78F5}" = OpenOffice.org 2.3
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EAC2DDAB-5035-44EE-AA13-65D40CF46FF1}" = Kabel Deutschland Installations-Software
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F385F486-C1BC-4350-8837-6F17761134B5}" = Multimedia Keyboard Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Amiga Classix 3" = Amiga Classix 3
"Aral Software Rahmenprogramm" = Aral Software Rahmenprogramm
"BeachVolleyball" = Beach Volleyball (remove only)
"Blocktality" = Blocktality
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"Digital Camera Driver" = Digital Camera Driver
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Jetfighter 5_is1" = Jetfighter 5
"Kabel Deutschland Installations-Software" = Kabel Deutschland Installations-Software
"Lexmark 1200 Series" = Lexmark 1200 Series
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Santa Claus in Trouble" = Santa Claus in Trouble
"Sid Meier's Railroad Tycoon" = Sid Meier's Railroad Tycoon
"Sigel BusinessCardSoftware" = Sigel BusinessCardSoftware
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ultimate Motorcross" = Ultimate Motorcross 1.0
"VIA Chrome9 HC IGP Windows Vista Display" = VIA Display Vista Driver 15.31.09.01
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.02.2013 16:19:33 | Computer Name = BUDA-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.02.2013 16:19:33 | Computer Name = BUDA-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.02.2013 16:34:10 | Computer Name = BUDA-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 15.02.2013 10:25:09 | Computer Name = BUDA-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6000.16771, Zeitstempel
 0x4907deda, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc0000420, Fehleroffset 0x000af1c9,  Prozess-ID 0x9b4, Anwendungsstartzeit
 01ce0b88386d8f1c.
 
Error - 16.02.2013 09:21:34 | Computer Name = BUDA-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 16.02.2013 09:53:07 | Computer Name = BUDA-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description = 
 
Error - 16.02.2013 11:48:36 | Computer Name = BUDA-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description = 
 
Error - 16.02.2013 11:50:57 | Computer Name = BUDA-PC | Source = VSS | ID = 12289
Description = 
 
Error - 16.02.2013 13:56:44 | Computer Name = BUDA-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 16.02.2013 14:02:44 | Computer Name = BUDA-PC | Source = Perflib | ID = 1008
Description = 
 
[ System Events ]
Error - 16.02.2013 12:27:19 | Computer Name = BUDA-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.02.2013 um 17:23:40 unerwartet heruntergefahren.
 
Error - 16.02.2013 13:52:00 | Computer Name = BUDA-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Lexmark 1200 Series (Kopie 2) 
nicht unter dem Namen Lexmark 1200 Series (Kopie 2) freigeben. Fehler: 2114. Der
 Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.
 
Error - 16.02.2013 13:52:00 | Computer Name = BUDA-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Lexmark 1200 Series (Kopie 1) 
nicht unter dem Namen Lexmark 1200 Series (Kopie 1) freigeben. Fehler: 2114. Der
 Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.
 
Error - 16.02.2013 13:52:00 | Computer Name = BUDA-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Lexmark 1200 Series nicht unter
 dem Namen Lexmark 1200 Series freigeben. Fehler: 2114. Der Drucker kann nicht von
 anderen Benutzern im Netzwerk verwendet werden.
 
Error - 16.02.2013 13:52:00 | Computer Name = BUDA-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker EPSON Stylus DX4400 Series nicht
 unter dem Namen EPSON Stylus DX4400 Series freigeben. Fehler: 2114. Der Drucker
 kann nicht von anderen Benutzern im Netzwerk verwendet werden.
 
Error - 16.02.2013 13:52:00 | Computer Name = BUDA-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker An OneNote 2007 senden nicht unter
 dem Namen An OneNote 2007 senden freigeben. Fehler: 2114. Der Drucker kann nicht
 von anderen Benutzern im Netzwerk verwendet werden.
 
Error - 16.02.2013 13:52:48 | Computer Name = BUDA-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.02.2013 13:52:48 | Computer Name = BUDA-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 16.02.2013 13:52:48 | Computer Name = BUDA-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 16.02.2013 13:52:48 | Computer Name = BUDA-PC | Source = Service Control Manager | ID = 7003
Description = 
 
 
< End of report >

--- --- ---

aharonov · 16.02.2013, 21:26

Hi,

Zitat:

Er funktioniert wieder.

Vorsicht, das täuscht! Du hast noch ein Rootkit drin.
Wir müssen weitermachen (die Tools immer auf den Desktop speichern und von dort starten!).

Schritt 1

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link.

WICHTIG: Speichere Combofix auf deinen Desktop.
Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 2

Starte bitte die OTL.exe.

Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von Combofix
Log von OTL

aharonov · 19.02.2013, 09:22

Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

Bei dir läuft immer noch das ZeroAccess-Rootkit!

aharonov · 20.02.2013, 08:11

Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

trojaner OTL.txt

Plagegeister aller Art und deren Bekämpfung: trojaner OTL.txt

trojaner OTL.txt

trojaner OTL.txt

trojaner OTL.txt

trojaner OTL.txt

trojaner OTL.txt

trojaner OTL.txt