Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojan.BHO und anderes lustiges Zeugs

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.11.2011, 09:28   #1
ellacacau
 
Trojan.BHO und anderes lustiges Zeugs - Standard

Trojan.BHO und anderes lustiges Zeugs



Hallo,


Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8226
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
23.11.2011 20:50:58
mbam-log-2011-11-23 (20-50-58).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 188258
Laufzeit: 6 Minute(n), 51 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 16
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{647D5A4E-78B5-53ED-7E75-1940D1DFFEA4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2C86C605-6081-D104-96F7-F765C20B22F1} (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingAdsHelper.PornPro_BHO.1 (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingAdsHelper.PornPro_BHO (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{913E9215-EB81-7E43-76E6-FC26E50E264C} (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingAdsHelper.BrowserWatcher.1 (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingAdsHelper.BrowserWatcher (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AF56FD81-28A2-0159-4922-1211155898A9} (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingAdsHelper.PrecacheBrowserHost.1 (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingAdsHelper.PrecacheBrowserHost (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ShoppingAdsHelper.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingAdsHelper (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Foxicle (Adware.Foxicle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\program files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
c:\Users\Karin\AppData\Roaming\microsoft\Windows\start menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\program files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
         
Weitere Log-Dateien gibt es nicht.



OTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 24.11.2011 12:12:44 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Karin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,96% Memory free
6,21 Gb Paging File | 5,14 Gb Available in Paging File | 82,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,56 Gb Total Space | 208,14 Gb Free Space | 74,72% Space Free | Partition Type: NTFS
Drive D: | 19,52 Gb Total Space | 2,21 Gb Free Space | 11,32% Space Free | Partition Type: FAT32
 
Computer Name: 24-01-09-PC | User Name: Karin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.24 12:08:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Karin\Downloads\OTL.exe
PRC - [2011.11.18 14:51:12 | 003,673,944 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2011.11.15 08:55:50 | 000,745,280 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2011.11.15 08:54:50 | 001,052,480 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.03 12:43:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.04 13:49:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.02 21:21:30 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.08.28 18:36:28 | 000,075,048 | ---- | M] (cyberlink) -- C:\Programme\CyberLink\Shared Files\brs.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006.01.30 17:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.11.19 17:04:22 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.11.18 14:51:12 | 003,673,944 | ---- | M] () [Auto | Running] -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2011.11.15 08:54:50 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.11.15 08:52:56 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.03 12:43:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.04 13:49:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.11 12:12:43 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2011.07.03 12:43:18 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.03 12:43:18 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.03.23 11:58:14 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.09.14 12:39:02 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/03/06 17:11:17] [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2009.08.28 18:36:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/11/16 10:19:34] [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.02 10:52:50 | 000,175,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene)
DRV - [2008.09.29 21:29:00 | 007,593,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.02 06:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2005.08.30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
 
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (PAYBACK Toolbar Browserhilfsobjekt) - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3 - HKLM\..\Toolbar: (PAYBACK Toolbar) - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PAYBACK Toolbar) - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OrderReminder] C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Karin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E8A2319-425F-4F6A-83ED-D7DE6F1A8B21}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5BEFE19-EB18-4821-80AB-0FD89C738699}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FADDC20C-0D3A-443F-A3EA-5238F9D39D69}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\Shell - "" = AutoRun
O33 - MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\Shell - "" = AutoRun
O33 - MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\Shell - "" = AutoRun
O33 - MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\Shell - "" = AutoRun
O33 - MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\Shell - "" = AutoRun
O33 - MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\Shell\AutoRun\command - "" = F:\VTP_Manager.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.23 22:35:56 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Systweak
[2011.11.23 22:35:54 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2011.11.23 20:30:32 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Malwarebytes
[2011.11.23 20:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.23 20:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.23 20:30:19 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.23 20:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.20 19:24:58 | 000,000,000 | ---D | C] -- C:\Users\Karin\Desktop\Paybackcoupons
[2011.11.20 19:20:32 | 000,000,000 | ---D | C] -- C:\Users\Karin\Payback
[2011.11.20 19:18:31 | 000,000,000 | ---D | C] -- C:\Users\Karin\Desktop\Betriebsrat
[2011.11.20 18:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.20 17:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney 7.0
[2011.11.20 17:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 7.0
[2011.11.20 17:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2011.11.20 17:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\StarFinanz
[2011.11.20 17:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\StarMoney 7.0
[2011.11.19 19:11:00 | 000,000,000 | R--D | C] -- C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011.11.19 19:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.11.19 19:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.11.19 18:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.11.19 18:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.19 18:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.11.19 18:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.11.19 17:04:28 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.11.19 17:04:28 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.11.16 12:37:22 | 000,000,000 | ---D | C] -- C:\MQAReport_q
[2011.11.16 10:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2011.10.28 15:59:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2 C:\Users\Karin\*.tmp files -> C:\Users\Karin\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.24 12:17:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{86E5CCA8-6AC9-493A-B5A9-4366879E2D22}.job
[2011.11.24 11:15:05 | 000,056,767 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.11.24 11:14:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.24 11:14:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.24 11:14:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.24 11:14:44 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.23 23:21:42 | 000,056,767 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.11.23 23:07:33 | 000,001,660 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2011.11.23 22:15:15 | 000,000,000 | ---- | M] () -- C:\Users\Karin\defogger_reenable
[2011.11.23 20:30:24 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.22 10:29:45 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.22 10:29:45 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.22 10:29:45 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.22 10:29:45 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.21 18:15:18 | 000,472,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.20 18:08:16 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.20 17:22:39 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\StarMoney 7.0.lnk
[2011.11.19 19:06:52 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.11.19 18:46:55 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.19 17:51:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.19 17:51:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.19 17:04:22 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.11.19 17:04:22 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2011.11.19 16:58:24 | 000,000,105 | ---- | M] () -- C:\Users\Karin\AppData\Roaming\default.pls
[2011.11.19 16:47:31 | 000,006,144 | ---- | M] () -- C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.15 08:56:22 | 000,030,528 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.11.15 08:53:02 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.11.15 08:52:56 | 000,030,016 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2 C:\Users\Karin\*.tmp files -> C:\Users\Karin\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.23 23:02:04 | 000,001,660 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2011.11.23 22:15:15 | 000,000,000 | ---- | C] () -- C:\Users\Karin\defogger_reenable
[2011.11.23 20:30:24 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.20 18:08:16 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.20 17:22:39 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\StarMoney 7.0.lnk
[2011.11.19 19:06:52 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.11.19 18:46:55 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.08.13 09:43:30 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1018.dll
[2011.06.28 13:11:23 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2011.04.03 14:16:46 | 000,000,038 | ---- | C] () -- C:\Windows\System32\ZX9EQJT7_{EFFCF240-71E7-4A74-AD20-14C1C3836F69}.dat
[2011.03.11 17:28:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.07.10 17:46:35 | 000,006,144 | ---- | C] () -- C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.24 18:29:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.24 18:29:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.13 20:52:54 | 000,172,032 | ---- | C] () -- C:\Windows\WsBtn.dll
[2009.03.13 21:51:11 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.02.22 11:29:41 | 000,000,105 | ---- | C] () -- C:\Users\Karin\AppData\Roaming\default.pls
[2009.02.13 16:44:57 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.02.07 15:07:19 | 000,004,607 | ---- | C] () -- C:\Windows\hpdj3600.ini
[2009.02.07 13:45:40 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.02.06 14:30:47 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.02.06 14:29:57 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.02.01 18:13:24 | 000,007,592 | ---- | C] () -- C:\Users\Karin\AppData\Local\d3d9caps.dat
[2009.01.25 14:31:47 | 000,000,511 | ---- | C] () -- C:\Windows\wiso.ini
[2009.01.24 18:12:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.12.09 20:13:56 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.12.09 20:13:56 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.12.09 20:13:56 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.12.09 20:13:56 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.12.09 13:05:06 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2008.12.09 12:53:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.12.09 12:53:31 | 000,020,480 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE3.sys
[2008.12.09 12:53:30 | 000,515,328 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE1.sys
[2008.12.09 12:53:30 | 000,294,016 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE0.sys
[2008.12.09 12:53:30 | 000,175,360 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE.sys
[2008.12.09 11:25:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007.12.10 08:00:00 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1018.EXE
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,472,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.08.02 12:37:59 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\BOM
[2009.05.31 14:41:31 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Buhl Data Service
[2009.01.25 21:15:30 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\BullGuard
[2011.08.14 12:18:39 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\DVDVideoSoft
[2011.05.22 15:09:57 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.11 17:17:36 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\elsterformular
[2010.12.07 16:13:25 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\gtk-2.0
[2010.04.30 11:09:02 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\K-PACS-Lite
[2011.04.14 15:32:47 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\ML
[2010.02.27 15:39:28 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Nokia
[2010.02.27 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\PC Suite
[2011.08.16 09:47:49 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\phonostar GmbH
[2011.05.06 20:40:39 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Samsung
[2010.05.06 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\SparweltGutschein
[2011.11.23 23:03:00 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Systweak
[2010.04.12 09:52:19 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Tobit
[2009.01.26 14:31:57 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\TuneUp Software
[2009.05.13 19:50:38 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Vodafone
[2011.11.24 09:42:19 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.11.24 12:17:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{86E5CCA8-6AC9-493A-B5A9-4366879E2D22}.job
 
========== Purity Check ==========
         
Code:
ATTFilter
OTL Extras logfile created on: 24.11.2011 12:12:44 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Karin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,96% Memory free
6,21 Gb Paging File | 5,14 Gb Available in Paging File | 82,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,56 Gb Total Space | 208,14 Gb Free Space | 74,72% Space Free | Partition Type: NTFS
Drive D: | 19,52 Gb Total Space | 2,21 Gb Free Space | 11,32% Space Free | Partition Type: FAT32
 
Computer Name: 24-01-09-PC | User Name: Karin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A069D7-066B-450A-AEAA-C981280A53C9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{05D6220F-DF41-4432-8C37-B82E101EAAF2}" = lport=138 | protocol=17 | dir=in | app=system |
"{09912E9B-52A0-431A-973A-6D3F92F21580}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0B0E0601-3D0B-4F4C-A983-3E96D804BB31}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A2991F1-9F1C-4A7D-9F17-3B80607EE529}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1A30A740-EEA1-441E-90BE-8BEFBC485BF7}" = lport=5357 | protocol=6 | dir=in | app=system |
"{225871D0-086A-47F1-8517-5ECF48921AD1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{237DE376-D79E-4E98-8A27-9DDB71DDA9C7}" = rport=137 | protocol=17 | dir=out | app=system |
"{23BAE9EA-1B55-4917-9A80-8CBEC6BA8842}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{266D28D2-C6B2-414F-B96B-CDF67C78A5F7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{342DEE81-0657-44FC-9505-AC2ABC5E0EE6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{361B293E-F7E7-41AF-8D32-671DCB96307B}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{368EDBE8-60D8-4349-81BB-A048347E85F4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{3887C2C1-8D4C-4523-B532-8E0F46EF6922}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{390CDCB1-3F56-4B00-8038-99B85DE87B7A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3AB0E24B-10D9-4713-80AC-E4800CEDCCB2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3F8F56F5-95E2-4AAA-96A9-8DB70FFC3F60}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{45A47686-3453-4DEC-A447-FCE1F3488FAF}" = lport=5358 | protocol=6 | dir=in | app=system |
"{4642C7E0-75B4-4943-A975-63F85AB19144}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49116ED8-380B-458F-A41B-12009CDB7339}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{498648D4-DA1F-4EB8-B84E-0E74EACEC119}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{499FD273-4025-454C-84B4-7C38243F45CA}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{4AD1ABA8-75A5-4302-B31A-6200A52F8036}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4C8B705A-7886-4FC0-813B-36905212159F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56113B4E-EB3B-4723-983D-1D0AEB3A6862}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{5D560D5F-E4A4-407B-B421-9939F7AFB27C}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{60B0686F-AB23-4D6E-BD92-A43AB3BC34B7}" = rport=139 | protocol=6 | dir=out | app=system |
"{613700A5-3529-4924-82B4-DA4E28F87F5B}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{6270E95A-F0D9-4596-94E5-CD262C02B572}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{6452F075-9E19-462B-AA3B-0C8D2BA06447}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6936C1B3-AB4C-471E-8988-324397777EF3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6C2E790C-67DD-4F4E-853B-D69F7DAAC178}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{6FBC1412-4495-4F14-80D9-7A42B54E0ADE}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{73502BD1-5CD2-4BE0-9D23-7C1F143B3983}" = lport=40823 | protocol=17 | dir=in | name=emule |
"{7685F925-44BA-4E81-83B6-B1B21264C8E0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7940E762-55C3-47EE-8051-02FF0EBCD5D2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{79F3C6AF-98AB-4016-BB6F-752810B23783}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D4F780C-F402-4E53-8E9F-2FB9175FA8D6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{83F8B635-C6B5-410B-9FE1-98BEACAE8AC5}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{92E3A5B1-BF5D-483F-BAC6-3CA42EBC85B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{974A9343-8838-4A80-A5B5-3D5B9205861D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{9A6C2CE9-9DDE-4FBA-8078-CF7D5FEEA741}" = rport=5358 | protocol=6 | dir=out | app=system |
"{9DEEFCAB-CEBC-464D-B67D-EF721472DD08}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F394D8B-29D6-4316-A2C8-2E37B3097513}" = lport=139 | protocol=6 | dir=in | app=system |
"{9F5BE16E-FEEF-4D89-962B-D9287946D786}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{A2C7CD6B-1BEC-4B9A-82EC-5568F787F0FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3AB2A0A-09BB-4150-9123-0C8D3D47D656}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{B134D277-D3D3-4274-8F53-E6848F69B0C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B563FE0E-7D0F-4187-A249-BBBCE12CEACC}" = rport=5357 | protocol=6 | dir=out | app=system |
"{BAD5D785-F0F5-4A80-9AF7-0BEFC3968557}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{C0F00A23-0138-4D4A-B7CE-292022DD1B86}" = rport=445 | protocol=6 | dir=out | app=system |
"{C222B250-E58D-44C3-91AA-0DF5FD900A11}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C32EF195-4DD9-4C68-AB1E-B12E6426CE41}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{CAC25B60-3FF5-4898-A4C4-1515F97312ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF18FAD4-CA96-4D10-8EF8-15B0D55E44ED}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF3E0DE7-550A-4370-B98B-5E8816FD1203}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D095823F-6398-4862-9581-3E0BBCBFA742}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4008930-367A-4FA1-B559-3659E79B7AFE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE4E1E09-DB42-4F21-ADEF-F171423396E0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2511168-59EF-4944-B3D2-F626489B3A1E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{E8BD188B-37F8-453F-8319-C42F4B802E28}" = rport=2869 | protocol=6 | dir=out | app=system |
"{EB2C1C73-7721-4745-B698-96FA59065756}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EF1E5717-A446-4292-97BF-0D38CA0EBF96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F637582C-D047-4AE9-A5FF-C07FCF414AA6}" = lport=445 | protocol=6 | dir=in | app=system |
"{FB599224-CDD2-47DF-8376-BF062F785EF9}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{FC5F5518-258E-4039-B5D6-3AFB07AF5687}" = lport=137 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013EC4CF-8B13-4611-BCA7-99F7CE4A07BD}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe |
"{022D32B1-58AB-405D-841D-0A68050F3B19}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{030F62AF-DE53-42C3-8F70-B95A9422959E}" = protocol=6 | dir=in | app=e:\fsetup.exe |
"{094AC69B-0D83-41F9-8797-93F4930B212C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0CFD38CB-72AF-4991-A66A-CC50C805EA22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{179C71A3-F798-477D-83CF-CD4340F0FC33}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{185C0F07-485F-4D8A-8401-B06DB1D34CD3}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{18CEB5B7-8580-4D8F-BEFF-22B832A63C86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C81244F-1B53-48D4-9A38-A1F3F5E1EBDA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2DDA5972-DBB8-47FA-A8FC-C6092A0EA20B}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{2F7A52B8-53B0-45AE-935E-64EF5A32B5F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2FF42EC3-2C21-4374-8C40-F89C8E07B24F}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{3020A3E7-22E7-40B2-8FF5-8A98D2C392A9}" = protocol=17 | dir=in | app=c:\users\karin\appdata\local\apps\2.0\hr00omqq.5o6\61btww03.yyo\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{30645E84-E0DF-4B13-BAD3-3F170A7E7AD1}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{46FBC8DD-4F9E-4822-A7C3-3D7C39CC7405}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{47203123-CC5E-4065-9537-51D442014BB5}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0\app\starmoney.exe |
"{472D50AE-6907-4C84-A76F-18AD9C532504}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{4A1EE710-742E-4502-9B65-B3493D95551D}" = protocol=17 | dir=in | app=e:\fsetup.exe |
"{4CEFC5D9-4E41-4803-836B-5902F8CE315A}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0\app\starmoney.exe |
"{4DF030EE-E4F2-4C57-BFF4-89725126CD4C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4FA8C39D-407F-4280-928C-3C2CEDBB7400}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{4FC9228F-BFFF-461D-AAD4-23445DA39B0E}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{4FFCECB3-3AB1-41E5-8167-3818E7E31FB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50CA6E84-A250-42CE-A57E-F217CBDEA33D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{513157A3-5FB3-4157-B4D8-2B627D801AFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5265AE0E-BB76-4081-904F-C5CEBB72DF6C}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{53B00529-AB4A-4183-9C76-8B3988485EC6}" = protocol=6 | dir=in | app=c:\users\karin\appdata\local\apps\2.0\hr00omqq.5o6\61btww03.yyo\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{555FDF37-FD79-489E-9886-BFEC22D95E6B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E1804C6-697E-4383-BCA3-2FA1D08AF47D}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{64671DAC-C4C8-42BA-859A-AC02D6BFEBDF}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{648A1F8D-7861-4720-9736-2FF50F217962}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{64A3ED39-E9B5-494D-8E83-4D48FF2E6B01}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{64D21B49-C735-43A8-8279-72A013863D8E}" = protocol=6 | dir=out | app=system |
"{6A408D44-BF7C-4C59-87EE-D41B3FA1CE14}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{6A535726-DDAB-4EA0-82AA-8E2F6AAF2506}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{6C73A5E9-ECDC-4CB3-9DB3-3EBC3E187ABA}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{6C7A094F-A4CE-4DE1-94EC-4ECDD35EA9C0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6D0BCED8-5F8D-4855-911E-C26EAEDF8C04}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{7B7708E5-1590-4449-B26F-48091A839A90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D605499-89B5-4BB0-8770-25EBDAE97EFF}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{7ECFC43D-5708-4DBC-8786-9C6FD3352B59}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{7FE1C699-EB9D-485E-B769-CE8BBF42A30B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{8218C9FF-4759-462B-B010-5A48AA4B814E}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{8A73B466-F320-4F79-852F-B0DFF70BB197}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{8FCB56A4-6561-4D30-88AB-A5BFA73D34FB}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{90D7E835-1FB4-46FD-ADC2-025748278C28}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{9634A17C-F4B1-454A-9D9F-BFB5B5832B0D}" = protocol=6 | dir=in | app=c:\users\karin\appdata\local\apps\2.0\hr00omqq.5o6\61btww03.yyo\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{9C4FAD13-5F4D-4E4B-B8F9-F4EA747C68C9}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{A0A99AC6-C721-40CC-93B9-DEB61A8059FB}" = protocol=17 | dir=in | app=c:\users\karin\appdata\local\apps\2.0\hr00omqq.5o6\61btww03.yyo\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{A4D0D82F-5F92-45AA-85FE-67C0F72FD046}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{A71D3663-4321-4AC8-B949-22071ADBFDD1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AB9CD28F-AFD6-4F22-B9F7-EEFEF266E50C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{ABF9C6C5-C704-4455-BA46-D577C9617859}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AC516A57-1616-4257-AD24-322D7FD19C3B}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe |
"{B92C7C80-DE76-472D-B6E7-EF2F53705ACD}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{D20599EA-33A0-4C93-968C-5198E8C3B8AB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D3F3DB90-B75E-4968-859E-60B8BE6629AC}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{DFCCD596-4399-474F-A14B-DE2958B8B2D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E8857001-1203-4CC4-B1DF-FF08D38D6654}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{EFB8A413-2964-4E22-AEC9-9FBB2455F0D1}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{F08B226B-5158-4F9E-BFBD-F46C1B15B9F6}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{F1A75584-0B5B-4691-8142-7723B8C61BA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3971018-CA8B-4910-AD95-01C10C437089}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F825E5AA-B8D0-4767-989F-F0C4FFA066E2}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{F8949F23-B9D7-4AFF-80CC-4616F61B0723}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{FFB73710-1F8D-40BA-AFF0-97899441B17A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{0BB6F299-3947-4935-8614-1831C905E257}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{0F6F69CC-2EA7-4BC4-817A-2F55867C6567}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{4C08EC06-46DF-4F51-B530-F298CED90029}C:\program files\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"TCP Query User{8D0675FA-2716-4478-B9E1-3A33C60992F9}C:\casino\bwin casino\casino.exe" = protocol=6 | dir=in | app=c:\casino\bwin casino\casino.exe |
"TCP Query User{A1D3AAED-8815-4F33-AFEE-A950B9BE2BF3}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{B06AB857-A266-4C63-B933-5F639E77B59C}C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero mediahome\nmmediaserver.exe |
"TCP Query User{B1EAD652-4820-4F6A-B55F-E7883B241CAF}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{BEBFCC43-6434-4A82-993F-78BB44F7D4E7}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{C6F4AD5F-25CF-4032-B1D6-8F17C04B0197}C:\program files\simplecenter\home media server.exe" = protocol=6 | dir=in | app=c:\program files\simplecenter\home media server.exe |
"TCP Query User{E1ABF2EC-AC64-49BD-A65D-1361B451EB74}C:\casino\bwin casino\casino.exe" = protocol=6 | dir=in | app=c:\casino\bwin casino\casino.exe |
"TCP Query User{ED421BFC-D552-461A-9700-A0FB35C7E498}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{13F9ED1F-105D-45E5-902C-87F18B5A84D3}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{17A96713-461A-4027-AB0A-57CEBD5EADF9}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{1EFEAC83-0121-4A96-B8C3-3A6CBD26DB92}C:\program files\simplecenter\home media server.exe" = protocol=17 | dir=in | app=c:\program files\simplecenter\home media server.exe |
"UDP Query User{3C704716-B88B-4494-A398-2BAF7EC301AD}C:\casino\bwin casino\casino.exe" = protocol=17 | dir=in | app=c:\casino\bwin casino\casino.exe |
"UDP Query User{5C3A9EA5-F63C-481D-9F9F-9D651BD9DC1D}C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero mediahome\nmmediaserver.exe |
"UDP Query User{7856796D-44B2-4895-9C05-84DA2501A4E0}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{79D06EAE-C69F-4722-B7CC-202EAA8F4668}C:\casino\bwin casino\casino.exe" = protocol=17 | dir=in | app=c:\casino\bwin casino\casino.exe |
"UDP Query User{8006DEE8-6E59-4104-B221-DC671E1A1521}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{CC17D4FE-A7C6-48FF-9CAC-2C834868289E}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{D1C98D10-B868-4C8B-883B-C04BB13EF8A1}C:\program files\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"UDP Query User{E50A7AEC-E263-4AAA-B9E8-DE3710BC1131}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{013EFF7A-3F00-485B-9194-DD677C9EAFD5}" = StarMoney 7.0
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys Logic PC Camera Device
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80CCA55B-FCA8-47E2-9BFE-A24CDEE51031}" = SecurDisc Viewer
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83C68799-9E25-498C-B20F-F0FEE2AF3ACC}" = Sparwelt.de Gutschein Alarm
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B145EC69-66F5-11D8-9D75-000129760D75}" = CyberLink MakeDisc
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BFGC" = Big Fish Games Client
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"bwin Casino" = bwin Casino
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804
"Google Chrome" = Google Chrome
"Home Media Server 4.2.0.32" = Home Media Server 4.2.0.32
"HP OrderReminder" = HP OrderReminder
"hp print screen utility" = hp print screen utility
"HP-LaserJet 1018" = LaserJet 1018
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"IrfanView" = IrfanView (remove only)
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Fotos auf CD & DVD 8 D" = MAGIX Fotos auf CD & DVD 8 8.0.1.11 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"maxdome - Online Videothek_is1" = maxdome - Online Videothek Version 3.1.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"PAYBACK Toolbar_is1" = PAYBACK Toolbar 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tobit Radio.fx Server" = Radio.fx
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR
"YInstHelper" = Yahoo! Install Manager
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.11.2011 18:09:20 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 23.11.2011 18:22:04 | Computer Name = 24-01-09-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.11.2011 18:22:05 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 23.11.2011 18:22:05 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 24.11.2011 04:26:09 | Computer Name = 24-01-09-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.11.2011 04:26:12 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 24.11.2011 04:26:12 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 24.11.2011 06:15:21 | Computer Name = 24-01-09-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.11.2011 06:15:29 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 24.11.2011 06:15:29 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ System Events ]
Error - 22.11.2011 16:19:25 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 23.11.2011 05:35:47 | Computer Name = 24-01-09-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker PDFCreator nicht unter dem Namen
 PDFCreator freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern
 im Netzwerk verwendet werden.
 
Error - 23.11.2011 05:36:27 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 23.11.2011 15:56:14 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 23.11.2011 17:12:14 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 23.11.2011 18:08:39 | Computer Name = 24-01-09-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker PDFCreator nicht unter dem Namen
 PDFCreator freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern
 im Netzwerk verwendet werden.
 
Error - 23.11.2011 18:09:15 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 23.11.2011 18:22:05 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.11.2011 04:26:10 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.11.2011 06:15:21 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
         
--- --- ---

--- --- ---



GMER stürzt immer ab...

Liebe Grüße

Alt 25.11.2011, 11:28   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.BHO und anderes lustiges Zeugs - Standard

Trojan.BHO und anderes lustiges Zeugs



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 02.12.2011, 18:49   #3
ellacacau
 
Trojan.BHO und anderes lustiges Zeugs - Standard

Trojan.BHO und anderes lustiges Zeugs



Code:
ATTFilter
www.malwarebytes.orgDatenbank Version: 8267Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.1642129.11.2011 09:58:46
mbam-log-2011-11-29 (09-58-46).txtArt des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 186449
Laufzeit: 5 Minute(n), 9 Sekunde(n)Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.orgDatenbank Version: 8267Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.1642129.11.2011 22:40:58
mbam-log-2011-11-29 (22-40-58).txtArt des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 390835
Laufzeit: 1 Stunde(n), 23 Minute(n), 12 Sekunde(n)Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
www.malwarebytes.orgDatenbank Version: 8287Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.1642101.12.2011 23:32:51
mbam-log-2011-12-01 (23-32-51).txtArt des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 392641
Laufzeit: 1 Stunde(n), 25 Minute(n), 55 Sekunde(n)Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9af897a11f947946a6656fedbd5800b9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-01 08:54:16
# local_time=2011-12-01 09:54:16 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 369533 97660538 371725 0
# compatibility_mode=5892 16776573 100 100 7477 160296702 0 0
# compatibility_mode=8192 67108863 100 0 209509 209509 0 0
# scanned=217230
# found=1
# cleaned=0
# scan_time=8881
C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
         
__________________

Alt 02.12.2011, 20:08   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.BHO und anderes lustiges Zeugs - Standard

Trojan.BHO und anderes lustiges Zeugs



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.12.2011, 18:38   #5
ellacacau
 
Trojan.BHO und anderes lustiges Zeugs - Standard

Trojan.BHO und anderes lustiges Zeugs



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.12.2011 18:05:33 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Karin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,04% Memory free
6,21 Gb Paging File | 4,86 Gb Available in Paging File | 78,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,56 Gb Total Space | 195,33 Gb Free Space | 70,12% Space Free | Partition Type: NTFS
Drive D: | 19,52 Gb Total Space | 2,21 Gb Free Space | 11,32% Space Free | Partition Type: FAT32
 
Computer Name: 24-01-09-PC | User Name: Karin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.04 18:02:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Karin\Desktop\OTL.exe
PRC - [2011.11.29 10:50:03 | 010,826,624 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer.exe
PRC - [2011.11.29 10:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.11.29 10:50:03 | 002,669,952 | ---- | M] (TeamViewer GmbH) -- c:\Programme\TeamViewer\Version7\TeamViewer_Desktop.exe
PRC - [2011.11.29 10:33:26 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\tv_w32.exe
PRC - [2011.11.19 17:57:17 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011.11.18 14:51:12 | 003,673,944 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2011.11.15 08:55:50 | 000,745,280 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2011.11.15 08:54:50 | 001,052,480 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.03 12:43:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.04 13:49:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2010.11.02 21:21:30 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.08.28 18:36:28 | 000,075,048 | ---- | M] (cyberlink) -- C:\Programme\CyberLink\Shared Files\brs.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006.01.30 17:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.11.29 10:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.11.19 17:04:22 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.11.18 14:51:12 | 003,673,944 | ---- | M] () [Auto | Running] -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2011.11.15 08:54:50 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.11.15 08:52:56 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.03 12:43:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.04 13:49:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.11 12:12:43 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2011.07.03 12:43:18 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.03 12:43:18 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.03.23 11:58:14 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.09.14 12:39:02 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/03/06 17:11:17] [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2009.08.28 18:36:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/11/16 10:19:34] [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.02 10:52:50 | 000,175,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene)
DRV - [2008.09.29 21:29:00 | 007,593,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.02 06:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2005.08.30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.01 19:05:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
 
[2011.12.01 19:05:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karin\AppData\Roaming\mozilla\Extensions
[2011.12.01 19:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (PAYBACK Toolbar Browserhilfsobjekt) - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3 - HKLM\..\Toolbar: (PAYBACK Toolbar) - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PAYBACK Toolbar) - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OrderReminder] C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Karin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E8A2319-425F-4F6A-83ED-D7DE6F1A8B21}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5BEFE19-EB18-4821-80AB-0FD89C738699}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FADDC20C-0D3A-443F-A3EA-5238F9D39D69}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\Shell - "" = AutoRun
O33 - MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\Shell - "" = AutoRun
O33 - MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\Shell - "" = AutoRun
O33 - MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\Shell - "" = AutoRun
O33 - MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\Shell - "" = AutoRun
O33 - MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\Shell\AutoRun\command - "" = F:\VTP_Manager.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: >{b4db1911-e061-4cc6-aab1-6fe12ea65eac} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.04 18:02:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Karin\Desktop\OTL.exe
[2011.12.01 21:21:58 | 000,000,000 | ---D | C] -- C:\Users\Karin\Desktop\FreePDF
[2011.12.01 21:14:18 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\FreePDF_XP
[2011.12.01 21:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\FreePDF_XP
[2011.12.01 21:10:59 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\FreePDF
[2011.12.01 21:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF
[2011.12.01 21:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2011.12.01 21:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2011.12.01 19:05:38 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Mozilla
[2011.12.01 19:05:38 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\Mozilla
[2011.12.01 19:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011.12.01 18:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011.11.29 10:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.29 09:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.29 09:50:25 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.29 09:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.24 12:22:54 | 000,000,000 | ---D | C] -- C:\Users\Karin\Desktop\Scan OTL
[2011.11.23 22:35:56 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Systweak
[2011.11.23 22:35:54 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2011.11.23 20:30:32 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Malwarebytes
[2011.11.23 20:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.20 19:24:58 | 000,000,000 | ---D | C] -- C:\Users\Karin\Desktop\Paybackcoupons
[2011.11.20 19:20:32 | 000,000,000 | ---D | C] -- C:\Users\Karin\Payback
[2011.11.20 19:18:31 | 000,000,000 | ---D | C] -- C:\Users\Karin\Desktop\Betriebsrat
[2011.11.20 18:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.20 17:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney 7.0
[2011.11.20 17:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 7.0
[2011.11.20 17:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2011.11.20 17:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\StarFinanz
[2011.11.20 17:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\StarMoney 7.0
[2011.11.19 19:11:00 | 000,000,000 | R--D | C] -- C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011.11.19 19:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.11.19 19:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.11.19 18:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.11.19 18:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.19 18:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.11.19 18:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.11.19 17:04:28 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.11.19 17:04:28 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.11.16 12:37:22 | 000,000,000 | ---D | C] -- C:\MQAReport_q
[2011.11.16 10:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2 C:\Users\Karin\*.tmp files -> C:\Users\Karin\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.04 18:11:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{86E5CCA8-6AC9-493A-B5A9-4366879E2D22}.job
[2011.12.04 18:02:50 | 000,056,767 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.04 18:02:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Karin\Desktop\OTL.exe
[2011.12.04 17:41:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 17:41:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 09:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.04 09:41:35 | 3217,522,688 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.03 11:07:05 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.03 11:07:05 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.03 11:07:05 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.03 11:07:05 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.01 19:05:32 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.01 18:34:11 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2011.11.29 09:50:29 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.29 09:36:02 | 000,056,767 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.11.24 23:31:17 | 000,302,592 | ---- | M] () -- C:\Users\Karin\Desktop\riq4bjrr.exe
[2011.11.24 23:21:54 | 000,000,928 | ---- | M] () -- C:\Users\Karin\Documents\Malwarebytes' Anti-Malware.lnk
[2011.11.23 23:07:33 | 000,001,660 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2011.11.23 22:15:15 | 000,000,000 | ---- | M] () -- C:\Users\Karin\defogger_reenable
[2011.11.21 18:15:18 | 000,472,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.20 18:08:16 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.20 17:22:39 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\StarMoney 7.0.lnk
[2011.11.19 19:06:52 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.11.19 18:46:55 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.19 17:51:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.19 17:51:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.19 17:04:22 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.11.19 17:04:22 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2011.11.19 16:58:24 | 000,000,105 | ---- | M] () -- C:\Users\Karin\AppData\Roaming\default.pls
[2011.11.19 16:47:31 | 000,006,144 | ---- | M] () -- C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.15 08:56:22 | 000,030,528 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.11.15 08:53:02 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.11.15 08:52:56 | 000,030,016 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2 C:\Users\Karin\*.tmp files -> C:\Users\Karin\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.01 21:11:01 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.12.01 21:11:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.12.01 19:05:32 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.01 19:05:31 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.12.01 18:34:11 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2011.12.01 18:34:11 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2011.11.29 09:50:29 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.24 23:31:17 | 000,302,592 | ---- | C] () -- C:\Users\Karin\Desktop\riq4bjrr.exe
[2011.11.24 23:21:54 | 000,000,928 | ---- | C] () -- C:\Users\Karin\Documents\Malwarebytes' Anti-Malware.lnk
[2011.11.23 23:02:04 | 000,001,660 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2011.11.23 22:15:15 | 000,000,000 | ---- | C] () -- C:\Users\Karin\defogger_reenable
[2011.11.20 18:08:16 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.20 17:22:39 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\StarMoney 7.0.lnk
[2011.11.19 19:06:52 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.11.19 18:46:55 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.08.13 09:43:30 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1018.dll
[2011.06.28 13:11:23 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2011.04.03 14:16:46 | 000,000,038 | ---- | C] () -- C:\Windows\System32\ZX9EQJT7_{EFFCF240-71E7-4A74-AD20-14C1C3836F69}.dat
[2011.03.11 17:28:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.07.10 17:46:35 | 000,006,144 | ---- | C] () -- C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.24 18:29:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.24 18:29:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.13 20:52:54 | 000,172,032 | ---- | C] () -- C:\Windows\WsBtn.dll
[2009.03.13 21:51:11 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.02.22 11:29:41 | 000,000,105 | ---- | C] () -- C:\Users\Karin\AppData\Roaming\default.pls
[2009.02.13 16:44:57 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.02.07 15:07:19 | 000,004,607 | ---- | C] () -- C:\Windows\hpdj3600.ini
[2009.02.07 13:45:40 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.02.06 14:30:47 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.02.06 14:29:57 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.02.01 18:13:24 | 000,007,592 | ---- | C] () -- C:\Users\Karin\AppData\Local\d3d9caps.dat
[2009.01.25 14:31:47 | 000,000,511 | ---- | C] () -- C:\Windows\wiso.ini
[2009.01.24 18:12:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.12.09 20:13:56 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.12.09 20:13:56 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.12.09 20:13:56 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.12.09 20:13:56 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.12.09 13:05:06 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2008.12.09 12:53:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.12.09 12:53:31 | 000,020,480 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE3.sys
[2008.12.09 12:53:30 | 000,515,328 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE1.sys
[2008.12.09 12:53:30 | 000,294,016 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE0.sys
[2008.12.09 12:53:30 | 000,175,360 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE.sys
[2008.12.09 11:25:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007.12.10 08:00:00 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1018.EXE
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,472,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.08.02 12:37:59 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\BOM
[2009.05.31 14:41:31 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Buhl Data Service
[2009.01.25 21:15:30 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\BullGuard
[2011.08.14 12:18:39 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\DVDVideoSoft
[2011.05.22 15:09:57 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.11 17:17:36 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\elsterformular
[2011.12.01 21:10:59 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\FreePDF
[2010.12.07 16:13:25 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\gtk-2.0
[2010.04.30 11:09:02 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\K-PACS-Lite
[2011.04.14 15:32:47 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\ML
[2010.02.27 15:39:28 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Nokia
[2010.02.27 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\PC Suite
[2011.08.16 09:47:49 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\phonostar GmbH
[2011.05.06 20:40:39 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Samsung
[2010.05.06 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\SparweltGutschein
[2011.11.23 23:03:00 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Systweak
[2010.04.12 09:52:19 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Tobit
[2009.01.26 14:31:57 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\TuneUp Software
[2009.05.13 19:50:38 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Vodafone
[2011.12.03 22:21:29 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.04 18:11:59 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{86E5CCA8-6AC9-493A-B5A9-4366879E2D22}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.02 10:49:29 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Adobe
[2011.11.19 19:12:54 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Apple Computer
[2010.03.27 15:36:57 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Avira
[2011.08.02 12:37:59 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\BOM
[2009.05.31 14:41:31 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Buhl Data Service
[2009.01.25 21:15:30 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\BullGuard
[2010.02.17 10:28:11 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Corel
[2010.03.06 16:10:06 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\CyberLink
[2011.08.14 12:18:39 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\DVDVideoSoft
[2011.05.22 15:09:57 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.11 17:17:36 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\elsterformular
[2011.12.01 21:10:59 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\FreePDF
[2009.01.26 13:35:24 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Google
[2010.12.07 16:13:25 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\gtk-2.0
[2009.01.25 21:14:04 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Identities
[2011.08.29 18:33:20 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\InstallShield
[2010.04.30 11:09:02 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\K-PACS-Lite
[2009.01.24 14:28:54 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Macromedia
[2011.11.23 20:30:32 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Media Center Programs
[2011.03.02 10:49:29 | 000,000,000 | --SD | M] -- C:\Users\Karin\AppData\Roaming\Microsoft
[2011.04.14 15:32:47 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\ML
[2011.12.01 19:05:38 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Mozilla
[2009.02.13 19:50:16 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Nero
[2010.02.27 15:39:28 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Nokia
[2010.02.27 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\PC Suite
[2011.08.16 09:47:49 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\phonostar GmbH
[2011.05.06 20:40:39 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Samsung
[2011.11.19 18:45:13 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Skype
[2011.07.16 10:53:38 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\skypePM
[2010.05.06 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\SparweltGutschein
[2011.11.23 23:03:00 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Systweak
[2010.04.12 09:52:19 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Tobit
[2009.01.26 14:31:57 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\TuneUp Software
[2009.03.06 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\vlc
[2009.05.13 19:50:38 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Vodafone
[2010.10.22 20:34:14 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\WinRAR
[2009.01.27 16:00:47 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2011.10.11 17:13:08 | 006,489,448 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Karin\AppData\Roaming\elsterformular\update\ElsterFormular_update-12_3_2_6814p.exe
[2011.02.16 09:27:13 | 000,005,550 | R--- | M] () -- C:\Users\Karin\AppData\Roaming\Microsoft\Installer\{83C68799-9E25-498C-B20F-F0FEE2AF3ACC}\_6FEFF9B68218417F98F549.exe
[2011.08.16 20:29:39 | 012,340,744 | ---- | M] (                                                            ) -- C:\Users\Karin\AppData\Roaming\phonostar GmbH\Schlagerhöllen-Player\update.exe
[1 C:\Users\Karin\AppData\Roaming\phonostar GmbH\Schlagerhöllen-Player\*.tmp files -> C:\Users\Karin\AppData\Roaming\phonostar GmbH\Schlagerhöllen-Player\*.tmp -> ]
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:71FA8B7F

< End of report >
         
--- --- ---

[/code]


Alt 04.12.2011, 19:33   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.BHO und anderes lustiges Zeugs - Standard

Trojan.BHO und anderes lustiges Zeugs



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (PAYBACK Toolbar Browserhilfsobjekt) - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3 - HKLM\..\Toolbar: (PAYBACK Toolbar) - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PAYBACK Toolbar) - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\Shell - "" = AutoRun
O33 - MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\Shell - "" = AutoRun
O33 - MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\Shell - "" = AutoRun
O33 - MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\Shell - "" = AutoRun
O33 - MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\Shell - "" = AutoRun
O33 - MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\Shell\AutoRun\command - "" = F:\VTP_Manager.exe
@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:71FA8B7F
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> Trojan.BHO und anderes lustiges Zeugs

Alt 06.12.2011, 20:58   #7
ellacacau
 
Trojan.BHO und anderes lustiges Zeugs - Standard

Trojan.BHO und anderes lustiges Zeugs



Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E141F5C3-2619-4996-8AF8-AA0A9439D986}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E141F5C3-2619-4996-8AF8-AA0A9439D986}\ deleted successfully.
C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9613CB43-EA4C-48b5-878D-13DFE1818EFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9613CB43-EA4C-48b5-878D-13DFE1818EFE}\ deleted successfully.
File C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9613CB43-EA4C-48B5-878D-13DFE1818EFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9613CB43-EA4C-48B5-878D-13DFE1818EFE}\ not found.
File C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f1c1399-3ff0-11de-ade2-002220037278}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f1c1399-3ff0-11de-ade2-002220037278}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30e9ac11-3fee-11de-9a8e-002220037278}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30e9ac11-3fee-11de-9a8e-002220037278}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c32d39c-4ae6-11de-8856-002220037278}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c32d39c-4ae6-11de-8856-002220037278}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c32d39e-4ae6-11de-8856-002220037278}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c32d39e-4ae6-11de-8856-002220037278}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93cf32d1-6690-11e0-ad71-002220037278}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93cf32d1-6690-11e0-ad71-002220037278}\ not found.
File F:\VTP_Manager.exe not found.
ADS C:\ProgramData\Temp:71FA8B7F deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Hardy
->Temp folder emptied: 32312 bytes
->Java cache emptied: 242687 bytes
->Flash cache emptied: 10774 bytes
 
User: Karin
->Temp folder emptied: 346679 bytes
->Java cache emptied: 5046389 bytes
->FireFox cache emptied: 45056281 bytes
->Google Chrome cache emptied: 856432 bytes
->Apple Safari cache emptied: 4777984 bytes
->Flash cache emptied: 517 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21348 bytes
RecycleBin emptied: 9993827 bytes
 
Total Files Cleaned = 63,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12062011_204346

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

PS: Habe viel gelesen wegen den Registrycleanern. gerne kann ich mich davon auch trennen. Auch von Adobe PDF, etc.

Alt 07.12.2011, 12:09   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.BHO und anderes lustiges Zeugs - Standard

Trojan.BHO und anderes lustiges Zeugs



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.12.2011, 21:51   #9
ellacacau
 
Trojan.BHO und anderes lustiges Zeugs - Standard

Trojan.BHO und anderes lustiges Zeugs



Code:
ATTFilter
21:47:19.0817 4596	TDSS rootkit removing tool 2.6.22.0 Dec  7 2011 13:21:06
21:47:21.0821 4596	============================================================
21:47:21.0821 4596	Current date / time: 2011/12/09 21:47:21.0821
21:47:21.0821 4596	SystemInfo:
21:47:21.0821 4596	
21:47:21.0821 4596	OS Version: 6.0.6002 ServicePack: 2.0
21:47:21.0821 4596	Product type: Workstation
21:47:21.0821 4596	ComputerName: 24-01-09-PC
21:47:21.0821 4596	UserName: Karin
21:47:21.0821 4596	Windows directory: C:\Windows
21:47:21.0821 4596	System windows directory: C:\Windows
21:47:21.0821 4596	Processor architecture: Intel x86
21:47:21.0821 4596	Number of processors: 2
21:47:21.0821 4596	Page size: 0x1000
21:47:21.0821 4596	Boot type: Normal boot
21:47:21.0821 4596	============================================================
21:47:23.0113 4596	Initialize success
21:47:36.0038 5088	============================================================
21:47:36.0038 5088	Scan started
21:47:36.0038 5088	Mode: Manual; SigCheck; TDLFS; 
21:47:36.0038 5088	============================================================
21:47:36.0789 5088	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:47:36.0917 5088	ACPI - ok
21:47:37.0095 5088	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:47:37.0118 5088	adp94xx - ok
21:47:37.0166 5088	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:47:37.0181 5088	adpahci - ok
21:47:37.0225 5088	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:47:37.0237 5088	adpu160m - ok
21:47:37.0266 5088	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:47:37.0277 5088	adpu320 - ok
21:47:37.0348 5088	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:47:37.0390 5088	AFD - ok
21:47:37.0421 5088	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:47:37.0432 5088	agp440 - ok
21:47:37.0459 5088	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:47:37.0471 5088	aic78xx - ok
21:47:37.0514 5088	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:47:37.0526 5088	aliide - ok
21:47:37.0555 5088	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:47:37.0566 5088	amdagp - ok
21:47:37.0585 5088	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:47:37.0598 5088	amdide - ok
21:47:37.0622 5088	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:47:37.0649 5088	AmdK7 - ok
21:47:37.0702 5088	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:47:37.0729 5088	AmdK8 - ok
21:47:37.0780 5088	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:47:37.0796 5088	arc - ok
21:47:37.0825 5088	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:47:37.0836 5088	arcsas - ok
21:47:37.0864 5088	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:47:37.0890 5088	AsyncMac - ok
21:47:37.0954 5088	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:47:37.0965 5088	atapi - ok
21:47:38.0038 5088	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
21:47:38.0048 5088	avgio - ok
21:47:38.0094 5088	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
21:47:38.0146 5088	avgntflt - ok
21:47:38.0186 5088	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
21:47:38.0195 5088	avipbb - ok
21:47:38.0254 5088	avmaudio        (728c4a6c722535c16d1025f51aa31e22) C:\Windows\system32\DRIVERS\avmaudio.sys
21:47:38.0265 5088	avmaudio - ok
21:47:38.0289 5088	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:47:38.0317 5088	Beep - ok
21:47:38.0371 5088	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:47:38.0404 5088	blbdrive - ok
21:47:38.0476 5088	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:47:38.0494 5088	bowser - ok
21:47:38.0518 5088	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:47:38.0544 5088	BrFiltLo - ok
21:47:38.0573 5088	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:47:38.0597 5088	BrFiltUp - ok
21:47:38.0654 5088	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:47:38.0702 5088	Brserid - ok
21:47:38.0744 5088	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:47:38.0792 5088	BrSerWdm - ok
21:47:38.0820 5088	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:47:38.0867 5088	BrUsbMdm - ok
21:47:38.0885 5088	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:47:38.0931 5088	BrUsbSer - ok
21:47:38.0965 5088	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:47:39.0014 5088	BTHMODEM - ok
21:47:39.0055 5088	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:47:39.0091 5088	cdfs - ok
21:47:39.0162 5088	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:47:39.0182 5088	cdrom - ok
21:47:39.0222 5088	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:47:39.0246 5088	circlass - ok
21:47:39.0312 5088	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:47:39.0327 5088	CLFS - ok
21:47:39.0353 5088	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:47:39.0386 5088	CmBatt - ok
21:47:39.0404 5088	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:47:39.0414 5088	cmdide - ok
21:47:39.0435 5088	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:47:39.0445 5088	Compbatt - ok
21:47:39.0474 5088	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:47:39.0487 5088	crcdisk - ok
21:47:39.0520 5088	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:47:39.0546 5088	Crusoe - ok
21:47:39.0668 5088	DCamUSBGene     (aea1f84bff5119374450df839a9fd1ba) C:\Windows\system32\DRIVERS\usbgene.sys
21:47:39.0681 5088	DCamUSBGene - ok
21:47:39.0756 5088	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:47:39.0771 5088	DfsC - ok
21:47:39.0859 5088	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:47:39.0873 5088	disk - ok
21:47:39.0929 5088	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:47:39.0949 5088	drmkaud - ok
21:47:40.0012 5088	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:47:40.0037 5088	DXGKrnl - ok
21:47:40.0084 5088	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:47:40.0110 5088	E1G60 - ok
21:47:40.0177 5088	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:47:40.0198 5088	Ecache - ok
21:47:40.0329 5088	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:47:40.0349 5088	elxstor - ok
21:47:40.0386 5088	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:47:40.0415 5088	ErrDev - ok
21:47:40.0497 5088	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:47:40.0512 5088	exfat - ok
21:47:40.0575 5088	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:47:40.0596 5088	fastfat - ok
21:47:40.0619 5088	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:47:40.0644 5088	fdc - ok
21:47:40.0666 5088	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:47:40.0678 5088	FileInfo - ok
21:47:40.0720 5088	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:47:40.0744 5088	Filetrace - ok
21:47:40.0777 5088	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:47:40.0802 5088	flpydisk - ok
21:47:40.0875 5088	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:47:40.0889 5088	FltMgr - ok
21:47:40.0915 5088	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:47:40.0941 5088	Fs_Rec - ok
21:47:40.0978 5088	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:47:40.0988 5088	gagp30kx - ok
21:47:41.0049 5088	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:47:41.0059 5088	GEARAspiWDM - ok
21:47:41.0127 5088	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:47:41.0173 5088	HdAudAddService - ok
21:47:41.0246 5088	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:47:41.0273 5088	HDAudBus - ok
21:47:41.0308 5088	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:47:41.0351 5088	HidBth - ok
21:47:41.0393 5088	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:47:41.0436 5088	HidIr - ok
21:47:41.0552 5088	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:47:41.0573 5088	HidUsb - ok
21:47:41.0629 5088	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:47:41.0641 5088	HpCISSs - ok
21:47:41.0727 5088	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:47:41.0777 5088	HTTP - ok
21:47:41.0843 5088	hwdatacard      (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:47:41.0857 5088	hwdatacard - ok
21:47:41.0892 5088	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:47:41.0907 5088	i2omp - ok
21:47:41.0937 5088	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:47:41.0957 5088	i8042prt - ok
21:47:42.0001 5088	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:47:42.0014 5088	iaStorV - ok
21:47:42.0052 5088	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:47:42.0066 5088	iirsp - ok
21:47:42.0179 5088	IntcAzAudAddService (43f5535aa4d6c75a37f70fb9c561cc9b) C:\Windows\system32\drivers\RTKVHDA.sys
21:47:42.0293 5088	IntcAzAudAddService - ok
21:47:42.0335 5088	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:47:42.0346 5088	intelide - ok
21:47:42.0372 5088	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:47:42.0401 5088	intelppm - ok
21:47:42.0427 5088	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:47:42.0457 5088	IpFilterDriver - ok
21:47:42.0473 5088	IpInIp - ok
21:47:42.0508 5088	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:47:42.0539 5088	IPMIDRV - ok
21:47:42.0576 5088	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:47:42.0606 5088	IPNAT - ok
21:47:42.0628 5088	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:47:42.0658 5088	IRENUM - ok
21:47:42.0688 5088	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:47:42.0698 5088	isapnp - ok
21:47:42.0758 5088	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:47:42.0773 5088	iScsiPrt - ok
21:47:42.0814 5088	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:47:42.0824 5088	iteatapi - ok
21:47:42.0842 5088	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:47:42.0858 5088	iteraid - ok
21:47:42.0887 5088	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:47:42.0897 5088	kbdclass - ok
21:47:42.0920 5088	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
21:47:42.0945 5088	kbdhid - ok
21:47:43.0030 5088	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:47:43.0053 5088	KSecDD - ok
21:47:43.0094 5088	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:47:43.0126 5088	lltdio - ok
21:47:43.0171 5088	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:47:43.0182 5088	LSI_FC - ok
21:47:43.0221 5088	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:47:43.0234 5088	LSI_SAS - ok
21:47:43.0258 5088	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:47:43.0269 5088	LSI_SCSI - ok
21:47:43.0294 5088	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:47:43.0319 5088	luafv - ok
21:47:43.0394 5088	MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
21:47:43.0404 5088	MBAMProtector - ok
21:47:43.0461 5088	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:47:43.0471 5088	megasas - ok
21:47:43.0502 5088	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:47:43.0529 5088	MegaSR - ok
21:47:43.0557 5088	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:47:43.0582 5088	Modem - ok
21:47:43.0616 5088	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:47:43.0641 5088	monitor - ok
21:47:43.0666 5088	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:47:43.0677 5088	mouclass - ok
21:47:43.0704 5088	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:47:43.0733 5088	mouhid - ok
21:47:43.0771 5088	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:47:43.0782 5088	MountMgr - ok
21:47:43.0815 5088	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:47:43.0826 5088	mpio - ok
21:47:43.0851 5088	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:47:43.0878 5088	mpsdrv - ok
21:47:43.0924 5088	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:47:43.0937 5088	Mraid35x - ok
21:47:43.0998 5088	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:47:44.0027 5088	MRxDAV - ok
21:47:44.0097 5088	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:47:44.0116 5088	mrxsmb - ok
21:47:44.0191 5088	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:47:44.0206 5088	mrxsmb10 - ok
21:47:44.0229 5088	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:47:44.0245 5088	mrxsmb20 - ok
21:47:44.0313 5088	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
21:47:44.0324 5088	msahci - ok
21:47:44.0361 5088	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:47:44.0376 5088	msdsm - ok
21:47:44.0399 5088	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:47:44.0426 5088	Msfs - ok
21:47:44.0448 5088	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:47:44.0461 5088	msisadrv - ok
21:47:44.0492 5088	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:47:44.0516 5088	MSKSSRV - ok
21:47:44.0552 5088	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:47:44.0576 5088	MSPCLOCK - ok
21:47:44.0605 5088	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:47:44.0630 5088	MSPQM - ok
21:47:44.0697 5088	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:47:44.0721 5088	MsRPC - ok
21:47:44.0750 5088	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:47:44.0760 5088	mssmbios - ok
21:47:44.0784 5088	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:47:44.0810 5088	MSTEE - ok
21:47:44.0837 5088	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:47:44.0853 5088	Mup - ok
21:47:44.0925 5088	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:47:44.0941 5088	NativeWifiP - ok
21:47:44.0973 5088	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:47:45.0021 5088	NDIS - ok
21:47:45.0063 5088	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:47:45.0084 5088	NdisTapi - ok
21:47:45.0133 5088	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:47:45.0160 5088	Ndisuio - ok
21:47:45.0233 5088	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:47:45.0260 5088	NdisWan - ok
21:47:45.0285 5088	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:47:45.0310 5088	NDProxy - ok
21:47:45.0335 5088	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:47:45.0370 5088	NetBIOS - ok
21:47:45.0447 5088	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:47:45.0469 5088	netbt - ok
21:47:45.0532 5088	netr28          (a0eabf18be01b173648959eba042c7f1) C:\Windows\system32\DRIVERS\netr28.sys
21:47:45.0554 5088	netr28 - ok
21:47:45.0590 5088	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:47:45.0600 5088	nfrd960 - ok
21:47:45.0695 5088	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:47:45.0714 5088	Npfs - ok
21:47:45.0731 5088	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:47:45.0761 5088	nsiproxy - ok
21:47:45.0850 5088	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:47:45.0913 5088	Ntfs - ok
21:47:45.0945 5088	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:47:45.0997 5088	ntrigdigi - ok
21:47:46.0025 5088	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:47:46.0059 5088	Null - ok
21:47:46.0278 5088	nvlddmkm        (cd10cf6c0200a6fe2f9ed9747ba123a1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:47:46.0563 5088	nvlddmkm - ok
21:47:46.0603 5088	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:47:46.0617 5088	nvraid - ok
21:47:46.0657 5088	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:47:46.0674 5088	nvstor - ok
21:47:46.0734 5088	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:47:46.0763 5088	nv_agp - ok
21:47:46.0776 5088	NwlnkFlt - ok
21:47:46.0796 5088	NwlnkFwd - ok
21:47:46.0870 5088	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:47:46.0945 5088	ohci1394 - ok
21:47:46.0997 5088	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:47:47.0047 5088	Parport - ok
21:47:47.0252 5088	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:47:47.0298 5088	partmgr - ok
21:47:47.0421 5088	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:47:47.0478 5088	Parvdm - ok
21:47:47.0504 5088	pccsmcfd - ok
21:47:47.0601 5088	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:47:47.0614 5088	pci - ok
21:47:47.0703 5088	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:47:47.0715 5088	pciide - ok
21:47:47.0767 5088	pcmcia          (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
21:47:47.0780 5088	pcmcia - ok
21:47:47.0844 5088	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:47:47.0944 5088	PEAUTH - ok
21:47:48.0048 5088	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:47:48.0074 5088	PptpMiniport - ok
21:47:48.0117 5088	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:47:48.0146 5088	Processor - ok
21:47:48.0184 5088	Profos - ok
21:47:48.0543 5088	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:47:48.0576 5088	PSched - ok
21:47:48.0869 5088	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:47:48.0981 5088	ql2300 - ok
21:47:49.0303 5088	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:47:49.0319 5088	ql40xx - ok
21:47:49.0857 5088	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:47:49.0887 5088	QWAVEdrv - ok
21:47:49.0923 5088	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:47:49.0976 5088	RasAcd - ok
21:47:50.0008 5088	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:47:50.0038 5088	Rasl2tp - ok
21:47:50.0132 5088	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:47:50.0153 5088	RasPppoe - ok
21:47:50.0696 5088	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:47:50.0721 5088	RasSstp - ok
21:47:50.0893 5088	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:47:50.0930 5088	rdbss - ok
21:47:50.0956 5088	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:47:51.0001 5088	RDPCDD - ok
21:47:51.0050 5088	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:47:51.0096 5088	rdpdr - ok
21:47:51.0110 5088	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:47:51.0157 5088	RDPENCDD - ok
21:47:51.0220 5088	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:47:51.0253 5088	RDPWD - ok
21:47:51.0307 5088	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:47:51.0335 5088	rspndr - ok
21:47:51.0370 5088	RTL8169         (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:47:51.0413 5088	RTL8169 - ok
21:47:51.0443 5088	RTSTOR          (4aa946a1af9759139719f311cd009578) C:\Windows\system32\drivers\RTSTOR.SYS
21:47:51.0470 5088	RTSTOR - ok
21:47:51.0512 5088	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:47:51.0522 5088	sbp2port - ok
21:47:51.0582 5088	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:47:51.0629 5088	secdrv - ok
21:47:51.0662 5088	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:47:51.0713 5088	Serenum - ok
21:47:51.0747 5088	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:47:51.0795 5088	Serial - ok
21:47:51.0825 5088	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:47:51.0854 5088	sermouse - ok
21:47:51.0904 5088	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:47:51.0924 5088	sffdisk - ok
21:47:51.0950 5088	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:47:51.0978 5088	sffp_mmc - ok
21:47:52.0010 5088	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:47:52.0044 5088	sffp_sd - ok
21:47:52.0075 5088	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:47:52.0135 5088	sfloppy - ok
21:47:52.0174 5088	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:47:52.0187 5088	sisagp - ok
21:47:52.0228 5088	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:47:52.0244 5088	SiSRaid2 - ok
21:47:52.0276 5088	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:47:52.0289 5088	SiSRaid4 - ok
21:47:52.0365 5088	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:47:52.0387 5088	Smb - ok
21:47:52.0476 5088	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:47:52.0486 5088	spldr - ok
21:47:52.0547 5088	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:47:52.0574 5088	srv - ok
21:47:52.0616 5088	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:47:52.0662 5088	srv2 - ok
21:47:52.0723 5088	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:47:52.0738 5088	srvnet - ok
21:47:52.0785 5088	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:47:52.0793 5088	ssmdrv - ok
21:47:52.0840 5088	ssm_bus         (df5c19f053eff7f8ba25d73aea899656) C:\Windows\system32\DRIVERS\ssm_bus.sys
21:47:52.0858 5088	ssm_bus - ok
21:47:52.0891 5088	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:47:52.0907 5088	swenum - ok
21:47:52.0947 5088	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:47:52.0957 5088	Symc8xx - ok
21:47:53.0001 5088	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:47:53.0011 5088	Sym_hi - ok
21:47:53.0040 5088	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:47:53.0054 5088	Sym_u3 - ok
21:47:53.0103 5088	SynTP           (be78198c69135ef1fa157e08fd5c90ff) C:\Windows\system32\DRIVERS\SynTP.sys
21:47:53.0114 5088	SynTP - ok
21:47:53.0194 5088	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:47:53.0251 5088	Tcpip - ok
21:47:53.0306 5088	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:47:53.0356 5088	Tcpip6 - ok
21:47:53.0415 5088	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:47:53.0442 5088	tcpipreg - ok
21:47:53.0485 5088	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:47:53.0510 5088	TDPIPE - ok
21:47:53.0544 5088	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:47:53.0571 5088	TDTCP - ok
21:47:53.0630 5088	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:47:53.0652 5088	tdx - ok
21:47:53.0796 5088	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:47:53.0812 5088	TermDD - ok
21:47:53.0872 5088	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:47:53.0904 5088	tssecsrv - ok
21:47:53.0982 5088	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
21:47:53.0996 5088	TuneUpUtilitiesDrv - ok
21:47:54.0027 5088	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:47:54.0064 5088	tunmp - ok
21:47:54.0103 5088	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:47:54.0118 5088	tunnel - ok
21:47:54.0149 5088	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:47:54.0160 5088	uagp35 - ok
21:47:54.0216 5088	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:47:54.0239 5088	udfs - ok
21:47:54.0297 5088	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:47:54.0308 5088	uliagpkx - ok
21:47:54.0351 5088	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:47:54.0365 5088	uliahci - ok
21:47:54.0400 5088	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:47:54.0412 5088	UlSata - ok
21:47:54.0445 5088	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:47:54.0456 5088	ulsata2 - ok
21:47:54.0502 5088	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:47:54.0532 5088	umbus - ok
21:47:54.0556 5088	upperdev - ok
21:47:54.0623 5088	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:47:54.0658 5088	USBAAPL - ok
21:47:54.0721 5088	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:47:54.0754 5088	usbccgp - ok
21:47:54.0784 5088	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:47:54.0845 5088	usbcir - ok
21:47:54.0913 5088	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:47:54.0933 5088	usbehci - ok
21:47:54.0970 5088	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:47:55.0003 5088	usbhub - ok
21:47:55.0045 5088	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:47:55.0092 5088	usbohci - ok
21:47:55.0151 5088	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:47:55.0180 5088	usbprint - ok
21:47:55.0225 5088	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:47:55.0253 5088	USBSTOR - ok
21:47:55.0295 5088	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:47:55.0317 5088	usbuhci - ok
21:47:55.0326 5088	uxddrv - ok
21:47:55.0374 5088	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:47:55.0403 5088	vga - ok
21:47:55.0440 5088	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:47:55.0468 5088	VgaSave - ok
21:47:55.0497 5088	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:47:55.0508 5088	viaagp - ok
21:47:55.0548 5088	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:47:55.0573 5088	ViaC7 - ok
21:47:55.0606 5088	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:47:55.0617 5088	viaide - ok
21:47:55.0641 5088	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:47:55.0652 5088	volmgr - ok
21:47:55.0732 5088	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:47:55.0751 5088	volmgrx - ok
21:47:55.0828 5088	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:47:55.0846 5088	volsnap - ok
21:47:55.0881 5088	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:47:55.0897 5088	vsmraid - ok
21:47:55.0943 5088	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:47:55.0987 5088	WacomPen - ok
21:47:56.0015 5088	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:47:56.0044 5088	Wanarp - ok
21:47:56.0051 5088	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:47:56.0071 5088	Wanarpv6 - ok
21:47:56.0103 5088	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:47:56.0114 5088	Wd - ok
21:47:56.0154 5088	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:47:56.0177 5088	Wdf01000 - ok
21:47:56.0294 5088	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
21:47:56.0317 5088	WmiAcpi - ok
21:47:56.0391 5088	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:47:56.0404 5088	WpdUsb - ok
21:47:56.0435 5088	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:47:56.0469 5088	ws2ifsl - ok
21:47:56.0512 5088	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:47:56.0543 5088	WUDFRd - ok
21:47:56.0660 5088	{49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\HomeCinema\PlayMovie\000.fcl
21:47:56.0672 5088	{49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
21:47:56.0737 5088	{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD8\000.fcl
21:47:56.0748 5088	{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
21:47:56.0776 5088	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:47:56.0893 5088	\Device\Harddisk0\DR0 - ok
21:47:56.0897 5088	Boot (0x1200)   (f2a7f679bdfe6896d0c41aabe5ad6574) \Device\Harddisk0\DR0\Partition0
21:47:56.0899 5088	\Device\Harddisk0\DR0\Partition0 - ok
21:47:56.0922 5088	Boot (0x1200)   (236600d6496174a9f1b634cc8041c2d6) \Device\Harddisk0\DR0\Partition1
21:47:56.0922 5088	\Device\Harddisk0\DR0\Partition1 - ok
21:47:56.0924 5088	============================================================
21:47:56.0924 5088	Scan finished
21:47:56.0924 5088	============================================================
21:47:56.0941 4792	Detected object count: 0
21:47:56.0941 4792	Actual detected object count: 0
         

Alt 10.12.2011, 01:12   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.BHO und anderes lustiges Zeugs - Standard

Trojan.BHO und anderes lustiges Zeugs



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.12.2011, 16:22   #11
ellacacau
 
Trojan.BHO und anderes lustiges Zeugs - Standard

Trojan.BHO und anderes lustiges Zeugs



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-12-10.01 - Karin 11.12.2011  15:41:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1762 [GMT 1:00]
ausgeführt von:: c:\users\Karin\Desktop\ComboFix.exe
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Karin\bass.dll
c:\users\Karin\EULA.txt
c:\users\Karin\Unwise.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-11 bis 2011-12-11  ))))))))))))))))))))))))))))))
.
.
2011-12-11 14:49 . 2011-12-11 14:49	--------	d-----w-	c:\users\Karin\AppData\Local\temp
2011-12-11 14:49 . 2011-12-11 14:49	--------	d-----w-	c:\users\Hardy\AppData\Local\temp
2011-12-11 14:49 . 2011-12-11 14:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-09 20:20 . 2011-11-21 10:47	6823496	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{844B71AF-9DD9-49CD-8941-43B5DA35F9A2}\mpengine.dll	ERROR(0x00000005)
2011-12-06 19:43 . 2011-12-06 19:43	--------	d-----w-	C:\_OTL
2011-12-01 20:14 . 2011-12-01 20:15	--------	d-----w-	c:\users\Karin\AppData\Local\FreePDF_XP
2011-12-01 20:11 . 2010-06-17 20:56	45056	----a-w-	c:\windows\system32\unredmon.exe
2011-12-01 20:11 . 2010-06-17 20:56	116224	----a-w-	c:\windows\system32\redmonnt.dll
2011-12-01 20:10 . 2011-12-01 20:10	--------	d-----w-	c:\users\Karin\AppData\Roaming\FreePDF
2011-12-01 20:10 . 2011-12-01 20:10	--------	d-----w-	c:\program files\FreePDF_XP
2011-12-01 20:10 . 2011-12-01 20:10	--------	d-----w-	c:\program files\gs
2011-12-01 18:05 . 2011-12-01 18:05	--------	d-----w-	c:\users\Karin\AppData\Local\Mozilla
2011-12-01 17:34 . 2011-12-01 17:34	--------	d-----w-	c:\program files\TeamViewer
2011-11-29 09:14 . 2011-11-29 09:14	--------	d-----w-	c:\program files\ESET
2011-11-29 08:50 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-29 08:50 . 2011-11-29 08:50	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-11-23 22:02 . 2011-11-23 22:07	1660	----a-w-	c:\windows\system32\ASOROSet.bin
2011-11-23 21:35 . 2011-11-23 22:03	--------	d-----w-	c:\users\Karin\AppData\Roaming\Systweak
2011-11-23 21:35 . 2011-07-07 12:26	17280	----a-w-	c:\windows\system32\roboot.exe
2011-11-23 19:30 . 2011-11-23 19:30	--------	d-----w-	c:\users\Karin\AppData\Roaming\Malwarebytes
2011-11-20 18:20 . 2011-11-20 18:20	--------	d-----w-	c:\users\Karin\Payback
2011-11-20 16:19 . 2000-01-14 16:17	45328	----a-w-	c:\program files\Common Files\Microsoft Shared\Replication Manager 4.0\mstran40.exe
2011-11-20 16:19 . 2000-07-14 18:02	74000	----a-w-	c:\program files\Common Files\Microsoft Shared\Replication Manager 4.0\msrpfs40.dll
2011-11-20 16:19 . 2000-01-14 16:22	37136	----a-w-	c:\program files\Common Files\Microsoft Shared\Replication Manager 4.0\mstrai40.exe
2011-11-20 16:17 . 2011-11-20 16:17	--------	d-----w-	c:\program files\Business Objects
2011-11-20 16:17 . 2011-11-20 16:17	--------	d-----w-	c:\program files\Common Files\StarFinanz
2011-11-20 16:17 . 2011-12-05 17:27	--------	d-----w-	c:\program files\StarMoney 7.0
2011-11-19 18:07 . 2011-11-19 18:07	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-11-19 18:07 . 2011-11-19 18:07	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-11-19 18:07 . 2011-11-19 18:07	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-11-19 18:07 . 2011-11-19 18:07	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-11-19 18:07 . 2011-11-19 18:07	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-11-19 18:07 . 2011-11-19 18:07	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-11-19 18:07 . 2011-11-19 18:07	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-11-19 18:06 . 2011-11-19 18:07	--------	d-----w-	c:\program files\QuickTime
2011-11-19 17:45 . 2011-11-19 17:45	--------	d-----w-	c:\program files\iPod
2011-11-19 17:45 . 2011-11-19 17:46	--------	d-----w-	c:\program files\iTunes
2011-11-19 17:08 . 2011-11-19 17:08	--------	d-----w-	c:\program files\Bonjour
2011-11-19 16:04 . 2011-11-15 07:53	21312	----a-w-	c:\windows\system32\authuitu.dll
2011-11-19 16:04 . 2011-11-15 07:52	30016	----a-w-	c:\windows\system32\uxtuneup.dll
2011-11-19 15:14 . 2011-10-17 11:41	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-11-19 15:06 . 2011-09-20 21:02	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-19 15:04 . 2011-09-30 15:57	707584	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-16 11:37 . 2011-11-16 11:37	--------	d-----w-	C:\MQAReport_q
2011-11-16 09:19 . 2011-11-16 09:19	--------	d-----w-	c:\program files\Common Files\CyberLink
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2008-12-09 10:25	6823496	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll	ERROR(0x00000005)
2011-11-19 16:57 . 2011-06-21 08:14	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-16 09:18 . 2008-12-09 07:05	29480	----a-w-	c:\windows\system32\msxml3a.dll
2011-11-15 07:56 . 2010-03-31 15:00	30528	----a-w-	c:\windows\system32\TURegOpt.exe
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-10-03 04:06 . 2010-12-07 12:18	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-09-24 09:42 . 2011-09-24 09:42	161792	----a-w-	c:\windows\system32\msls31.dll
2011-09-24 09:42 . 2011-09-24 09:42	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-09-24 09:42 . 2011-09-24 09:42	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-09-24 09:42 . 2011-09-24 09:42	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-09-24 09:42 . 2011-09-24 09:42	86528	----a-w-	c:\windows\system32\iesysprep.dll
2011-09-24 09:42 . 2011-09-24 09:42	63488	----a-w-	c:\windows\system32\tdc.ocx
2011-09-24 09:42 . 2011-09-24 09:42	367104	----a-w-	c:\windows\system32\html.iec
2011-09-24 09:42 . 2011-09-24 09:42	74752	----a-w-	c:\windows\system32\iesetup.dll
2011-09-24 09:42 . 2011-09-24 09:42	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-09-24 09:42 . 2011-09-24 09:42	23552	----a-w-	c:\windows\system32\licmgr10.dll
2011-09-24 09:42 . 2011-09-24 09:42	152064	----a-w-	c:\windows\system32\wextract.exe
2011-09-24 09:42 . 2011-09-24 09:42	150528	----a-w-	c:\windows\system32\iexpress.exe
2011-09-24 09:42 . 2011-09-24 09:42	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-09-24 09:42 . 2011-09-24 09:42	35840	----a-w-	c:\windows\system32\imgutil.dll
2011-09-24 09:42 . 2011-09-24 09:42	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2011-09-24 09:42 . 2011-09-24 09:42	11776	----a-w-	c:\windows\system32\mshta.exe
2011-09-24 09:42 . 2011-09-24 09:42	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-09-24 09:42 . 2011-09-24 09:42	101888	----a-w-	c:\windows\system32\admparse.dll
2011-11-21 04:21 . 2011-12-01 18:05	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-03-18 12:50	154728	----a-w-	c:\programdata\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-25 6691360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-29 13560352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-29 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1328424]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-11-25 1833504]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"rfxsrvtray"="c:\program files\Tobit Radio.fx\Client\rfx-tray.exe"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\HomeCinema\PlayMovie\PMVService.exe"
"Google EULA Launcher"=c:\program files\Google\Google EULA\GoogleEULALauncher.exe GE
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"OrderReminder"=c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe
"Skytel"=c:\program files\Realtek\Audio\HDA\Skytel.exe
"sclauncher"=c:\program files\SimpleCenter\bin\win\sclauncher.exe
"UpdatePDRShortCut"="c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files\HomeCinema\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe"
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9a4796d5c8be2;Google Update Service (gupdate1c9a4796d5c8be2);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 133104]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 133104]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 uxddrv;Dynamically loaded UxdDrv;f:\mqa_nb_ quick\uxddrv86.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/03/06 17:11];c:\program files\HomeCinema\PlayMovie\000.fcl [2009-09-14 11:39 87536]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/11/16 10:19];c:\program files\CyberLink\PowerDVD8\000.fcl [2009-08-28 17:36 87536]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-04 136360]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [2011-11-18 3673944]
S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2011-11-15 1052480]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2011-08-11 101248]
S3 DCamUSBGene;Genesys Logic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2008-10-02 175360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-09-25 436224]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-03-23 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 07:49]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 07:49]
.
2011-12-11 c:\windows\Tasks\User_Feed_Synchronization-{86E5CCA8-6AC9-493A-B5A9-4366879E2D22}.job
- c:\windows\system32\msfeedssync.exe [2011-09-24 09:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.msn.de/
IE: Free YouTube to MP3 Converter - c:\users\Karin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {{4840E489-677C-4a08-A1B5-FFAF5196531E} - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} -
TCP: DhcpNameServer = 192.168.178.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\q7557nvl.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file)
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-11 15:49
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-12-11  15:52:11
ComboFix-quarantined-files.txt  2011-12-11 14:51
.
Vor Suchlauf: 17 Verzeichnis(se), 201.078.042.624 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 201.010.606.080 Bytes frei
.
- - End Of File - - B70555340216F33EC714FE808964BC32
         
--- --- ---

Alt 12.12.2011, 11:11   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.BHO und anderes lustiges Zeugs - Standard

Trojan.BHO und anderes lustiges Zeugs



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.12.2011, 19:56   #13
ellacacau
 
Trojan.BHO und anderes lustiges Zeugs - Standard

Trojan.BHO und anderes lustiges Zeugs



[code]
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-13 20:58:49
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: rrcpedb8.exe; Driver: C:\Users\Karin\AppData\Local\Temp\pwldykog.sys


---- System - GMER 1.0.15 ----

SSDT            8C16B0F6                                                                                              ZwCreateSection
SSDT            8C16B0FB                                                                                              ZwSetContextThread
SSDT            8C16B097                                                                                              ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                         820E2998 4 Bytes  [F6, B0, 16, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                         820E2CF0 4 Bytes  [FB, B0, 16, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                         820E2DA4 4 Bytes  [97, B0, 16, 8C]
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                              section is writeable [0x8E600320, 0x3F7257, 0xE8000020]
.text           C:\Program Files\HomeCinema\PlayMovie\000.fcl                                                         section is writeable [0x9D902000, 0x2892, 0xE8000020]
.vmp2           C:\Program Files\HomeCinema\PlayMovie\000.fcl                                                         entry point in ".vmp2" section [0x9D925050]
.text           C:\Program Files\CyberLink\PowerDVD8\000.fcl                                                          section is writeable [0x9D902000, 0x2892, 0xE8000020]
.vmp2           C:\Program Files\CyberLink\PowerDVD8\000.fcl                                                          entry point in ".vmp2" section [0x9D925050]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\Explorer.EXE[808] SHELL32.dll!SHCoCreateInstance + 657                                     76A21B20 8 Bytes  [E0, 10, 60, 19, 00, 11, 60, ...] {LOOPNZ 0x12; PUSHA ; SBB [EAX], EAX; ADC [EAX+0x19], ESP}
.text           C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe[2608] kernel32.dll!SetUnhandledExceptionFilter  764CA8C5 5 Bytes  JMP 00641870 C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                  [74767817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                   [747BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]               [7476BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]         [7475F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                   [747675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                [7475E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]    [74798395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]       [7476DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]               [7475FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                [7475FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                 [747571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]         [747ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]            [7478C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]               [7475D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                         [74756853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                        [7475687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]           [74762AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                               Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                               Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- ---



OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:19:33 on 13.12.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Karin\AppData\Local\Temp\catchme.sys  (File not found)
"Dynamically loaded UxdDrv" (uxddrv) - ? - F:\MQA_NB_ Quick\uxddrv86.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\Windows\System32\DRIVERS\pccsmcfd.sys  (File not found)
"Profos" (Profos) - ? - C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys  (File not found)
"pwldykog" (pwldykog) - ? - C:\Users\Karin\AppData\Local\Temp\pwldykog.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
"upperdev" (upperdev) - ? - C:\Windows\System32\DRIVERS\usbser_lowerflt.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\OFFICE11\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "Zylom Games Player" - "Zylom Games" - C:\Windows\Downloaded Program Files\zylomgamesplayer.dll / hxxp://game.zylom.com/activex/zylomgamesplayer.cab
{80AEEC0E-A2BE-4B8D-985F-350FE869DC40} "{80AEEC0E-A2BE-4B8D-985F-350FE869DC40}" - ? -   (File not found | COM-object registry key not found) / hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4  (HTTP value)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{9613CB43-EA4C-48b5-878D-13DFE1818EFE} "PAYBACK Toolbar" - ? -   (File not found | COM-object registry key not found)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{17166733-40EA-4432-A85C-AE672FF0E236} "WEB.DE Konfiguration" - "1&1 Mail & Media GmbH" - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BDRegion" - "cyberlink" - C:\Program Files\Cyberlink\Shared Files\brs.exe
"FreePDF Assistant" - "shbox.de" - "C:\Program Files\FreePDF_XP\fpassist.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"OrderReminder" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll
"HPLJ1018LM" - "Zenographics, Inc." - C:\Windows\system32\ZLhp1018.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
"Google Update Service (gupdate1c9a4796d5c8be2)" (gupdate1c9a4796d5c8be2) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"Radio.fx Server" (Radio.fx) - ? - C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
"StarMoney 7.0 OnlineUpdate" (StarMoney 7.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
"UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Windows Live Setup Service" (WLSetupSvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-14 19:07:55
-----------------------------
19:07:55.251    OS Version: Windows 6.0.6002 Service Pack 2
19:07:55.252    Number of processors: 2 586 0xF0D
19:07:55.253    ComputerName: 24-01-09-PC  UserName: Karin
19:07:57.184    Initialize success
19:08:08.492    AVAST engine defs: 11121302
19:13:30.339    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
19:13:30.342    Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3
19:13:32.364    Disk 0 MBR read successfully
19:13:32.367    Disk 0 MBR scan
19:13:32.372    Disk 0 Windows VISTA default MBR code
19:13:32.377    Disk 0 scanning sectors +625139712
19:13:32.553    Disk 0 scanning C:\Windows\system32\drivers
19:13:44.519    Service scanning
19:13:45.977    Modules scanning
19:14:02.965    Disk 0 trace - called modules:
19:14:03.018    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 
19:14:03.021    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85efe870]
19:14:03.025    3 CLASSPNP.SYS[8a39d8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x857248a0]
19:14:04.684    AVAST engine scan C:\Windows
19:14:10.588    AVAST engine scan C:\Windows\system32
19:16:46.894    AVAST engine scan C:\Windows\system32\drivers
19:17:01.103    AVAST engine scan C:\Users\Karin
19:31:11.941    AVAST engine scan C:\ProgramData
19:33:49.607    Scan finished successfully
19:50:20.829    Disk 0 MBR has been saved successfully to "C:\Users\Karin\Documents\MBR.dat"
19:50:20.834    The log file has been saved successfully to "C:\Users\Karin\Documents\aswMBR.txt"
19:51:30.781    Disk 0 MBR has been saved successfully to "C:\Users\Karin\Desktop\MBR.dat"
19:51:30.859    The log file has been saved successfully to "C:\Users\Karin\Desktop\aswMBR.txt"
         

Geändert von ellacacau (14.12.2011 um 20:05 Uhr)

Alt 15.12.2011, 11:02   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.BHO und anderes lustiges Zeugs - Standard

Trojan.BHO und anderes lustiges Zeugs



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Trojan.BHO und anderes lustiges Zeugs
0x00000001, antivir, autorun, avira, bonjour, converter, desktop, ebay, error, excel, excel.exe, fehler, flash player, format, google chrome, google earth, home, iexplore.exe, install.exe, intranet, logfile, netzwerk, nvlddmkm.sys, pdfforge toolbar, realtek, registry, rundll, security, server, shell32.dll, software, starmoney, svchost.exe, udp, usb 2.0, version=1.0, vista



Ähnliche Themen: Trojan.BHO und anderes lustiges Zeugs


  1. Windows Vista: Adware und anderes Zeugs
    Plagegeister aller Art und deren Bekämpfung - 12.12.2014 (37)
  2. Infektion mit Trojan.Agent.SVR, SearchProtectA und anderes
    Log-Analyse und Auswertung - 03.10.2014 (13)
  3. Win7 Wie werde ich einen Trojan.Zaccess und anderes los?
    Log-Analyse und Auswertung - 26.08.2013 (11)
  4. Backdoor Trojan Generic und laut malwarebyte noch einiges anderes
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (18)
  5. Exploit.Drop.UR.2 - Hartnäckig das Zeugs, muss bis Morgen Abend meine Hausarbeit schreiben...
    Log-Analyse und Auswertung - 03.10.2012 (1)
  6. Windows XP Recovery -Zeugs
    Plagegeister aller Art und deren Bekämpfung - 11.06.2011 (33)
  7. Dropper und Zeugs
    Plagegeister aller Art und deren Bekämpfung - 12.04.2009 (10)
  8. TR/Crypt.XPACK.Gen und anderes Zeugs - hab HJT-Log und brauche Hilfe
    Log-Analyse und Auswertung - 29.03.2009 (1)
  9. Heur.Invader, Trojan.Win32.Inject.mf oder was ganz anderes?
    Log-Analyse und Auswertung - 15.07.2008 (10)
  10. Trojaner/Viren etc -- W32/Autorun-H + anderes Zeugs
    Plagegeister aller Art und deren Bekämpfung - 13.07.2008 (13)
  11. Trojan-Clicker.Win32.Small.ja und anderes
    Mülltonne - 02.07.2008 (4)
  12. Trojan Vundo und anderes
    Log-Analyse und Auswertung - 29.02.2008 (14)
  13. ich binz ma wieder hier =( mit so nem Trojaner zeugs aufn pc =(
    Plagegeister aller Art und deren Bekämpfung - 02.06.2005 (6)
  14. Mal was lustiges für 1.6 :D
    Archiv - 04.02.2003 (5)

Zum Thema Trojan.BHO und anderes lustiges Zeugs - Hallo, Code: Alles auswählen Aufklappen ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8226 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 23.11.2011 20:50:58 mbam-log-2011-11-23 (20-50-58).txt Art des Suchlaufs: Quick-Scan Durchsuchte - Trojan.BHO und anderes lustiges Zeugs...
Archiv
Du betrachtest: Trojan.BHO und anderes lustiges Zeugs auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.