Malwarebytes hat Schädling gefunden

fordpaule · 22.04.2011, 02:15

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6416

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

22.04.2011 03:03:01
mbam-log-2011-04-22 (03-03-01).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 166800
Laufzeit: 4 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Was soll ich jetzt machen?

M-K-D-B · 22.04.2011, 08:42

Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Bitte arbeite solange mit mir mit, bis ich dir sage, dass wir hier fertig sind.
Solltest du mir nicht innerhalb von 5 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Für Benutzer von Windows Vista und Windows 7 gilt: Alle Programme mit Rechtsklick "Als Administrator ausführen" starten.

Bitte lies dir folgende Themen durch:

Erstelle anschließend die gewünschten Logfiles. Ohne die entsprechenden Logfiles (OTL, etc.) kann und wird dir hier niemand helfen.

Vielen Dank für dein Verständnis.

fordpaule · 22.04.2011, 11:09

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.04.2011 11:57:50 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Jörg\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 262,31 Gb Total Space | 195,15 Gb Free Space | 74,40% Space Free | Partition Type: NTFS
Drive D: | 203,45 Gb Total Space | 199,17 Gb Free Space | 97,90% Space Free | Partition Type: NTFS
 
Computer Name: JM | User Name: Jörg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jörg\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\ProgramData\DatacardService\DCService.exe ()
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Jörg\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcp90.dll (Microsoft Corporation)
MOD - C:\Programme\Internet Explorer\ieproxy.dll (Microsoft Corporation)
MOD - C:\Programme\Norton 360\Engine\5.0.0.125\buShell.dll (Symantec Corporation)
MOD - C:\Programme\Norton 360\Engine\5.0.0.125\ccL100U.dll (Symantec Corporation)
MOD - C:\Programme\Norton 360\Engine\5.0.0.125\ccGEvt.dll (Symantec Corporation)
MOD - C:\Programme\Norton 360\Engine\5.0.0.125\ccIPC.dll (Symantec Corporation)
MOD - C:\Programme\Norton 360\Engine\5.0.0.125\ccVrTrst.dll (Symantec Corporation)
MOD - C:\Programme\Norton 360\Engine\5.0.0.125\ccSet.dll (Symantec Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Programme\Norton 360\Engine\5.0.0.125\EFACli.dll (Symantec Corporation)
MOD - C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (PCSUITEINSPECTORSVC) -- C:\Programme\MARKEMENT\PCSUITE INSPECTOR\inspectorsvc.exe (Markement)
SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe ()
SRV - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110419.001\BHDrvx86.sys (Symantec Corporation)
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110421.036\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110421.036\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110421.001\IDSvix86.sys (Symantec Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (SymNetS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS (Symantec Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0500000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (BTMUSB) -- C:\Windows\System32\drivers\btmusb.sys (Motorola, Inc.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (BTMCOM) -- C:\Windows\System32\drivers\btmcom.sys (Motorola, Inc.)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\Windows\System32\drivers\ssceserd.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (SipIMNDI) -- C:\Windows\System32\drivers\SipIMNDI.sys (T-Systems International GmbH)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (IvtBtBUs) -- C:\Windows\System32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.t-online.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 79 F8 D1 B6 88 CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {269FB356-C69F-7349-D092-AB28AF836D0E}:3.5.004
FF - prefs.js..extensions.enabledItems: {4a1a0a40-7d27-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {81514210-E22A-4e69-93D5-E1EFD45B4620}:0.3.10.01.23
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..network.proxy.http: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs_IM2_TEST&search="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.14 02:22:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.03.05 03:08:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.03.05 03:04:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.28 02:24:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.22 16:48:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.22 16:48:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.13\extensions\\Components: C:\Program Files\SeaMonkey\components [2011.03.27 00:38:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.13\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2011.03.27 00:38:24 | 000,000,000 | ---D | M]
 
[2011.02.14 18:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Extensions
[2011.02.14 18:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.12.30 04:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011.04.15 22:16:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions
[2010.03.26 22:52:50 | 000,000,000 | ---D | M] (Strata Aero) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}
[2011.01.13 03:04:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.03.11 17:31:31 | 000,000,000 | ---D | M] (MonoChrome) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{4a1a0a40-7d27-11dd-ad8b-0800200c9a66}
[2010.03.11 17:29:17 | 000,000,000 | ---D | M] (Past Modern) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}
[2011.03.22 16:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.06.04 16:03:47 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2010.03.26 22:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}\mozapps\extensions
[2011.03.22 16:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2010.06.04 16:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2011.04.22 00:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\SeaMonkey\Profiles\itaa7dxm.default\extensions
[2010.04.15 20:20:37 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Jörg\AppData\Roaming\mozilla\SeaMonkey\Profiles\itaa7dxm.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011.01.11 04:05:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jörg\AppData\Roaming\mozilla\SeaMonkey\Profiles\itaa7dxm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.21 23:52:39 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Jörg\AppData\Roaming\mozilla\SeaMonkey\Profiles\itaa7dxm.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2010.08.25 21:37:15 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\Jörg\AppData\Roaming\mozilla\SeaMonkey\Profiles\itaa7dxm.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2010.09.04 21:29:10 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\Jörg\AppData\Roaming\mozilla\SeaMonkey\Profiles\itaa7dxm.default\extensions\inspector@mozilla.org
[2010.10.26 14:02:59 | 000,002,149 | ---- | M] () -- C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\6weu7do9.default\searchplugins\MyStart Search.xml
[2010.08.12 13:12:24 | 000,005,529 | ---- | M] () -- C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\6weu7do9.default\searchplugins\SearchquWebSearch.xml
[2011.03.21 17:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.02.18 11:41:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.02.18 11:41:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.05 03:04:09 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN
[2011.03.05 03:08:04 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
File not found (No name found) -- C:\USERS\JÃ¶RG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6WEU7DO9.DEFAULT\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}
File not found (No name found) -- C:\USERS\JÃ¶RG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6WEU7DO9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
File not found (No name found) -- C:\USERS\JÃ¶RG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6WEU7DO9.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}
File not found (No name found) -- C:\USERS\JÃ¶RG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6WEU7DO9.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
File not found (No name found) -- C:\USERS\JÃ¶RG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6WEU7DO9.DEFAULT\EXTENSIONS\SEARCHDICTCC@ROUGHAEL.XPI
[2011.03.22 16:48:45 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.02.18 11:41:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.09.09 15:15:38 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2011.03.22 16:48:48 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.22 16:48:48 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2011.03.22 16:48:48 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.22 16:48:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.12 13:12:24 | 000,005,529 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
[2011.03.22 16:48:48 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.22 16:48:48 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.08 21:23:39 | 000,000,825 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27 - HKLM IFEO\amcap.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\burningstudioelements.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\fixitcenter.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\googleearth.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\nvcplui.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\pcsuite_inspector.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\setup.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\unins000.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b8cc613c-311f-11e0-bc6b-001d6012fcdd}\Shell - "" = AutoRun
O33 - MountPoints2\{b8cc613c-311f-11e0-bc6b-001d6012fcdd}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b8cc6157-311f-11e0-bc6b-001d6012fcdd}\Shell - "" = AutoRun
O33 - MountPoints2\{b8cc6157-311f-11e0-bc6b-001d6012fcdd}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: IncrediMail - hkey= - key= - C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - State: "startup" - 2

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.22 11:56:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.22 11:55:41 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.22 11:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.22 11:45:05 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Jörg\Desktop\Erunt-setup.exe
[2011.04.22 11:45:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jörg\Desktop\OTL.exe
[2011.04.22 11:45:05 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jörg\Desktop\TFC.exe
[2011.04.21 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{A79DD301-D68D-44A0-849C-3F99D8ABC249}
[2011.04.21 03:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus
[2011.04.21 03:23:09 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft IntelliPoint
[2011.04.21 03:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Tastatur
[2011.04.21 03:10:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft IntelliType Pro
[2011.04.19 00:25:01 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{5BE996B2-BB92-4C88-B8F7-08A8975FD14B}
[2011.04.18 14:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.04.15 22:07:45 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{629CCDF1-600E-46BF-8D9A-5C3ADA9CB301}
[2011.04.12 22:20:41 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{86C6DA72-1B4C-406F-BB8F-CE5C60F374E7}
[2011.04.12 19:22:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011.04.12 19:22:44 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2011.04.12 19:22:44 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2011.04.12 19:22:41 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2011.04.12 19:22:41 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2011.04.12 19:22:41 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2011.04.12 19:22:41 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2011.04.12 19:22:41 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2011.04.12 19:22:41 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2011.04.12 19:22:38 | 001,730,112 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2011.04.12 18:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.04.12 18:24:57 | 000,000,000 | ---D | C] -- C:\Programme\AMD APP
[2011.04.12 18:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.04.12 11:57:47 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.04.12 11:57:47 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.04.11 03:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeGamePick.com
[2011.04.07 18:08:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\sda
[2011.04.07 18:04:36 | 000,357,720 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32H.dll
[2011.04.07 18:04:36 | 000,076,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32H.dll
[2011.04.07 18:04:36 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32H.dll
[2011.04.07 18:04:35 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RH3DHT32.dll
[2011.04.07 18:04:35 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RH3DAA32.dll
[2011.04.07 18:04:35 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32H.dll
[2011.04.07 17:01:50 | 000,000,000 | ---D | C] -- C:\Users\Jörg\Documents\DriverGenius
[2011.04.06 22:15:48 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{49F0188F-BB00-453E-B349-82F1B504DB9C}
[2011.04.06 01:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\formatpart
[2011.04.05 22:36:13 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{47768BA3-7E0C-4179-9D35-1C3F64EC06A5}
[2011.04.05 22:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\redistpart
[2011.04.05 15:49:35 | 000,000,000 | ---D | C] -- C:\Programme\EASEUS
[2011.04.05 14:32:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.04.05 13:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Paragon
[2011.04.04 22:46:59 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{255A62BA-5B9F-417D-8DBF-74AB7C1A056D}
[2011.03.27 20:23:15 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{307C039E-5942-4EFD-8F80-E920C6665DA3}
[2011.03.26 20:16:32 | 000,000,000 | ---D | C] -- C:\archive_db
[2011.03.26 20:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\createpart
[2011.03.26 18:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2011.03.26 18:26:18 | 000,000,000 | ---D | C] -- C:\Programme\Ashampoo
[2011.03.26 17:46:46 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\openBVE
[2011.03.26 17:45:05 | 000,000,000 | ---D | C] -- C:\Users\Jörg\Neuer Ordner
[2011.03.26 17:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Festplatten Manager™ 2011 Kompakt
[2011.03.26 17:08:23 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{5B6C1904-2120-4661-B562-7AECF6CA046E}
[1 C:\Users\Jörg\AppData\Local\*.tmp files -> C:\Users\Jörg\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.22 11:45:57 | 000,301,568 | ---- | M] () -- C:\Users\Jörg\Desktop\g2m3e4r.exe
[2011.04.22 11:45:50 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Jörg\Desktop\Erunt-setup.exe
[2011.04.22 11:45:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jörg\Desktop\TFC.exe
[2011.04.22 11:45:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jörg\Desktop\OTL.exe
[2011.04.22 11:43:14 | 000,377,260 | ---- | M] () -- C:\Users\Jörg\Desktop\Load.exe
[2011.04.22 11:10:16 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 11:10:16 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 11:06:23 | 000,002,689 | ---- | M] () -- C:\Users\Jörg\Desktop\Microsoft-Maus.lnk
[2011.04.22 11:02:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.22 11:02:27 | 2817,433,600 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.22 03:00:17 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.22 03:00:17 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.22 03:00:17 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.22 03:00:17 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.21 12:30:47 | 000,305,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.21 03:29:29 | 000,002,971 | ---- | M] () -- C:\Users\Jörg\Desktop\Microsoft-Tastatur.lnk
[2011.04.20 23:25:09 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.20 23:25:09 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.18 14:26:56 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.04.15 13:03:55 | 000,245,293 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011.04.12 11:57:45 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.04.07 11:50:13 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-561928940-1091444881-3976653915-1000UA.job
[2011.04.07 11:50:13 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-561928940-1091444881-3976653915-1000Core.job
[2011.04.06 02:12:13 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2011.04.05 09:35:24 | 000,002,410 | ---- | M] () -- C:\Users\Jörg\Desktop\Paragon Festplatten Manager™.lnk
[2011.03.30 19:50:20 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.03.30 19:45:40 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.03.30 19:45:32 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.03.26 17:46:49 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[1 C:\Users\Jörg\AppData\Local\*.tmp files -> C:\Users\Jörg\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.22 11:45:25 | 000,301,568 | ---- | C] () -- C:\Users\Jörg\Desktop\g2m3e4r.exe
[2011.04.22 11:43:08 | 000,377,260 | ---- | C] () -- C:\Users\Jörg\Desktop\Load.exe
[2011.04.22 11:06:23 | 000,002,689 | ---- | C] () -- C:\Users\Jörg\Desktop\Microsoft-Maus.lnk
[2011.04.21 03:29:29 | 000,002,971 | ---- | C] () -- C:\Users\Jörg\Desktop\Microsoft-Tastatur.lnk
[2011.04.18 14:26:56 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.04.15 13:02:48 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011.04.06 02:12:13 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2011.04.05 09:35:24 | 000,002,410 | ---- | C] () -- C:\Users\Jörg\Desktop\Paragon Festplatten Manager™.lnk
[2011.03.21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.02.14 18:03:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.07 17:36:47 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.02.02 00:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.01.18 15:55:52 | 000,019,456 | ---- | C] () -- C:\Users\Jörg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.13 05:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.01.12 18:26:11 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.01.04 17:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.04 17:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.04 17:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.04 17:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.04 17:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.12.24 05:13:43 | 000,224,180 | ---- | C] () -- C:\Windows\hpoins16.dat
[2010.12.24 05:13:43 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat
[2010.10.10 15:27:09 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.10.10 15:27:09 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.10.08 04:08:07 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.10.08 04:07:58 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.10.08 04:07:54 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.09.05 14:26:15 | 000,000,130 | ---- | C] () -- C:\Windows\tropical_beaches1.ini
[2010.09.05 14:24:20 | 000,000,091 | ---- | C] () -- C:\Windows\System32\nfsHDWaterfall03.ini
[2010.09.05 14:21:44 | 000,001,760 | ---- | C] () -- C:\Windows\unins002.dat
[2010.08.29 16:23:08 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010.08.29 16:23:08 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.07.03 02:40:38 | 000,000,130 | ---- | C] () -- C:\Windows\waterscenes1.ini
[2010.07.03 02:39:58 | 000,001,694 | ---- | C] () -- C:\Windows\unins001.dat
[2010.07.03 02:38:27 | 000,000,186 | ---- | C] () -- C:\Windows\waterscenes2.ini
[2010.07.03 02:37:22 | 000,001,730 | ---- | C] () -- C:\Windows\unins000.dat
[2010.01.25 12:24:16 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2010.01.14 02:21:32 | 000,023,686 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.01.08 16:54:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.01.08 16:48:26 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.12.31 16:33:05 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2009.12.31 00:49:42 | 000,245,293 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009.12.31 00:49:42 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009.12.30 13:26:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Super Strings
[2009.12.30 13:26:28 | 000,000,268 | RH-- | C] () -- C:\Users\Jörg\AppData\Roaming\Stingers
[2009.12.30 13:26:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLds.DAT
[2009.12.29 19:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 10:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,305,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.12.07 12:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008.08.21 03:36:01 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.03.06 02:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2006.11.02 10:27:46 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
 
========== LOP Check ==========
 
[2010.03.26 22:32:39 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\AntiBrowserSpy 2009
[2009.12.31 04:22:36 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Ashampoo
[2010.08.24 17:26:53 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Bump Technologies, Inc
[2010.08.11 21:17:11 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2010.01.08 18:56:09 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Engelmann Media
[2011.02.26 12:36:01 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\GlarySoft
[2010.04.20 02:15:05 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\gtk-2.0
[2011.01.27 15:18:02 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\ICQ
[2011.01.18 16:40:22 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\LogoMaker
[2010.03.19 03:02:44 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\MessengerGadget
[2010.04.08 09:42:38 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Nikon
[2009.12.30 15:17:34 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\OpenOffice.org
[2009.12.30 04:30:02 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Opera
[2010.10.10 15:32:55 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\PC Suite
[2010.10.13 00:07:01 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Samsung
[2010.01.03 15:49:09 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Skip-Bo
[2011.02.14 18:03:49 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Thunderbird
[2010.03.19 17:29:16 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Tific
[2011.01.09 11:24:17 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\TuneUp Software
[2010.09.06 09:49:06 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Uniblue
[2010.04.21 21:58:42 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\UNOUndercover
[2011.04.11 15:06:25 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\URSE Games
[2010.01.21 15:44:31 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\WinBatch
[2010.05.01 12:43:15 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Zylom
[2011.03.07 17:45:36 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.04.12 18:23:56 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.04.15 17:44:59 | 000,000,000 | ---D | M] -- C:\$UPGRADE.~OS
[2011.03.26 20:16:32 | 000,000,000 | ---D | M] -- C:\archive_db
[2008.12.28 00:21:43 | 000,000,000 | ---D | M] -- C:\ATI
[2011.02.23 22:46:32 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.04.21 03:23:38 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.12.25 21:13:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.01.25 03:12:44 | 000,000,000 | ---D | M] -- C:\Games
[2008.12.25 21:43:59 | 000,000,000 | -H-D | M] -- C:\hp
[2010.05.25 13:23:11 | 000,000,000 | ---D | M] -- C:\My Music
[2010.01.03 19:00:05 | 000,000,000 | ---D | M] -- C:\N360_BACKUP
[2011.02.06 18:14:54 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2010.08.12 16:18:42 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.04.22 11:55:41 | 000,000,000 | R--D | M] -- C:\Programme
[2011.04.12 18:24:59 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.12.25 21:13:13 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.12.29 20:24:44 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.04.22 11:02:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.04.15 19:02:04 | 000,000,000 | ---D | M] -- C:\Temp
[2010.11.27 17:02:07 | 000,000,000 | R--D | M] -- C:\Users
[2011.04.22 11:56:25 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-21 01:24:55

< End of report >

--- --- ---

M-K-D-B · 22.04.2011, 12:33

Hallo fordpaule,

Schritt # 1: Registry Cleaner
Ich sehe, dass Du sogenannte Registry Cleaner am System hast.
In deinem Fall TuneUp Utilities 2011.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.

Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.

Schritt # 2: Fragen beantworten
Bitte beantworte mir folgende Fragen:

Warum lässt du OTL schon das zweite Mal laufen?

Zitat:

OTL logfile created on: 22.04.2011 11:57:50 - Run 2
Du hast dir Load.exe auf deinen Rechner geladen. Warum postest du dann nicht gleich ALLE Logfiles?

Das werden wir jetzt nachholen müssen.

Schritt # 3: Systemscan mit OTL

Starte bitte OTL.exe.
Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt # 4: GMER Rootkitscan
Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan den Rechner neu starten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Schritt # 5: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

eine Rückmeldung bezüglich TuneUp Utilities 2011,
die Beantwortung der gestellten Fragen,
die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt) und
das Logfile von GMER.

fordpaule · 22.04.2011, 16:51

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 22.04.2011 17:46:20 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Jörg\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 262,31 Gb Total Space | 195,15 Gb Free Space | 74,40% Space Free | Partition Type: NTFS
Drive D: | 203,45 Gb Total Space | 199,17 Gb Free Space | 97,90% Space Free | Partition Type: NTFS
 
Computer Name: JM | User Name: Jörg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{080E275F-67BF-6E44-10A5-6B25BD0C73E6}" = ccc-utility
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23D4A873-14FF-474E-0001-6529DDC11226}" = CDRWIN 8
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{29258311-EA49-11DE-967C-005056C00008}" = Paragon Festplatten Manager™ 2011 Kompakt
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44A3BDE7-E797-4FBC-8FBD-DE5E68AB4D26}" = Fischer Weltalmanach und Atlas 2010
"{4944DAC1-2923-4D8E-908A-D08E2998ADBE}" = Trust Webcam Live 
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67E0C987-AAC3-E5A2-B32D-1BE48BC297E1}" = ATI Catalyst Install Manager
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69606296-D891-72A8-8E38-FB505C78178D}" = AMD Drag and Drop Transcoding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7596C248-4816-4C6F-8AAC-D8C81F2B4B49}" = HD View
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F4BDCF6-8E71-4675-859F-274D4541DDF8}" = Internet Explorer
"{8004E5FD-A3A1-F723-EDAF-D5808A756DDC}" = Catalyst Control Center Graphics Previews Common
"{8232F780-08F1-4894-AA3E-76529901E391}" = PS_SF_02_Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C06EE31-AE51-4589-B53F-1406F6BBA229}" = F.E.A.R. Ultimate Shooter Edition - F.E.A.R. 2
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FD4407C-A901-092A-EB3C-602B52C361DC}" = Catalyst Control Center
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96056420-DDF3-46A7-AA8D-BC2D1AE5290B}" = Microsoft IntelliType Pro 8.1
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A6F4E4F-9FAB-78A2-020B-3DAED3B2E0E1}" = AMD Fuel
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek PCI Fast Ethernet Controller Driver For Vista and Win7
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BB751CFD-8BCE-9754-ACBE-D6EFDC69C937}" = WMV9/VC-1 Video Playback
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C24B0741-A616-6C3F-F952-BAC0CE90761F}" = CCC Help English
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C64A995B-1A93-48CE-B93B-1EEDB096CBD7}" = PS_SF_02_Software_Min
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = Trust WB-1300N Webcam Live
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9FEF4B-B88C-45DE-B89A-42BEAE7D6601}" = SlimCleaner
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3DA07A4-2AB9-4226-83C5-E7948B179243}" = NetSchafkopf
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E60B8506-DDC7-433d-AF9E-999D0F543C4A}" = 2570_Help
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E9BECF5D-5BA8-950F-7757-17D825A37371}" = Catalyst Control Center InstallProxy
"{EA7FE7AB-34AE-4e14-84C5-187E6EC0AB9B}" = 2570
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F66D5732-C2A6-4f88-B8FE-AEDA10355FBD}" = 2570Trb
"{F69E48F2-94B0-4272-845C-5F21F2A9815F}" = HP Photosmart Printer Driver Software 13.0 Rel. 2
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Animated Tropical Beaches_is1" = Animated Tropical Beaches
"Animated Water Scenes 2_is1" = Animated Water Scenes 2
"Animated Water Scenes_is1" = Animated Water Scenes
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.4
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ERUNT_is1" = ERUNT 1.1j
"Free Billiards 2008_is1" = Free Billiards 2008
"Fun and Bullets_is1" = Fun and Bullets
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IncrediMail" = IncrediMail 2.0
"InstallShield_{44A3BDE7-E797-4FBC-8FBD-DE5E68AB4D26}" = Fischer Weltalmanach und Atlas 2010
"InstallShield_{4944DAC1-2923-4D8E-908A-D08E2998ADBE}" = Trust Webcam Live 
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Knippel Shareware" = Knippel Shareware
"LogoMaker_is1" = LogoMaker 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Mobile Partner" = Mobile Partner
"Motorola Bluetooth_is1" = Motorola Bluetooth
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"N360" = Norton 360
"nfsHDWaterfall03 New Free Screensaver_is1" = NewFreeScreensaver nfsHDWaterfall03
"Nikon FotoShare" = Nikon FotoShare
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Opera 11.01.1190" = Opera 11.01
"PCSUITE_INSPECTOR_PRO_is1" = PCSUITE INSPECTOR
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"POI FINDER (iGO My way 8)_is1" = POI FINDER 3.67 (iGO My way 8)
"RACE_is1" = RACE
"RealPlayer 12.0" = RealPlayer
"SeaMonkey (2.0.13)" = SeaMonkey (2.0.13)
"Secunia PSI" = Secunia PSI (2.0.0.1003)
"Shop for HP Supplies" = Shop for HP Supplies
"Skat! 2000" = Skat! 2000
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SKIP-BO Castaway Caper(TM)" = SKIP-BO Castaway Caper(TM)
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

fordpaule · 22.04.2011, 16:52

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.04.2011 17:46:20 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Jörg\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 262,31 Gb Total Space | 195,15 Gb Free Space | 74,40% Space Free | Partition Type: NTFS
Drive D: | 203,45 Gb Total Space | 199,17 Gb Free Space | 97,90% Space Free | Partition Type: NTFS
 
Computer Name: JM | User Name: Jörg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.22 11:45:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jörg\Desktop\OTL.exe
PRC - [2011.04.13 15:03:38 | 001,298,320 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\itype.exe
PRC - [2011.04.13 15:03:38 | 000,412,560 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2011.04.13 15:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.03.30 19:49:44 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.03.30 19:48:00 | 001,523,008 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.03.22 18:57:39 | 000,013,824 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.03.22 16:48:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.03.09 06:53:18 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.03.09 06:52:54 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.01.05 23:23:48 | 000,222,568 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.12.21 14:04:30 | 000,987,704 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2010.12.21 14:04:30 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2010.12.21 14:04:30 | 000,291,896 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2010.11.24 04:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\5.0.0.125\ccSvcHst.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.08.19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007.12.10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.22 11:45:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jörg\Desktop\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.03.30 19:48:00 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.03.30 19:45:32 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.03.09 06:52:54 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.03.09 01:05:28 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.01.05 23:23:48 | 000,222,568 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.12.24 06:01:12 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.12.21 14:04:30 | 000,987,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010.12.21 14:04:30 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.11.24 04:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe -- (N360)
SRV - [2010.11.16 02:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010.09.13 12:05:08 | 005,108,624 | ---- | M] (Markement) [Disabled | Stopped] -- C:\Programme\MARKEMENT\PCSUITE INSPECTOR\inspectorsvc.exe -- (PCSUITEINSPECTORSVC)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.07.26 19:33:52 | 003,512,072 | ---- | M] (Motorola, Inc.) [Disabled | Stopped] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV - [2010.07.16 15:07:54 | 000,508,680 | ---- | M] (Motorola, Inc.) [On_Demand | Stopped] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010.07.15 13:22:24 | 000,901,384 | ---- | M] (Motorola, Inc.) [Disabled | Stopped] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV - [2010.06.17 06:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2009.08.10 16:59:50 | 000,178,720 | ---- | M] () [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.08.10 16:59:48 | 000,387,616 | ---- | M] () [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.04.15 22:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110419.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011.04.12 13:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011.04.04 14:04:02 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110421.036\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.04.04 14:04:02 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110421.036\NAVENG.SYS -- (NAVENG)
DRV - [2011.03.14 20:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110421.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011.03.09 11:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.03.09 11:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.03.09 06:17:24 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.03.05 04:27:25 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.03.05 03:04:56 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.03.03 13:42:16 | 000,381,032 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011.03.03 13:42:16 | 000,040,824 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2011.03.03 13:42:14 | 000,057,112 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2011.01.05 23:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.12.01 07:24:00 | 000,295,032 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS -- (SymNetS)
DRV - [2010.11.23 18:33:00 | 000,263,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2010.11.23 06:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0500000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010.11.23 06:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.18 04:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010.11.17 14:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.11.16 03:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010.10.29 23:11:08 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.10.21 04:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS -- (SymDS)
DRV - [2010.10.07 14:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.08.31 19:09:00 | 000,208,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.08.12 14:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.08.12 13:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010.08.07 18:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.07.28 18:52:04 | 000,395,776 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmusb.sys -- (BTMUSB)
DRV - [2010.07.27 16:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.07.27 10:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.06.30 13:02:08 | 000,041,344 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmcom.sys -- (BTMCOM)
DRV - [2010.05.27 14:37:50 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010.04.27 04:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV - [2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2010.02.18 10:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.10.15 18:14:38 | 000,024,352 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SipIMNDI.sys -- (SipIMNDI)
DRV - [2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009.07.23 23:02:56 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.01.07 23:39:36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2008.12.07 12:44:54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008.02.13 14:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.t-online.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 79 F8 D1 B6 88 CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {269FB356-C69F-7349-D092-AB28AF836D0E}:3.5.004
FF - prefs.js..extensions.enabledItems: {4a1a0a40-7d27-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {81514210-E22A-4e69-93D5-E1EFD45B4620}:0.3.10.01.23
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..network.proxy.http: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs_IM2_TEST&search="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.14 02:22:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.03.05 03:08:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.03.05 03:04:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.28 02:24:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.22 16:48:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.22 16:48:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.13\extensions\\Components: C:\Program Files\SeaMonkey\components [2011.03.27 00:38:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.13\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2011.03.27 00:38:24 | 000,000,000 | ---D | M]
 
[2011.02.14 18:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Extensions
[2011.02.14 18:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.12.30 04:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011.04.15 22:16:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions
[2010.03.26 22:52:50 | 000,000,000 | ---D | M] (Strata Aero) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}
[2011.01.13 03:04:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.03.11 17:31:31 | 000,000,000 | ---D | M] (MonoChrome) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{4a1a0a40-7d27-11dd-ad8b-0800200c9a66}
[2010.03.11 17:29:17 | 000,000,000 | ---D | M] (Past Modern) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}
[2011.03.22 16:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.06.04 16:03:47 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2010.03.26 22:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}\mozapps\extensions
[2011.03.22 16:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2010.06.04 16:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\6weu7do9.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2011.04.22 00:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\SeaMonkey\Profiles\itaa7dxm.default\extensions
[2010.04.15 20:20:37 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Jörg\AppData\Roaming\mozilla\SeaMonkey\Profiles\itaa7dxm.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011.01.11 04:05:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jörg\AppData\Roaming\mozilla\SeaMonkey\Profiles\itaa7dxm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.21 23:52:39 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Jörg\AppData\Roaming\mozilla\SeaMonkey\Profiles\itaa7dxm.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2010.08.25 21:37:15 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\Jörg\AppData\Roaming\mozilla\SeaMonkey\Profiles\itaa7dxm.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2010.09.04 21:29:10 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\Jörg\AppData\Roaming\mozilla\SeaMonkey\Profiles\itaa7dxm.default\extensions\inspector@mozilla.org
[2010.10.26 14:02:59 | 000,002,149 | ---- | M] () -- C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\6weu7do9.default\searchplugins\MyStart Search.xml
[2010.08.12 13:12:24 | 000,005,529 | ---- | M] () -- C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\6weu7do9.default\searchplugins\SearchquWebSearch.xml
[2011.03.21 17:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.02.18 11:41:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.02.18 11:41:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.05 03:04:09 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN
[2011.03.05 03:08:04 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
File not found (No name found) -- C:\USERS\JÃ¶RG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6WEU7DO9.DEFAULT\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}
File not found (No name found) -- C:\USERS\JÃ¶RG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6WEU7DO9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
File not found (No name found) -- C:\USERS\JÃ¶RG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6WEU7DO9.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}
File not found (No name found) -- C:\USERS\JÃ¶RG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6WEU7DO9.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
File not found (No name found) -- C:\USERS\JÃ¶RG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6WEU7DO9.DEFAULT\EXTENSIONS\SEARCHDICTCC@ROUGHAEL.XPI
[2011.03.22 16:48:45 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.02.18 11:41:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.09.09 15:15:38 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2011.03.22 16:48:48 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.22 16:48:48 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2011.03.22 16:48:48 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.22 16:48:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.12 13:12:24 | 000,005,529 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
[2011.03.22 16:48:48 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.22 16:48:48 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.08 21:23:39 | 000,000,825 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27 - HKLM IFEO\amcap.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\burningstudioelements.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\fixitcenter.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\googleearth.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\nvcplui.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\pcsuite_inspector.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\setup.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\unins000.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b8cc613c-311f-11e0-bc6b-001d6012fcdd}\Shell - "" = AutoRun
O33 - MountPoints2\{b8cc613c-311f-11e0-bc6b-001d6012fcdd}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b8cc6157-311f-11e0-bc6b-001d6012fcdd}\Shell - "" = AutoRun
O33 - MountPoints2\{b8cc6157-311f-11e0-bc6b-001d6012fcdd}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.22 11:56:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.22 11:55:41 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.22 11:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.22 11:45:05 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Jörg\Desktop\Erunt-setup.exe
[2011.04.22 11:45:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jörg\Desktop\OTL.exe
[2011.04.22 11:45:05 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jörg\Desktop\TFC.exe
[2011.04.21 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{A79DD301-D68D-44A0-849C-3F99D8ABC249}
[2011.04.21 03:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus
[2011.04.21 03:23:09 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft IntelliPoint
[2011.04.21 03:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Tastatur
[2011.04.21 03:10:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft IntelliType Pro
[2011.04.19 00:25:01 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{5BE996B2-BB92-4C88-B8F7-08A8975FD14B}
[2011.04.18 14:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.04.15 22:07:45 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{629CCDF1-600E-46BF-8D9A-5C3ADA9CB301}
[2011.04.12 23:19:57 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.04.12 22:48:10 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.12 22:48:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.12 22:48:08 | 002,333,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.12 22:48:06 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.12 22:48:06 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.12 22:48:06 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.12 22:48:03 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011.04.12 22:20:41 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{86C6DA72-1B4C-406F-BB8F-CE5C60F374E7}
[2011.04.12 19:22:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011.04.12 19:22:44 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2011.04.12 19:22:44 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2011.04.12 19:22:43 | 001,084,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2011.04.12 19:22:42 | 004,105,832 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2011.04.12 19:22:42 | 002,160,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2011.04.12 19:22:42 | 000,485,992 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2011.04.12 19:22:42 | 000,070,248 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2011.04.12 19:22:41 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2011.04.12 19:22:41 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2011.04.12 19:22:41 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2011.04.12 19:22:41 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2011.04.12 19:22:41 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2011.04.12 19:22:41 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2011.04.12 19:22:38 | 001,730,112 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2011.04.12 19:22:37 | 000,175,200 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2011.04.12 19:22:37 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2011.04.12 18:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.04.12 18:24:57 | 000,000,000 | ---D | C] -- C:\Programme\AMD APP
[2011.04.12 18:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.04.12 13:01:38 | 000,045,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dc3d.sys
[2011.04.12 11:57:47 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.04.12 11:57:47 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.04.11 03:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeGamePick.com
[2011.04.08 23:02:10 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itpcoin815.dll
[2011.04.08 23:02:04 | 000,390,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipcoin815.dll
[2011.04.07 18:08:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\sda
[2011.04.07 18:08:16 | 009,888,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtsUStoricon.dll
[2011.04.07 18:08:16 | 000,313,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtsUStor.dll
[2011.04.07 18:08:16 | 000,197,224 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RtsUStor.sys
[2011.04.07 18:04:36 | 003,789,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkHDMI.dll
[2011.04.07 18:04:36 | 000,357,720 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32H.dll
[2011.04.07 18:04:36 | 000,263,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RtHDMIV.sys
[2011.04.07 18:04:36 | 000,076,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32H.dll
[2011.04.07 18:04:36 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32H.dll
[2011.04.07 18:04:35 | 001,974,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RHDMIExt.dll
[2011.04.07 18:04:35 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RH3DHT32.dll
[2011.04.07 18:04:35 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RH3DAA32.dll
[2011.04.07 18:04:35 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32H.dll
[2011.04.07 18:04:35 | 000,069,224 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RHCoInst.dll
[2011.04.07 17:01:50 | 000,000,000 | ---D | C] -- C:\Users\Jörg\Documents\DriverGenius
[2011.04.06 22:15:48 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{49F0188F-BB00-453E-B349-82F1B504DB9C}
[2011.04.06 01:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\formatpart
[2011.04.05 22:36:13 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{47768BA3-7E0C-4179-9D35-1C3F64EC06A5}
[2011.04.05 22:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\redistpart
[2011.04.05 15:49:35 | 000,000,000 | ---D | C] -- C:\Programme\EASEUS
[2011.04.05 14:32:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.04.05 13:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Paragon
[2011.04.04 22:46:59 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{255A62BA-5B9F-417D-8DBF-74AB7C1A056D}
[2011.03.27 20:23:15 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{307C039E-5942-4EFD-8F80-E920C6665DA3}
[2011.03.26 20:16:32 | 000,000,000 | ---D | C] -- C:\archive_db
[2011.03.26 20:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\createpart
[2011.03.26 18:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2011.03.26 18:26:18 | 000,000,000 | ---D | C] -- C:\Programme\Ashampoo
[2011.03.26 17:46:46 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\openBVE
[2011.03.26 17:45:05 | 000,000,000 | ---D | C] -- C:\Users\Jörg\Neuer Ordner
[2011.03.26 17:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Festplatten Manager™ 2011 Kompakt
[2011.03.26 17:08:23 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{5B6C1904-2120-4661-B562-7AECF6CA046E}
[1 C:\Users\Jörg\AppData\Local\*.tmp files -> C:\Users\Jörg\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.22 17:37:56 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 17:37:56 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 17:30:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.22 17:30:32 | 2817,433,600 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.22 11:45:57 | 000,301,568 | ---- | M] () -- C:\Users\Jörg\Desktop\g2m3e4r.exe
[2011.04.22 11:45:50 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Jörg\Desktop\Erunt-setup.exe
[2011.04.22 11:45:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jörg\Desktop\TFC.exe
[2011.04.22 11:45:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jörg\Desktop\OTL.exe
[2011.04.22 11:43:14 | 000,377,260 | ---- | M] () -- C:\Users\Jörg\Desktop\Load.exe
[2011.04.22 11:06:23 | 000,002,689 | ---- | M] () -- C:\Users\Jörg\Desktop\Microsoft-Maus.lnk
[2011.04.22 03:00:17 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.22 03:00:17 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.22 03:00:17 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.22 03:00:17 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.21 12:30:47 | 000,305,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.21 03:29:29 | 000,002,971 | ---- | M] () -- C:\Users\Jörg\Desktop\Microsoft-Tastatur.lnk
[2011.04.20 23:25:09 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.20 23:25:09 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.18 14:26:56 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.04.15 13:03:55 | 000,245,293 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011.04.12 13:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dc3d.sys
[2011.04.12 11:57:45 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.04.08 23:02:10 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\itpcoin815.dll
[2011.04.08 23:02:04 | 000,390,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipcoin815.dll
[2011.04.07 11:50:13 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-561928940-1091444881-3976653915-1000UA.job
[2011.04.07 11:50:13 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-561928940-1091444881-3976653915-1000Core.job
[2011.04.06 02:12:13 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2011.04.05 09:35:24 | 000,002,410 | ---- | M] () -- C:\Users\Jörg\Desktop\Paragon Festplatten Manager™.lnk
[2011.03.31 16:49:14 | 004,105,832 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2011.03.31 16:49:14 | 002,160,744 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2011.03.30 19:50:20 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.03.30 19:45:40 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.03.30 19:45:32 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.03.26 17:46:49 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011.03.26 17:46:48 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011.03.24 16:03:18 | 000,070,248 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[1 C:\Users\Jörg\AppData\Local\*.tmp files -> C:\Users\Jörg\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.22 11:45:25 | 000,301,568 | ---- | C] () -- C:\Users\Jörg\Desktop\g2m3e4r.exe
[2011.04.22 11:43:08 | 000,377,260 | ---- | C] () -- C:\Users\Jörg\Desktop\Load.exe
[2011.04.22 11:06:23 | 000,002,689 | ---- | C] () -- C:\Users\Jörg\Desktop\Microsoft-Maus.lnk
[2011.04.21 03:29:29 | 000,002,971 | ---- | C] () -- C:\Users\Jörg\Desktop\Microsoft-Tastatur.lnk
[2011.04.18 14:26:56 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.04.15 13:02:48 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011.04.06 02:12:13 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2011.04.05 09:35:24 | 000,002,410 | ---- | C] () -- C:\Users\Jörg\Desktop\Paragon Festplatten Manager™.lnk
[2011.03.21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.02.14 18:03:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.07 17:36:47 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.02.02 00:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.01.18 15:55:52 | 000,019,456 | ---- | C] () -- C:\Users\Jörg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.13 05:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.01.12 18:26:11 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.01.04 17:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.04 17:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.04 17:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.04 17:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.04 17:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.12.24 05:13:43 | 000,224,180 | ---- | C] () -- C:\Windows\hpoins16.dat
[2010.12.24 05:13:43 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat
[2010.10.10 15:27:09 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.10.10 15:27:09 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.10.08 04:08:07 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.10.08 04:07:58 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.10.08 04:07:54 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.09.05 14:26:15 | 000,000,130 | ---- | C] () -- C:\Windows\tropical_beaches1.ini
[2010.09.05 14:24:20 | 000,000,091 | ---- | C] () -- C:\Windows\System32\nfsHDWaterfall03.ini
[2010.09.05 14:21:44 | 000,001,760 | ---- | C] () -- C:\Windows\unins002.dat
[2010.08.29 16:23:08 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010.08.29 16:23:08 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.07.03 02:40:38 | 000,000,130 | ---- | C] () -- C:\Windows\waterscenes1.ini
[2010.07.03 02:39:58 | 000,001,694 | ---- | C] () -- C:\Windows\unins001.dat
[2010.07.03 02:38:27 | 000,000,186 | ---- | C] () -- C:\Windows\waterscenes2.ini
[2010.07.03 02:37:22 | 000,001,730 | ---- | C] () -- C:\Windows\unins000.dat
[2010.01.25 12:24:16 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2010.01.14 02:21:32 | 000,023,686 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.01.08 16:54:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.01.08 16:48:26 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.12.31 16:33:05 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2009.12.31 00:49:42 | 000,245,293 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009.12.31 00:49:42 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009.12.30 13:26:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Super Strings
[2009.12.30 13:26:28 | 000,000,268 | RH-- | C] () -- C:\Users\Jörg\AppData\Roaming\Stingers
[2009.12.30 13:26:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLds.DAT
[2009.12.29 19:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 10:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,305,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.12.07 12:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008.08.21 03:36:01 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.03.06 02:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2006.11.02 10:27:46 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
 
========== LOP Check ==========
 
[2010.03.26 22:32:39 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\AntiBrowserSpy 2009
[2009.12.31 04:22:36 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Ashampoo
[2010.08.24 17:26:53 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Bump Technologies, Inc
[2010.08.11 21:17:11 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2010.01.08 18:56:09 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Engelmann Media
[2011.02.26 12:36:01 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\GlarySoft
[2010.04.20 02:15:05 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\gtk-2.0
[2011.01.27 15:18:02 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\ICQ
[2011.01.18 16:40:22 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\LogoMaker
[2010.03.19 03:02:44 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\MessengerGadget
[2010.04.08 09:42:38 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Nikon
[2009.12.30 15:17:34 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\OpenOffice.org
[2009.12.30 04:30:02 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Opera
[2010.10.10 15:32:55 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\PC Suite
[2010.10.13 00:07:01 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Samsung
[2010.01.03 15:49:09 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Skip-Bo
[2011.02.14 18:03:49 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Thunderbird
[2010.03.19 17:29:16 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Tific
[2011.01.09 11:24:17 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\TuneUp Software
[2010.09.06 09:49:06 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Uniblue
[2010.04.21 21:58:42 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\UNOUndercover
[2011.04.11 15:06:25 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\URSE Games
[2010.01.21 15:44:31 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\WinBatch
[2010.05.01 12:43:15 | 000,000,000 | ---D | M] -- C:\Users\Jörg\AppData\Roaming\Zylom
[2011.03.07 17:45:36 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

fordpaule · 22.04.2011, 17:03

Gmer läuft gerade. Hatte zuvor leider auf "OK" geklickt und er hatte sich geschlossen. Der letzte Scan hat ca. 5 Stunden gedauert, kann also dauern bis ich das Log poste...

Von TuneUp Utilities 2011 werde ich mich trennen. Aber das wird ja wohl kaum Schuld an diesem Hijacker sein.

fordpaule · 22.04.2011, 23:01

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-22 23:57:15
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000076 ST350063 rev.3.CH
Running: g2m3e4r.exe; Driver: C:\Users\JRG~1\AppData\Local\Temp\ugldypow.sys


---- System - GMER 1.0.15 ----

SSDT            C41B2F28                                                                                          ZwAlertResumeThread
SSDT            C3DE77A8                                                                                          ZwAlertThread
SSDT            C3FDB2F8                                                                                          ZwAllocateVirtualMemory
SSDT            C3C428F0                                                                                          ZwAlpcConnectPort
SSDT            C40E19F0                                                                                          ZwAssignProcessToJobObject
SSDT            C41B2C78                                                                                          ZwCreateMutant
SSDT            C40E1710                                                                                          ZwCreateSymbolicLinkObject
SSDT            C40C03F8                                                                                          ZwCreateThread
SSDT            C40E1800                                                                                          ZwCreateThreadEx
SSDT            C40E1AD0                                                                                          ZwDebugActiveProcess
SSDT            C3FDB4C8                                                                                          ZwDuplicateObject
SSDT            C3FDB118                                                                                          ZwFreeVirtualMemory
SSDT            C41B2D68                                                                                          ZwImpersonateAnonymousToken
SSDT            C41B2E48                                                                                          ZwImpersonateThread
SSDT            C3C36EC8                                                                                          ZwLoadDriver
SSDT            C3DE7D90                                                                                          ZwMapViewOfSection
SSDT            C41B2B98                                                                                          ZwOpenEvent
SSDT            C40C02E0                                                                                          ZwOpenProcess
SSDT            C3FDB3E8                                                                                          ZwOpenProcessToken
SSDT            C41B29D8                                                                                          ZwOpenSection
SSDT            C40C0210                                                                                          ZwOpenThread
SSDT            C40E1900                                                                                          ZwProtectVirtualMemory
SSDT            C3DE7888                                                                                          ZwResumeThread
SSDT            C3DE7B28                                                                                          ZwSetContextThread
SSDT            C3DE7C08                                                                                          ZwSetInformationProcess
SSDT            C40E1BB0                                                                                          ZwSetSystemInformation
SSDT            C41B2AB8                                                                                          ZwSuspendProcess
SSDT            C3DE7968                                                                                          ZwSuspendThread
SSDT            C40C04D8                                                                                          ZwTerminateProcess
SSDT            C3DE7A48                                                                                          ZwTerminateThread
SSDT            C3DE7CF8                                                                                          ZwUnmapViewOfSection
SSDT            C3FDB208                                                                                          ZwWriteVirtualMemory

INT 0x51        ?                                                                                                 C320EA58
INT 0x52        ?                                                                                                 C48F67D8
INT 0x62        ?                                                                                                 C320E058
INT 0x72        ?                                                                                                 C48F6CD8
INT 0x82        ?                                                                                                 C48F6058
INT 0x92        ?                                                                                                 C320E2D8
INT 0xA2        ?                                                                                                 C320E558
INT 0xB0        ?                                                                                                 C3C63CD8
INT 0xB1        ?                                                                                                 C320ECD8
INT 0xB2        ?                                                                                                 C320E7D8
INT 0xB3        ?                                                                                                 C48F6A58

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13C1                                                                     E3457339 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                            E3490D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10DB                                                               E3497DD0 8 Bytes  [28, 2F, 1B, C4, A8, 77, DE, ...] {SUB [EDI], CH; SBB EAX, ESP; TEST AL, 0x77; FADDP ST(3), ST}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                               E3497DE8 4 Bytes  [F8, B2, FD, C3] {CLC ; MOV DL, 0xfd; RET }
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                               E3497DF4 4 Bytes  [F0, 28, C4, C3]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                               E3497E48 4 Bytes  [F0, 19, 0E, C4]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                               E3497EC4 4 Bytes  [78, 2C, 1B, C4] {JS 0x2e; SBB EAX, ESP}
.text           ...                                                                                               
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                          section is writeable [0xD4608000, 0x388539, 0xE8000020]
PAGE            peauth.sys                                                                                        DDF71B9B 72 Bytes  JMP 58B47621 

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3164] ntdll.dll!DbgBreakPoint  770740F0 3 Bytes  [8B, 40, 30] {MOV EAX, [EAX+0x30]}

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000063                                                                 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00025b01123c                       
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00025b01123c@001dfe5094a3          0x33 0xE0 0x19 0x88 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00025b01123c@001fcd2f4f85          0x20 0xE8 0xD0 0x07 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00025b01123c@001fcd9a35b0          0x2D 0x51 0x86 0x94 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00025b01123c (not active ControlSet)   
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00025b01123c@001dfe5094a3              0x33 0xE0 0x19 0x88 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00025b01123c@001fcd2f4f85              0x20 0xE8 0xD0 0x07 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00025b01123c@001fcd9a35b0              0x2D 0x51 0x86 0x94 ...

---- EOF - GMER 1.0.15 ----

--- --- ---

fordpaule · 22.04.2011, 23:05

Diesmal hat der Scan mit GMER satte 6 Stunden gedauert. Wie gehts jetzt weiter?

M-K-D-B · 23.04.2011, 09:04

Hallo fordpaule,

so gehts weiter:

Schritt # 1: Benutzerdefinierter Scan mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

C:\Users\Jörg\AppData\Local\{A79DD301-D68D-44A0-849C-3F99D8ABC249} /S
C:\Users\Jörg\AppData\Local\{5BE996B2-BB92-4C88-B8F7-08A8975FD14B} /S
C:\Users\Jörg\AppData\Local\{629CCDF1-600E-46BF-8D9A-5C3ADA9CB301} /S
C:\Users\Jörg\AppData\Local\{86C6DA72-1B4C-406F-BB8F-CE5C60F374E7} /S
C:\Users\Jörg\AppData\Local\{49F0188F-BB00-453E-B349-82F1B504DB9C} /S
C:\Users\Jörg\AppData\Local\{47768BA3-7E0C-4179-9D35-1C3F64EC06A5} /S
C:\Users\Jörg\AppData\Local\{255A62BA-5B9F-417D-8DBF-74AB7C1A056D} /S
C:\Users\Jörg\AppData\Local\{307C039E-5942-4EFD-8F80-E920C6665DA3} /S
C:\Users\Jörg\AppData\Local\{5B6C1904-2120-4661-B562-7AECF6CA046E} /S

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Nichts und danach den Scan Button.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Schritt # 2: Scan mit MBRCheck
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes.

Schritt # 3: ComboFix ausführen

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

Schritt # 4: Fragen beantworten
Bitte beantworte mir folgende Fragen:

Wie läuft dein Rechner derzeit? Gibt es irgendwelche Probleme?

Schritt # 5: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile von OTL (OTL.txt),
das Logfile von MBRCheck,
das Logfile von ComboFix und
die Beantwortung der gestellten Fragen.

fordpaule · 23.04.2011, 14:01

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.04.2011 14:56:27 - Run 4
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Jörg\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 262,31 Gb Total Space | 193,66 Gb Free Space | 73,83% Space Free | Partition Type: NTFS
Drive D: | 203,45 Gb Total Space | 199,17 Gb Free Space | 97,90% Space Free | Partition Type: NTFS
 
Computer Name: JM | User Name: Jörg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========
 
 
< C:\Users\Jörg\AppData\Local\{A79DD301-D68D-44A0-849C-3F99D8ABC249} /S >
[1 C:\Users\Jörg\AppData\Local\*.tmp files -> C:\Users\Jörg\AppData\Local\*.tmp -> ]
 
< C:\Users\Jörg\AppData\Local\{5BE996B2-BB92-4C88-B8F7-08A8975FD14B} /S >
[1 C:\Users\Jörg\AppData\Local\*.tmp files -> C:\Users\Jörg\AppData\Local\*.tmp -> ]
 
< C:\Users\Jörg\AppData\Local\{629CCDF1-600E-46BF-8D9A-5C3ADA9CB301} /S >
[1 C:\Users\Jörg\AppData\Local\*.tmp files -> C:\Users\Jörg\AppData\Local\*.tmp -> ]
 
< C:\Users\Jörg\AppData\Local\{86C6DA72-1B4C-406F-BB8F-CE5C60F374E7} /S >
[1 C:\Users\Jörg\AppData\Local\*.tmp files -> C:\Users\Jörg\AppData\Local\*.tmp -> ]
 
< C:\Users\Jörg\AppData\Local\{49F0188F-BB00-453E-B349-82F1B504DB9C} /S >
[1 C:\Users\Jörg\AppData\Local\*.tmp files -> C:\Users\Jörg\AppData\Local\*.tmp -> ]
 
< C:\Users\Jörg\AppData\Local\{47768BA3-7E0C-4179-9D35-1C3F64EC06A5} /S >
[1 C:\Users\Jörg\AppData\Local\*.tmp files -> C:\Users\Jörg\AppData\Local\*.tmp -> ]
 
< C:\Users\Jörg\AppData\Local\{255A62BA-5B9F-417D-8DBF-74AB7C1A056D} /S >
[1 C:\Users\Jörg\AppData\Local\*.tmp files -> C:\Users\Jörg\AppData\Local\*.tmp -> ]
 
< C:\Users\Jörg\AppData\Local\{307C039E-5942-4EFD-8F80-E920C6665DA3} /S >
[1 C:\Users\Jörg\AppData\Local\*.tmp files -> C:\Users\Jörg\AppData\Local\*.tmp -> ]
 
< C:\Users\Jörg\AppData\Local\{5B6C1904-2120-4661-B562-7AECF6CA046E} /S >
[1 C:\Users\Jörg\AppData\Local\*.tmp files -> C:\Users\Jörg\AppData\Local\*.tmp -> ]
 
<           >

< End of report >

--- --- ---

fordpaule · 23.04.2011, 14:02

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: ASUSTek Computer INC.
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: GQ539AA-ABD a6217.de
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 213):
0xE341F000 \SystemRoot\system32\ntkrnlpa.exe
0xE3831000 \SystemRoot\system32\halmacpi.dll
0xE0BCE000 \SystemRoot\system32\kdcom.dll
0xC9C34000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0xC9C3F000 \SystemRoot\system32\PSHED.dll
0xC9C50000 \SystemRoot\system32\BOOTVID.dll
0xC9C58000 \SystemRoot\system32\CLFS.SYS
0xC9C9A000 \SystemRoot\system32\CI.dll
0xC9D45000 \SystemRoot\system32\drivers\Wdf01000.sys
0xC9DB6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0xC9E0E000 \SystemRoot\system32\drivers\ACPI.sys
0xC9E56000 \SystemRoot\system32\drivers\WMILIB.SYS
0xC9E5F000 \SystemRoot\system32\drivers\msisadrv.sys
0xC9E67000 \SystemRoot\system32\drivers\pci.sys
0xC9E91000 \SystemRoot\system32\drivers\vdrvroot.sys
0xC9E9C000 \SystemRoot\System32\drivers\partmgr.sys
0xC9EAD000 \SystemRoot\system32\drivers\volmgr.sys
0xC9EBD000 \SystemRoot\System32\drivers\volmgrx.sys
0xC9F08000 \SystemRoot\system32\drivers\pciide.sys
0xC9F0F000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0xC9F1D000 \SystemRoot\System32\drivers\mountmgr.sys
0xC9F33000 \SystemRoot\system32\drivers\atapi.sys
0xC9F3C000 \SystemRoot\system32\drivers\ataport.SYS
0xC9F5F000 \SystemRoot\system32\drivers\nvstor.sys
0xC9F84000 \SystemRoot\system32\drivers\storport.sys
0xC9DC4000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0xC9FCC000 \SystemRoot\system32\drivers\amdxata.sys
0xC9C00000 \SystemRoot\system32\drivers\fltmgr.sys
0xCA02C000 \SystemRoot\system32\drivers\N360\0500000.07D\SYMDS.SYS
0xCA083000 \SystemRoot\system32\drivers\fileinfo.sys
0xCA094000 \SystemRoot\system32\DRIVERS\Lbd.sys
0xCA0A3000 \SystemRoot\system32\drivers\N360\0500000.07D\SYMEFA.SYS
0xCA22A000 \SystemRoot\System32\Drivers\Ntfs.sys
0xCA359000 \SystemRoot\System32\Drivers\msrpc.sys
0xCA384000 \SystemRoot\System32\Drivers\ksecdd.sys
0xCA397000 \SystemRoot\System32\Drivers\cng.sys
0xCA200000 \SystemRoot\System32\drivers\pcw.sys
0xCA20E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0xCA147000 \SystemRoot\system32\drivers\ndis.sys
0xCA40A000 \SystemRoot\system32\drivers\NETIO.SYS
0xCA448000 \SystemRoot\System32\Drivers\ksecpkg.sys
0xCA46D000 \SystemRoot\System32\drivers\tcpip.sys
0xCA5B7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0xCA612000 \SystemRoot\system32\drivers\volsnap.sys
0xCA651000 \SystemRoot\System32\Drivers\spldr.sys
0xCA659000 \SystemRoot\System32\drivers\rdyboost.sys
0xCA686000 \SystemRoot\System32\Drivers\mup.sys
0xCA696000 \SystemRoot\System32\drivers\hwpolicy.sys
0xCA69E000 \SystemRoot\system32\DRIVERS\hotcore3.sys
0xCA6A3000 \SystemRoot\System32\DRIVERS\fvevol.sys
0xCA6D5000 \SystemRoot\system32\DRIVERS\disk.sys
0xCA6E6000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0xCA70B000 \SystemRoot\System32\Drivers\BtHidBus.sys
0xCA76E000 \SystemRoot\system32\drivers\cdrom.sys
0xD0618000 \SystemRoot\System32\Drivers\N360\0500000.07D\SRTSP.SYS
0xD069D000 \SystemRoot\system32\drivers\N360\0500000.07D\Ironx86.SYS
0xD06C1000 \SystemRoot\system32\drivers\N360\0500000.07D\SRTSPX.SYS
0xD06CC000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0xD278C000 \SystemRoot\System32\Drivers\Null.SYS
0xD2793000 \SystemRoot\System32\Drivers\Beep.SYS
0xD279A000 \SystemRoot\System32\drivers\vga.sys
0xD27A6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xD27C7000 \SystemRoot\System32\drivers\watchdog.sys
0xD27D4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xD27DC000 \SystemRoot\system32\drivers\rdpencdd.sys
0xD27E4000 \SystemRoot\system32\drivers\rdprefmp.sys
0xD27EC000 \SystemRoot\System32\Drivers\Msfs.SYS
0xD2600000 \SystemRoot\System32\Drivers\Npfs.SYS
0xD260E000 \SystemRoot\system32\DRIVERS\tdx.sys
0xD06F2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xD06FE000 \SystemRoot\system32\drivers\afd.sys
0xD0758000 \SystemRoot\System32\DRIVERS\netbt.sys
0xD27F7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0xD078A000 \SystemRoot\system32\DRIVERS\pacer.sys
0xD07A9000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0xD07BA000 \SystemRoot\system32\DRIVERS\netbios.sys
0xD07C8000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xD07CE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xCA78D000 \SystemRoot\System32\Drivers\Uim_IM.sys
0xD8606000 \SystemRoot\System32\Drivers\UimFIO.SYS
0xD863E000 \SystemRoot\system32\DRIVERS\UimBus.sys
0xD8646000 \SystemRoot\system32\drivers\termdd.sys
0xD8657000 \SystemRoot\system32\drivers\N360\0500000.07D\SYMNETS.SYS
0xD86A6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xD86E7000 \SystemRoot\system32\drivers\nsiproxy.sys
0xD86F1000 \SystemRoot\system32\drivers\mssmbios.sys
0xD86FB000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110421.001\IDSvix86.sys
0xD8756000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xD87B4000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xD87D1000 \SystemRoot\System32\drivers\discache.sys
0xD87DD000 \SystemRoot\System32\Drivers\dfsc.sys
0xD07E1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0xD9237000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110419.001\BHDrvx86.sys
0xD92FF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0xD9320000 \SystemRoot\system32\DRIVERS\amdk8.sys
0xD9332000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xD933C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xD9387000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xD9396000 \SystemRoot\system32\drivers\1394ohci.sys
0xD93C3000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xD93D2000 \SystemRoot\system32\drivers\HDAudBus.sys
0xD981B000 \SystemRoot\system32\DRIVERS\nvmf6232.sys
0xD9863000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xD9869000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0xD9A2A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0xD98A8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0xD995F000 \SystemRoot\System32\drivers\dxgmms1.sys
0xDA1D6000 \SystemRoot\system32\drivers\CompositeBus.sys
0xDA1E3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0xD9A00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xD9A18000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xD9998000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xD99BA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xD99D2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xD99E9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0xD9800000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xD980D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xD9A23000 \SystemRoot\system32\drivers\swenum.sys
0xD9200000 \SystemRoot\system32\drivers\ks.sys
0xD07EF000 \SystemRoot\system32\DRIVERS\amdiox86.sys
0xD93F1000 \SystemRoot\system32\drivers\umbus.sys
0xD0600000 \SystemRoot\system32\DRIVERS\ew_jubusenum.sys
0xDA622000 \SystemRoot\system32\drivers\usbhub.sys
0xDA666000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xDAE1B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0xDB168000 \SystemRoot\system32\drivers\portcls.sys
0xDB197000 \SystemRoot\system32\drivers\drmk.sys
0xDB1B0000 \SystemRoot\system32\drivers\RtHDMIV.sys
0xDB1EF000 \SystemRoot\System32\Drivers\crashdmp.sys
0xDAE00000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xDA677000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0xDAE0A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0xE4EA0000 \SystemRoot\System32\win32k.sys
0xDA6AE000 \SystemRoot\System32\drivers\Dxapi.sys
0xDA6B8000 \SystemRoot\system32\DRIVERS\PFC027.SYS
0xDA74F000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xDB1FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xDA75D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xDA774000 \SystemRoot\system32\DRIVERS\dc3d.sys
0xDA77E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xDA785000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xDA790000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xDA7A3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xDA7AF000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xDA7B3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xDA7BE000 \SystemRoot\system32\DRIVERS\point32.sys
0xDA7C7000 \SystemRoot\System32\Drivers\RtsUStor.sys
0xDA600000 \SystemRoot\system32\DRIVERS\monitor.sys
0xE5100000 \SystemRoot\System32\TSDDD.dll
0xE5130000 \SystemRoot\System32\cdd.dll
0xE5150000 \SystemRoot\System32\ATMFD.DLL
0xCA7E5000 \SystemRoot\system32\drivers\luafv.sys
0xCA70F000 \SystemRoot\system32\drivers\WudfPf.sys
0xDA60B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xCA729000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xE7808000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xE784E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xE785E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xE7871000 \SystemRoot\system32\drivers\HTTP.sys
0xE78F6000 \SystemRoot\system32\DRIVERS\bowser.sys
0xE790F000 \SystemRoot\System32\drivers\mpsdrv.sys
0xE7921000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xE7944000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xE797F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xE8E2C000 \SystemRoot\system32\drivers\peauth.sys
0xE8EC3000 \SystemRoot\System32\Drivers\secdrv.SYS
0xE8ECD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xE8EEE000 \SystemRoot\System32\drivers\tcpipreg.sys
0xE8EFB000 \SystemRoot\System32\DRIVERS\srv2.sys
0xE8F4B000 \SystemRoot\System32\DRIVERS\srv.sys
0xE8F9D000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
0xC648E000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xC6497000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110422.036\NAVEX15.SYS
0xC65EA000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110422.036\NAVENG.SYS
0x76EF0000 \Windows\System32\ntdll.dll
0x47E00000 \Windows\System32\smss.exe
0x77130000 \Windows\System32\apisetschema.dll
0x00620000 \Windows\System32\autochk.exe
0x77110000 \Windows\System32\lpk.dll
0x76D30000 \Windows\System32\iertutil.dll
0x77080000 \Windows\System32\clbcatq.dll
0x77030000 \Windows\System32\gdi32.dll
0x76D20000 \Windows\System32\nsi.dll
0x76BC0000 \Windows\System32\ole32.dll
0x76B60000 \Windows\System32\shlwapi.dll
0x76AC0000 \Windows\System32\usp10.dll
0x769E0000 \Windows\System32\kernel32.dll
0x76910000 \Windows\System32\msctf.dll
0x768B0000 \Windows\System32\difxapi.dll
0x76890000 \Windows\System32\imm32.dll
0x75C40000 \Windows\System32\shell32.dll
0x75B70000 \Windows\System32\user32.dll
0x75B50000 \Windows\System32\sechost.dll
0x75B10000 \Windows\System32\ws2_32.dll
0x75970000 \Windows\System32\setupapi.dll
0x758C0000 \Windows\System32\msvcrt.dll
0x758B0000 \Windows\System32\psapi.dll
0x75830000 \Windows\System32\comdlg32.dll
0x75710000 \Windows\System32\wininet.dll
0x75670000 \Windows\System32\advapi32.dll
0x75640000 \Windows\System32\imagehlp.dll
0x755F0000 \Windows\System32\Wldap32.dll
0x75540000 \Windows\System32\rpcrt4.dll
0x75430000 \Windows\System32\urlmon.dll
0x75420000 \Windows\System32\normaliz.dll
0x75390000 \Windows\System32\oleaut32.dll
0x75360000 \Windows\System32\cfgmgr32.dll
0x75310000 \Windows\System32\KernelBase.dll
0x752E0000 \Windows\System32\wintrust.dll
0x752C0000 \Windows\System32\devobj.dll
0x751A0000 \Windows\System32\crypt32.dll
0x75110000 \Windows\System32\comctl32.dll
0x75100000 \Windows\System32\msasn1.dll

Processes (total 60):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
440 csrss.exe
556 C:\Windows\System32\wininit.exe
564 csrss.exe
604 C:\Windows\System32\services.exe
644 C:\Windows\System32\winlogon.exe
656 C:\Windows\System32\lsass.exe
664 C:\Windows\System32\lsm.exe
784 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\atiesrxx.exe
988 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\atieclxx.exe
1320 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\svchost.exe
1572 C:\Windows\System32\spoolsv.exe
1700 C:\ProgramData\DatacardService\DCService.exe
1732 C:\Windows\System32\svchost.exe
1768 C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe
1812 C:\Windows\System32\svchost.exe
1844 C:\Windows\System32\svchost.exe
1876 C:\Windows\System32\PnkBstrA.exe
1928 C:\Program Files\Secunia\PSI\psia.exe
344 C:\Windows\System32\svchost.exe
848 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
1340 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2120 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2224 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2612 C:\Windows\System32\svchost.exe
2848 C:\Windows\System32\svchost.exe
3148 C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe
3204 C:\Windows\System32\taskhost.exe
3236 C:\Windows\System32\dwm.exe
3292 C:\Windows\explorer.exe
3384 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
3460 C:\ProgramData\DatacardService\DCSHelper.exe
3776 C:\Windows\PixArt\PAC207\Monitor.exe
3784 C:\Program Files\Microsoft IntelliType Pro\itype.exe
3796 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3808 C:\Program Files\Windows Sidebar\sidebar.exe
3816 C:\Program Files\Secunia\PSI\psi_tray.exe
3888 C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
4012 C:\Program Files\Secunia\PSI\sua.exe
2924 C:\Windows\System32\svchost.exe
3372 C:\Program Files\Windows Media Player\wmpnetwk.exe
1656 C:\Windows\System32\svchost.exe
4576 dllhost.exe
5636 C:\Windows\System32\svchost.exe
112 C:\Users\Jörg\Desktop\OTL.exe
4716 C:\Windows\System32\notepad.exe
5796 C:\Program Files\Mozilla Firefox\firefox.exe
2380 C:\Windows\System32\taskeng.exe
5508 C:\Users\Jörg\Downloads\MBRCheck.exe
4304 C:\Windows\System32\conhost.exe
2904 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000041`93e00000 (NTFS)

PhysicalDrive0 Model Number: ST3500630AS, Rev: 3.CH

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

fordpaule · 23.04.2011, 15:57

Der Rechner läuft absolut normal.

ComboFix habe ich jetzt zweimal laufen lassen, aber er hängt sich jedesmal komplett auf. Am Rechner geht dann auch nichts mehr und ich muss einen Kaltstart (Reset) machen. Sämtliche Spyware und Anitviren Programme waren abgeschaltet.

M-K-D-B · 23.04.2011, 16:47

Hallo fordpaule,

Schritt # 1: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
[2011.04.21 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{A79DD301-D68D-44A0-849C-3F99D8ABC249}
[2011.04.19 00:25:01 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{5BE996B2-BB92-4C88-B8F7-08A8975FD14B}
[2011.04.15 22:07:45 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{629CCDF1-600E-46BF-8D9A-5C3ADA9CB301}
[2011.04.12 22:20:41 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{86C6DA72-1B4C-406F-BB8F-CE5C60F374E7}
[2011.04.06 22:15:48 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{49F0188F-BB00-453E-B349-82F1B504DB9C}
[2011.04.05 22:36:13 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{47768BA3-7E0C-4179-9D35-1C3F64EC06A5}
[2011.04.04 22:46:59 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{255A62BA-5B9F-417D-8DBF-74AB7C1A056D}
[2011.03.27 20:23:15 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{307C039E-5942-4EFD-8F80-E920C6665DA3}
[2011.03.26 17:08:23 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\{5B6C1904-2120-4661-B562-7AECF6CA046E}

:Commands
[emptytemp]

Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt # 2: Fragen beantworten
Bitte beantworte mir folgende Fragen:

Friert dein Rechner gleich beim Start von ComboFix ein oder erst später an einer bestimmten Stelle?
Erscheint eine Fehlermeldung?
Bitte überprüfe, ob unter C:\ ein Logfile erstellt wurde. Wenn ja, poste dieses.

Schritt # 3: ESET Online Scanner
Bitte während des Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threads kein Haken gesetzt ist.
drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.

Schritt # 4: Systemscan mit OTL

Starte bitte OTL.exe.
Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt # 5: Durchführung einer Sicherheitskontrolle
Downloade Dir bitte SecurityCheck

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Wenn der Scan beendet wurde, sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.

Schritt # 6: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile des OTL-Fix,
die Beantwortung der gestellten Fragen,
das Logfile des ESET Online Scanners,
die beiden Logfiles von OTL (OTL.txt und Extras.txt) und
das Logfile von SecurityCheck.

fordpaule · 24.04.2011, 00:44

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Jörg\AppData\Local\{A79DD301-D68D-44A0-849C-3F99D8ABC249} folder moved successfully.
C:\Users\Jörg\AppData\Local\{5BE996B2-BB92-4C88-B8F7-08A8975FD14B} folder moved successfully.
C:\Users\Jörg\AppData\Local\{629CCDF1-600E-46BF-8D9A-5C3ADA9CB301} folder moved successfully.
C:\Users\Jörg\AppData\Local\{86C6DA72-1B4C-406F-BB8F-CE5C60F374E7} folder moved successfully.
C:\Users\Jörg\AppData\Local\{49F0188F-BB00-453E-B349-82F1B504DB9C} folder moved successfully.
C:\Users\Jörg\AppData\Local\{47768BA3-7E0C-4179-9D35-1C3F64EC06A5} folder moved successfully.
C:\Users\Jörg\AppData\Local\{255A62BA-5B9F-417D-8DBF-74AB7C1A056D} folder moved successfully.
C:\Users\Jörg\AppData\Local\{307C039E-5942-4EFD-8F80-E920C6665DA3} folder moved successfully.
C:\Users\Jörg\AppData\Local\{5B6C1904-2120-4661-B562-7AECF6CA046E} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jörg
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2805257 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45626513 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 615 bytes

User: J￶rg

User: Public

User: RG´SPC

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51526 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 46,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04242011_013730

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Malwarebytes hat Schädling gefunden

Log-Analyse und Auswertung: Malwarebytes hat Schädling gefunden