Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA Trojaner - UKash Aufforderung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.12.2011, 19:13   #1
Oldive
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Moin !

Ich hatte ein gesperrtes System und die angebliche Aufforderung des BKA, 100.- € zu zahlen. Weder Neustart noch ein Hochfahren des Computers mit eingeschränkten Rechten funktionierte.

Nach Erstellen einer Rescue-Disc von Avira konnten drei Dateien entfernt werden, seitdem komme ich auf die Windows Ebene. Ein kompletter Scan mit Avira zeigte keinen Befall mehr.

Auf Eure Seite aufmerksam gemacht, habe ich nun das empfohlene Programm von Malware Bytes laufen lassen und der letzte komplette Scan hat nichts mehr angezeigt.

Durch die anderen threads bin ich jedoch unsicher, ob mein Sytem wirklich "sauber" ist. Ich habe versucht, Eurer Anleitung zu folgen und die drei geforderten Log-Dateien erstellt. Ich versuche nun, diese zu posten und bitte um Überprüfung, ob ich weitere Schritte unternehmen muss.

Besten Dank im Voraus. Eure Seiten sind eine echte Hilfe !!!

Viele Grüße
Oldive

Hier die OTL-Datei:

OTL logfile created on: 19.12.2011 18:14:47 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michael\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 64,76% Memory free
6,71 Gb Paging File | 5,51 Gb Available in Paging File | 82,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,51 Gb Total Space | 518,95 Gb Free Space | 56,93% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,92 Gb Free Space | 44,63% Space Free | Partition Type: FAT32

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.12.19 18:09:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2011.11.11 09:44:32 | 012,210,176 | ---- | M] (SugarSync, Inc.) -- C:\Programme\SugarSync\SugarSyncManager.exe
PRC - [2011.09.16 15:51:28 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.09.16 15:48:46 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.09.14 14:48:20 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Programme\Cyberlink\PowerDVD11\PDVD11Serv.exe
PRC - [2011.08.26 07:00:22 | 000,292,136 | ---- | M] (CyberLink) -- C:\Programme\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
PRC - [2011.08.26 07:00:19 | 000,075,048 | ---- | M] (CyberLink) -- C:\Programme\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011.08.24 02:13:43 | 000,083,240 | ---- | M] () -- C:\Programme\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011.08.23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.07.01 22:26:59 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.05.16 14:58:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Programme\Cyberlink\Shared files\brs.exe
PRC - [2011.03.28 15:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.07.23 13:13:08 | 000,931,080 | ---- | M] (Raxco Software, Inc.) -- C:\Programme\Raxco\PerfectDisk10\PDAgent.exe
PRC - [2009.07.15 09:08:24 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.10.08 23:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.08 23:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2011.05.10 17:12:22 | 007,446,528 | ---- | M] () -- C:\Programme\SugarSync\QtGui4.dll
MOD - [2011.05.10 17:12:22 | 002,027,520 | ---- | M] () -- C:\Programme\SugarSync\QtCore4.dll
MOD - [2011.05.10 17:12:22 | 000,671,744 | ---- | M] () -- C:\Programme\SugarSync\QtNetwork4.dll
MOD - [2011.05.10 17:12:22 | 000,364,544 | ---- | M] () -- C:\Programme\SugarSync\QtXml4.dll
MOD - [2007.03.28 17:29:00 | 000,147,456 | ---- | M] () -- C:\Programme\Steganos Safe 2007\ShellExtension.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Boonty Games)
SRV - [2011.09.16 15:48:46 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.09.16 15:44:28 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.08.26 07:00:22 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.08.26 07:00:19 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011.08.24 02:13:43 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Programme\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011.07.01 22:26:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.13 16:28:55 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.07.23 13:13:12 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009.07.23 13:13:08 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2009.07.15 09:08:24 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.05.17 21:04:00 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.08 23:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2011.08.25 13:06:52 | 000,077,296 | ---- | M] (CyberLink Corp.) [2011/11/05 14:42:40] [Kernel | Auto | Running] -- C:\Programme\Cyberlink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.08.24 02:13:44 | 000,071,664 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys -- (ntk_PowerDVD)
DRV - [2011.07.01 22:27:01 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 22:27:01 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.29 19:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.07.10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.12.12 00:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.07.15 09:08:24 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.06.12 18:29:33 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009.06.08 09:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009.05.05 22:37:52 | 000,026,216 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008.12.09 14:26:50 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.09.21 08:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.07.03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007.07.03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007.07.03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007.02.21 12:33:54 | 000,080,232 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\sleen15.sys -- (SLEE_15_DRIVER)
DRV - [2005.12.01 09:49:22 | 000,023,600 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\drhard.sys -- (drhard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/|hxxp://www.gmx.net/|hxxp://eu.battle.net/wow/de/|hxxp://www.aol.de/|hxxp://www.gut-uhlenhorst.de/|hxxp://golf.de/publish/home.html|hxxp://www.mygolf.de/forum/index.cfm?sq=13707258|hxxp://www.lohersand.de/"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..extensions.enabledItems: verify-u@cybits.de:1.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.09.22 13:37:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.12.01 19:30:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.10 16:26:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.10 16:26:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.10 16:26:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.01 19:30:03 | 000,000,000 | ---D | M]

[2009.06.09 17:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions
[2011.12.14 21:31:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\qwg3d7r0.default\extensions
[2011.02.11 16:47:56 | 000,000,000 | ---D | M] ([verify-U]-AVS) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\qwg3d7r0.default\extensions\verify-u@cybits.de
[2011.12.16 09:23:06 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-1.xml
[2009.04.02 07:30:18 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-10.xml
[2009.04.23 17:58:48 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-11.xml
[2009.04.29 07:08:48 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-12.xml
[2009.06.15 20:49:28 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-13.xml
[2009.07.25 22:35:30 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-14.xml
[2010.10.23 06:48:23 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-15.xml
[2010.10.29 06:30:27 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-16.xml
[2010.12.12 12:04:06 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-17.xml
[2008.04.17 15:44:20 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-2.xml
[2008.07.08 06:59:32 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-3.xml
[2008.07.12 09:52:42 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-4.xml
[2008.07.18 11:09:04 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-5.xml
[2008.11.15 12:33:58 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-6.xml
[2008.12.22 20:12:54 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-7.xml
[2009.02.07 19:52:18 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-8.xml
[2009.03.06 23:25:40 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-9.xml
[2008.02.19 17:16:46 | 000,000,951 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin.xml
[2011.11.10 21:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.08.16 08:02:03 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009.06.25 07:54:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.11.10 21:56:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.12 20:11:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.12 20:11:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.12 20:11:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.12 20:11:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.12 20:11:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.12 20:11:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Programme\GamesBar\2.0.1.78\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Programme\GamesBar\2.0.1.78\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl11] C:\Programme\Cyberlink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Users/Michael/Desktop/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///C:/Users/Michael/Desktop/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} hxxp://www.cyberlink.com/prog/aacs/UpdateAdvisor.cab (CUpdateAdvisorCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F18B27DE-BDCE-4084-B7BD-16EEBD280B7F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Michael\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Michael\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4a9996dc-6143-11de-9098-00242178b75b}\Shell\AutoRun\command - "" = explorer.exe START.html
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {99B168DE-8DA4-6F22-BA9D-459F4388269B} - LightScribe Control Panel
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F06E315C-7414-9D2F-F43D-B03C6F9A869B} - Internet Explorer
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.12.19 18:09:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011.12.17 10:21:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2011.12.17 10:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.17 10:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.17 10:21:08 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.17 10:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.10 16:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.12.10 16:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.12.10 16:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.10 16:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.12.10 16:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.11.24 22:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.12.19 18:09:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011.12.19 18:07:16 | 000,000,000 | ---- | M] () -- C:\Users\Michael\defogger_reenable
[2011.12.19 18:05:17 | 000,050,477 | ---- | M] () -- C:\Users\Michael\Desktop\Defogger.exe
[2011.12.19 17:21:04 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.19 17:21:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.19 16:49:10 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.19 16:49:10 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.19 16:49:10 | 000,127,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.19 16:49:10 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.19 16:45:41 | 000,037,109 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.19 16:45:41 | 000,037,109 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.19 16:43:35 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.19 16:43:35 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.19 16:43:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.19 16:43:27 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.17 10:21:12 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.16 22:57:38 | 000,480,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.16 09:14:09 | 000,002,631 | ---- | M] () -- C:\Users\Michael\Desktop\Microsoft Office Word 2007.lnk
[2011.12.15 17:39:37 | 000,002,633 | ---- | M] () -- C:\Users\Michael\Desktop\Microsoft Office Excel 2007.lnk
[2011.12.10 16:26:47 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.12.10 16:25:26 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011.12.10 16:24:10 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.28 10:05:05 | 000,000,680 | ---- | M] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2011.11.28 10:03:10 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.11.24 22:23:06 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.12.19 18:07:16 | 000,000,000 | ---- | C] () -- C:\Users\Michael\defogger_reenable
[2011.12.19 18:06:34 | 000,050,477 | ---- | C] () -- C:\Users\Michael\Desktop\Defogger.exe
[2011.12.17 10:21:12 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.10 16:26:47 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.12.10 16:24:10 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.24 22:23:06 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.10.25 09:02:59 | 000,074,223 | ---- | C] () -- C:\Windows\hpqins16.dat
[2010.09.04 13:06:17 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010.02.08 17:30:00 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2010.02.03 13:48:40 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.02.03 13:48:40 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.10.04 22:52:25 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.10.04 22:52:09 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.07.08 06:51:08 | 000,000,680 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2009.06.18 16:58:56 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.06.18 16:58:56 | 000,022,328 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\PnkBstrK.sys
[2009.06.18 16:58:24 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.06.18 16:58:23 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.06.18 16:58:23 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.06.17 18:15:57 | 003,211,264 | ---- | C] () -- C:\Program Files\Common FilesDDBACSetup.msi
[2009.06.09 17:38:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.06.09 17:36:36 | 000,054,272 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.09 17:21:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.09 17:21:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.04.02 14:28:23 | 000,000,030 | ---- | C] () -- C:\Windows\System32\drivers\version.dat
[2009.03.26 01:13:21 | 000,632,014 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.03.26 01:13:21 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.03.26 01:13:21 | 000,127,258 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.03.26 01:13:21 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.03.25 17:07:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.02 19:10:14 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2009.02.02 19:08:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2009.02.02 19:08:22 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,480,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,598,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,716 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.07.13 07:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI

========== LOP Check ==========

[2010.10.31 07:08:39 | 000,000,000 | -HSD | M] -- C:\Users\Michael\AppData\Roaming\.#
[2011.01.08 09:13:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.minecraft
[2009.06.12 18:38:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Acronis
[2010.12.11 18:54:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Amazon
[2011.11.10 18:44:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BeachBlox
[2009.06.17 18:39:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DataDesign
[2011.12.19 16:46:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2010.10.26 15:47:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2010.10.26 15:48:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.02.08 17:29:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\iolo
[2009.06.17 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Lexware
[2010.01.11 19:24:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\MAGIX
[2010.12.01 19:32:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia
[2010.11.22 10:06:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia Ovi Suite
[2011.01.09 10:08:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Oberon Media
[2009.06.17 11:45:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PC Suite
[2010.12.23 17:26:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ProtectDisc
[2010.02.03 13:48:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Samsung
[2010.12.02 10:22:42 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SoftGrid Client
[2009.09.28 07:56:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SoundSpectrum
[2009.06.11 18:27:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Steganos
[2010.10.18 10:01:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\STRATO
[2009.06.12 20:12:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\The Games Company
[2009.06.09 17:39:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\thunderbird
[2010.11.24 17:50:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TP
[2011.02.19 10:35:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TuneUp Software
[2010.05.30 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ubisoft
[2010.12.19 11:57:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Uniblue
[2010.05.03 17:37:06 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Unity
[2011.12.19 07:54:47 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2009.06.09 07:52:26 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.06.09 17:31:19 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.12.16 07:11:57 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.06.09 07:48:33 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.04 20:30:45 | 000,000,000 | ---D | M] -- C:\gPotato.eu
[2010.02.08 18:10:41 | 000,000,000 | -HSD | M] -- C:\INCINERATE
[2011.12.10 16:11:07 | 000,000,000 | ---D | M] -- C:\iPhone Backup Switch
[2009.04.02 15:39:59 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.04.22 15:14:47 | 000,000,000 | ---D | M] -- C:\MyWorks
[2010.03.29 09:28:19 | 000,000,000 | ---D | M] -- C:\New Folder
[2009.07.12 08:52:25 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.12.17 10:21:08 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.17 10:21:11 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.06.09 07:48:33 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.12.19 18:16:33 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.06.09 07:52:09 | 000,000,000 | R--D | M] -- C:\Users
[2009.06.27 08:39:50 | 000,000,000 | ---D | M] -- C:\Vistakompatibel
[2011.11.28 19:44:54 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]


< MD5 for: AFD.SYS >
[2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011.04.21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008.01.21 03:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009.04.11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011.04.21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: EXPLORER.EXE >
[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.03.11 15:41:13 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.03.11 15:41:12 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-18 17:52:02

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 2560 bytes -> C:\ProgramData\CLDShowX.ini:Update.CL

< End of report >



Wie ich das gezippte File hochladen muss, kann ich nicht erkennen... Es sieht hier anders aus, als in den Anleitungen ! Ich versuche es daher manuell:

Es folgt Extras.txt:

OTL Extras logfile created on: 19.12.2011 18:14:47 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michael\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 64,76% Memory free
6,71 Gb Paging File | 5,51 Gb Available in Paging File | 82,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,51 Gb Total Space | 518,95 Gb Free Space | 56,93% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,92 Gb Free Space | 44,63% Space Free | Partition Type: FAT32

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{574D5A6F-A3BF-4443-B811-0EFFF2111499}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\rpcagentsrv.exe |
"{6709B1C5-941A-4BB7-9002-1912D0322619}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{68FC8CE0-A221-4514-AD7B-C7E50E0F47AD}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x86\rpcsandrasrv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C6E0F9-ED28-4F13-ACED-3A33E578753F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{0C324068-47A3-4751-BB02-BBEA04DAB19E}" = dir=in | app=c:\program files\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe |
"{0D4712E8-59AE-400E-A38A-0006EF7884A5}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe |
"{0FD0E4C5-1E62-4A5A-82B5-BB09B1CFDBA5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{1124D66B-DC4D-4A37-A87C-76D888F40EF3}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{18D521F6-0F39-4F44-B9E4-414B61ACDCB3}" = dir=in | app=c:\program files\cyberlink\powerdvd11\powerdvd11.exe |
"{1ABB8979-A80E-4D13-B700-B98FED2DE3ED}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1BAB5E96-1BFE-4C81-8395-1686C22665FC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe |
"{1DDA9BEB-D377-40BA-A080-6AE625D79472}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{2A22BA76-3821-4E30-9D8C-E07B7C817F17}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\rpcagentsrv.exe |
"{2F056F99-17AA-4261-8F01-0F80D578FE81}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{3514C0F2-6BBF-43A0-A446-A78420EDFF86}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{361A971E-7174-45FB-9B71-252D0DC78EAA}" = dir=in | app=c:\program files\cyberlink\powerdvd11\pdvd11serv.exe |
"{3847CF9A-EC47-4CB9-A148-C3C23429D46D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{39294145-FF86-4896-9C28-56066432F5F1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe |
"{3AE525A7-F72A-48B6-B049-0B62B244AD96}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3EF5B72C-C99D-4BCA-866E-1D703CD4BD9C}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{44E3F3DA-D2F3-46F4-954A-4CD56F505E7E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{454B6FB0-8107-4824-9D79-C5860463E0A7}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{479BD2CE-7079-474F-B255-3748E8E6A267}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4974A401-2913-4506-A192-C6AD02CF9B54}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{49ABB49B-A21D-404A-B0DA-90F71C88F657}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{4A03B2BC-2AD6-4166-A438-DD63959AFB10}" = dir=in | app=c:\program files\homecinema\powerdvd9\powerdvd9.exe |
"{4E435C7B-BA4F-47FF-89E0-FF378F783083}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{545F9561-9F91-4FA4-9753-D04DE26C2AB6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{54C437C4-7D1C-4569-B1E0-601947D0E12D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{5B46585A-C0E7-4CCB-82FE-0B402D6E2D8A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{6168C082-46AB-4D78-9232-21F1EACB5009}" = dir=in | app=c:\program files\cyberlink\powerdvd11\movie\moviemodule.exe |
"{6558F0BE-A26F-4708-A05B-B7AF009081CA}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{6AB67FB1-5A0B-48E7-AFDB-4AB9D998BD43}" = dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd9.exe |
"{707F94FA-8D73-44B8-AE9A-1D963BFE2AE0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7B1B4A8A-3587-4637-96DD-3142B81C44D5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7DCAE59D-FB8C-4F43-AEF2-1A9E6464EC9E}" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |
"{862FF060-4A9E-4050-84DE-28076351C45E}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{871DE01E-ABED-439D-9E06-CEC306624907}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{93852F04-08A2-491E-9F8D-81A21DCD2F4E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9E9BA054-B21D-49BD-8A62-4A207E30FAA1}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{A38F7812-92E7-41AA-8A4B-D493E2972FCF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{ADB58236-3F12-4014-AA1D-98DEF65FF077}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{B1F581A1-9F84-44E6-BD6B-E61AB4335300}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B29D8884-68D2-4872-9D59-898436F64A99}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{B41AE42A-87E5-4115-92F1-C397F47524E9}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe |
"{B4C4EAF9-412E-43FC-94DE-BF4ED5FFCE96}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{B737B1C5-FA20-4040-A176-532CC93E0F36}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{BDB14009-04AD-4972-B130-80675AC1BF71}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{C1C06105-FF09-4241-976F-186678ADC887}" = dir=in | app=c:\program files\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
"{C26D1139-CE8E-4A89-8BA2-958687E14E71}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe |
"{CAC1A2DB-443E-4BB2-9FC9-A7E99052CE13}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CB7879C5-0189-4922-A841-2134E9C8E5EF}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x86\rpcsandrasrv.exe |
"{D3EAF6AF-CF6A-4083-836D-C59B2B1FE6EA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D890DE52-1D30-4AE6-9167-A7621F7B789A}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{D8BE726B-F18E-48A1-AA73-5AF165253CB8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{DA817636-DB41-4740-9A3A-EEC5F4C4AA21}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E0586076-D666-4094-A691-F57FA8960F5E}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe |
"{E9E6C293-B4C6-4270-967C-7D7383619BA1}" = dir=in | app=c:\program files\homecinema\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{F263ED8D-DF96-4AB1-99AD-C12A1CCE6EEF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F38E9E82-B826-468D-9C59-BF8ABCACBD6D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{F3E9C6A0-2D43-4386-B3CE-D2682C4999AA}" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |
"{FDA2D556-C953-4846-BF9E-7EE00E799985}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{FEF6A862-3B61-4C8E-89C5-F93108620AE2}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"TCP Query User{1B6B90B1-FC66-4426-951C-3C48AA162AF5}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{2A3564F7-F5D3-492B-85BD-557B1014574C}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"TCP Query User{2CC3FD1F-1C79-412D-A7F1-AB2C9917B136}C:\program files\cyberlink\powerdvd10\powerdvd10.exe" = protocol=6 | dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd10.exe |
"TCP Query User{5D490FFF-9BA0-47DF-8A36-6DDD2902DDD1}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{66C1D362-D177-41E6-9CE8-927EAFC3BAEA}C:\vistakompatibel\ccsaddon\carcassonne.exe" = protocol=6 | dir=in | app=c:\vistakompatibel\ccsaddon\carcassonne.exe |
"TCP Query User{8765FAF7-C07F-4445-A3F3-70D89514F6A4}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"TCP Query User{88029103-5EDF-48F2-8B57-2D65C2F7AE1D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{9C122E3E-EB71-4C51-95D8-21815C8AA7FD}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{AAAFDCD3-30F7-488C-85FA-F5BDFF21FACE}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{C864FB26-F00A-4CA7-AE43-150D73EF9087}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{CE6DFEC4-B33C-4331-99A6-78DBCEACEA78}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"TCP Query User{D1DBDF00-7BDA-425B-A013-559A5A4A73A9}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"TCP Query User{E638D3F5-6A54-4914-8A4D-9D3BFFFB679D}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{F07A9F3F-3B59-4A32-BAEC-8719D08E9775}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{027538B0-95AA-489C-B651-C404BECC5AF3}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{1279B5A3-8C65-437B-A337-A2ED94C6D302}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{1F71C1D3-B25E-45FA-982E-D9D294E03161}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"UDP Query User{21D4A274-70B1-4909-8F2F-B238DC30E620}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{2CCCA589-1607-40E2-9889-A65992623FFC}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{47E981A9-385C-4E07-8C7D-272D4DA20838}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{604BB9A7-EED1-4F3F-BDEC-7332FC1F0881}C:\program files\cyberlink\powerdvd10\powerdvd10.exe" = protocol=17 | dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd10.exe |
"UDP Query User{A636900A-1C1D-4C1B-8AAE-398102D56C66}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"UDP Query User{C5164BAE-39B2-4EE3-AF9C-6AA1E362AB16}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{C956B007-22AD-45A4-82BE-D1531A7CDBD1}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{CED25D50-39C0-4251-8AB2-6F7ACC0D6DE6}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"UDP Query User{E2527991-293C-4A03-9600-C0958FF387C2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{F92434F0-3928-4D89-883D-9EFE1AB27E98}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{FE92C67F-BB6C-4F4B-BFC6-90943FC78FFC}C:\vistakompatibel\ccsaddon\carcassonne.exe" = protocol=17 | dir=in | app=c:\vistakompatibel\ccsaddon\carcassonne.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 25
"{2BDBD1DE-2959-407F-BBC2-C9B2828CEDF2}" = HPSSupply
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD & 3D Advisor 2.0
"{3118E461-1976-4F6A-97B4-B655F3AAB263}" = Wertpapieranalyse 2009
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}" = Quicken 2010 - Servicepack 5
"{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken 2010
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C35CAC7-27C9-4CB0-BBB8-CBF9994215DA}" = Lexware online banking
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7239A06F-235B-43B1-970D-7A411FD95683}" = Nokia Software Updater
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{75E9A522-65D2-4200-A95F-C3EF89703263}" = Lyrics Plugin for Winamp
"{763231D7-2E4E-44D6-8FC2-6A0C7EDCE3B6}" = DDBAC
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DA9F24A-CEC3-426E-BFFA-ADB94D922463}" = Quicken Import Export Server 2010
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC3A65A-03B0-428A-A216-075687AA0F3F}" = Carcassonne Add-On
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1061D9F-AC15-4762-8E95-C4F19BEAE34B}" = Carcassonne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA721D14-CFE2-410E-B975-79FE5F82F99F}" = MSVCMergeModules
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP3c
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D05B0ED7-7C10-49C2-990C-8D984197C1B4}" = The Book of Unwritten Tales
"{D41848C0-C173-4CA1-A92E-3F2C50C2364E}" = Steganos Safe 2007
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"33B31D6D-7EFB-45A3-AC50-4DAF98042443_is1" = The Book Of Unwritten Tales: Die Vieh Chroniken Version 1.2
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"A Vampyre Story" = A Vampyre Story
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AstrumNival Allods" = Allods Online 2.0.02.67
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Black Mirror 2_is1" = Black Mirror 2
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"Dr. Hardware 2009_is1" = Dr. Hardware 2009 9.9.2d
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"EADM" = EA Download Manager
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free Studio_is1" = Free Studio version 4.8
"Free YouTube Download_is1" = Free YouTube Download 2.10
"GamesBar" = GamesBar 2.0.1.78
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken Deluxe 2010
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"iPhone_Backup_Switch_1.0" = iPhone Backup Switch
"Luxor Quest for the Afterlife_is1" = Luxor Quest for the Afterlife de
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Fotos auf CD & DVD 9 deluxe Download-Version D" = MAGIX Fotos auf CD & DVD 9 deluxe Download-Version 9.0.0.19 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Slideshow Maker D" = MAGIX Slideshow Maker 1.0.1.3 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MMM MultiMediaManufaktur Beach Blox" = Beach Blox
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Shop for HP Supplies" = Shop for HP Supplies
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steam App 35700" = Trine
"SystemRequirementsLab" = System Requirements Lab
"Trine_is1" = Trine
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uninstall_is1" = Uninstall 1.0.0.1
"Venetica_is1" = Venetica
"WhiteCap" = WhiteCap
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SugarSync" = SugarSync Manager
"UnityWebPlayer" = Unity Web Player
"Wizard101(DE)_is1" = Wizard101(DE)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02.12.2010 10:49:59 | Computer Name = Michael-PC | Source = OviSuite | ID = 1
Description =

Error - 02.12.2010 10:49:59 | Computer Name = Michael-PC | Source = OviSuite | ID = 1
Description =

Error - 02.12.2010 10:49:59 | Computer Name = Michael-PC | Source = OviSuite | ID = 1
Description =

Error - 02.12.2010 10:49:59 | Computer Name = Michael-PC | Source = OviSuite | ID = 1
Description =

Error - 02.12.2010 10:49:59 | Computer Name = Michael-PC | Source = OviSuite | ID = 1
Description =

Error - 02.12.2010 10:49:59 | Computer Name = Michael-PC | Source = OviSuite | ID = 1
Description =

Error - 02.12.2010 10:49:59 | Computer Name = Michael-PC | Source = OviSuite | ID = 1
Description =

Error - 02.12.2010 10:49:59 | Computer Name = Michael-PC | Source = OviSuite | ID = 1
Description =

Error - 02.12.2010 10:49:59 | Computer Name = Michael-PC | Source = OviSuite | ID = 1
Description =

Error - 02.12.2010 10:50:00 | Computer Name = Michael-PC | Source = OviSuite | ID = 1
Description =

[ System Events ]
Error - 16.12.2011 17:57:39 | Computer Name = Michael-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.12.2011 um 11:06:25 unerwartet heruntergefahren.

Error - 16.12.2011 17:58:47 | Computer Name = Michael-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "BOOT" aus.

Error - 16.12.2011 17:58:47 | Computer Name = Michael-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "BOOT" aus.

Error - 16.12.2011 17:59:06 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 17.12.2011 01:55:54 | Computer Name = Michael-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 17.12.2011 01:56:48 | Computer Name = Michael-PC | Source = WinDefend | ID = 2004
Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.
Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte
Signaturen: %%824 Fehlercode: 0x80508001 Fehlerbeschreibung: Aufgrund eines Problems
konnte das Programm nicht gestartet werden. Installieren Sie alle verfügbaren Updates,
und starten Sie das Programm erneut. Informationen über die Installation von Updates
erhalten Sie unter Hilfe und Support. Ladende Signaturen: %%825 Ladene Signaturversion:
1.117.953.0 Ladende Modulversion: 1.1.7903.0

Error - 17.12.2011 01:56:50 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 18.12.2011 13:47:22 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 18.12.2011 17:20:13 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 19.12.2011 11:45:15 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >


Und nun die gmer.txt:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-20 07:46:13
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ST6O
Running: p25vwnrw.exe; Driver: C:\Users\Michael\AppData\Local\Temp\uxliifow.sys


---- System - GMER 1.0.15 ----

SSDT 8CA8A68E ZwCreateSection
SSDT 8CA8A693 ZwSetContextThread
SSDT 8CA8A62F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 215 828B1998 4 Bytes [8E, A6, A8, 8C]
.text ntkrnlpa.exe!KeSetEvent + 56D 828B1CF0 4 Bytes [93, A6, A8, 8C] {XCHG EBX, EAX; CMPSB ; TEST AL, 0x8c}
.text ntkrnlpa.exe!KeSetEvent + 621 828B1DA4 4 Bytes [2F, A6, A8, 8C] {DAS ; CMPSB ; TEST AL, 0x8c}
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xA236369D]
.text C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl section is writeable [0xA3CFC000, 0x2BE8, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl entry point in ".vmp2" section [0xA3D1E666]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


Sorry, wenn ich etwas falsch gemacht habe, aber selbst mit Euren tollen Anleitungen ist diese Sache für mich nicht so ganz einfach.

Vielen Dank !

Alt 20.12.2011, 22:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Zitat:
Auf Eure Seite aufmerksam gemacht, habe ich nun das empfohlene Programm von Malware Bytes laufen lassen und der letzte komplette Scan hat nichts mehr angezeigt.
Bitte alle Logs davon poste
__________________

__________________

Alt 21.12.2011, 06:43   #3
Oldive
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Hier kommt das Einzige Log, was ich noch habe. Ich lasse das Programm heute abend nochmals laufen, denn dies scheint der Quick Scan zu sein. Bei dem kompletten wurden aber keine Funde angezeigt.

Gruß
Oldive

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8384

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

17.12.2011 10:25:54
mbam-log-2011-12-17 (10-25-54).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 177126
Laufzeit: 3 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________

Alt 21.12.2011, 10:12   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.12.2011, 16:28   #5
Oldive
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Hallo, Arne,

hier die Logs, das Aktuellste von eben zuerst, danach alle, die das Prg. erstellt hat. Danke, für den Hinweis, dass die dort gespeichert sind:

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 911122104

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

21.12.2011 16:03:03
mbam-log-2011-12-21 (16-03-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 444771
Laufzeit: 1 Stunde(n), 25 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8393

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

19.12.2011 00:03:20
mbam-log-2011-12-19 (00-03-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 444104
Laufzeit: 1 Stunde(n), 39 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)




Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8393

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

18.12.2011 22:17:26
mbam-log-2011-12-18 (22-17-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 444167
Laufzeit: 1 Stunde(n), 26 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\steganos safe 2007\dllregister.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.





Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8384

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

17.12.2011 10:54:09
mbam-log-2011-12-17 (10-54-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 124614
Laufzeit: 25 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)




Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8384

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

17.12.2011 10:25:54
mbam-log-2011-12-17 (10-25-54).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 177126
Laufzeit: 3 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Das ist Alles, was ich habe. Besten Dank !

Oldive


Alt 21.12.2011, 17:19   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> BKA Trojaner - UKash Aufforderung

Alt 22.12.2011, 15:21   #7
Oldive
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Hallo, Arne !

Hier das aktuelle Log-File:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4f7a0849eb96544ba2b353ab44049906
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-22 12:03:51
# local_time=2011-12-22 01:03:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 275383 61038939 268046 0
# compatibility_mode=4096 16777215 100 0 74963793 74963793 0 0
# compatibility_mode=5892 16776637 100 100 31325 162034846 0 0
# compatibility_mode=8192 67108863 100 0 3797 3797 0 0
# scanned=280067
# found=8
# cleaned=0
# scan_time=10113
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\4b7f4ede-4c0f4041 Java/Exploit.CVE-2011-3544.D trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Desktop\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\registrybooster(2).exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_dropbox.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_free-m4a-to-mp3-converter.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\Eigene Downloads\Organisation\Freecommander\fc_setup_.zip a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4f7a0849eb96544ba2b353ab44049906
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-22 09:09:09
# local_time=2011-12-22 10:09:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 307684 61071240 300347 0
# compatibility_mode=4096 16777215 100 0 74996094 74996094 0 0
# compatibility_mode=5892 16776637 100 100 63626 162067147 0 0
# compatibility_mode=8192 67108863 100 0 36098 36098 0 0
# scanned=287222
# found=8
# cleaned=0
# scan_time=10529
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\4b7f4ede-4c0f4041 Java/Exploit.CVE-2011-3544.D trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Desktop\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\registrybooster(2).exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_dropbox.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_free-m4a-to-mp3-converter.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\Eigene Downloads\Organisation\Freecommander\fc_setup_.zip a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I


Besten Dank, Oldive

Alt 22.12.2011, 18:19   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Zitat:
C:\Users\Michael\Downloads\registrybooster.exe
Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.


Zitat:
C:\Users\Michael\Downloads\SoftonicDownloader
Bitte nicht falsch verstehen, aber irgendwie hab ich den Eindruck es ist ein Volkssport geworden sich sämtlichen Kram von Softonic zu laden. Da ist immer irgendein Müll wie Toolbars oder der sinnlose Softonic Downloader drin. Warum lädst du die Software nicht von der Seite des Herstellers oder notfalls bei chip.de?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.12.2011, 23:38   #9
Oldive
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Hallo, Arne,

um ehrlich zu sein, ich weiß nicht mal, ob ich diese Programme selber geladen habe... Ich bewege mich eher auf der ganz oberflächlichen Ebene von Windows, ok ?

Kann sein, dass andere Benutzer, die Zugang zu meinem Computer haben, das getan haben, keine Ahnung. Was soll ich nun machen, darf ich diesen Computer wieder nutzen oder muss ich weitere Schritte unternehmen ?

Danke, Oldive

Alt 23.12.2011, 10:16   #10
Oldive
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



P.S. Zunächst möchte ich mich für die schnelle und professionelle Hilfe bei dir bedanken !

Zum Abschluss bleiben noch einige Fragen offen:
1. Sollte ich die vor dir genannten Programme entfernen ? Tune up Ut. würde ich gern behalten.

2. Sind noch Maßnahmen bei meinem Rechner erforderlich oder kann ich ihn uneingeschränkt wieder nutzen ?

3. Empfiehlst du für die Zukunft weitere Programme zum Schutz ?

4. Muss/kann ich in dem einen Programm wieder re-enable drücken (wir hatten da Treiben ausgestellt).

Besten Dank für die Hilfe und ein Frohes Fest.

Oldive

Alt 23.12.2011, 17:23   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



TuneUp zieht sich - warum auch immer - fast durchgängig durch alle Logs hier, warum weiß ich nicht, denn TuneUp ist eigentlich der letzte Schrott => TuneUp: Wundermittel oder Placebo Reloaded | DerFisch.de


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.12.2011, 08:15   #12
Oldive
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Frohe Weihnachen, Arne !

Hier kommt das Log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.12.2011 23:57:07 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Michael\Desktop\Viren
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 63,97% Memory free
6,70 Gb Paging File | 5,46 Gb Available in Paging File | 81,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,51 Gb Total Space | 517,50 Gb Free Space | 56,77% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,92 Gb Free Space | 44,63% Space Free | Partition Type: FAT32
 
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.23 14:52:44 | 000,246,600 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011.12.23 14:52:44 | 000,218,440 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2011.12.19 18:09:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\Viren\OTL.exe
PRC - [2011.12.15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.13 09:34:54 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.12.13 09:32:32 | 001,527,104 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.11.11 09:44:32 | 012,210,176 | ---- | M] (SugarSync, Inc.) -- C:\Programme\SugarSync\SugarSyncManager.exe
PRC - [2011.09.14 14:48:20 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Programme\Cyberlink\PowerDVD11\PDVD11Serv.exe
PRC - [2011.08.26 07:00:22 | 000,292,136 | ---- | M] (CyberLink) -- C:\Programme\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
PRC - [2011.08.26 07:00:19 | 000,075,048 | ---- | M] (CyberLink) -- C:\Programme\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011.08.24 02:13:43 | 000,083,240 | ---- | M] () -- C:\Programme\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011.08.23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.05.16 14:58:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Programme\Cyberlink\Shared files\brs.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.07.23 13:13:10 | 000,066,824 | ---- | M] (Raxco Software, Inc.) -- C:\Programme\Raxco\PerfectDisk10\PDAgentS1.exe
PRC - [2009.07.23 13:13:08 | 000,931,080 | ---- | M] (Raxco Software, Inc.) -- C:\Programme\Raxco\PerfectDisk10\PDAgent.exe
PRC - [2009.07.15 09:08:24 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.10.08 23:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.08 23:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.23 14:52:44 | 000,218,440 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2011.05.10 17:12:22 | 007,446,528 | ---- | M] () -- C:\Programme\SugarSync\QtGui4.dll
MOD - [2011.05.10 17:12:22 | 002,027,520 | ---- | M] () -- C:\Programme\SugarSync\QtCore4.dll
MOD - [2011.05.10 17:12:22 | 000,671,744 | ---- | M] () -- C:\Programme\SugarSync\QtNetwork4.dll
MOD - [2011.05.10 17:12:22 | 000,364,544 | ---- | M] () -- C:\Programme\SugarSync\QtXml4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (Boonty Games)
SRV - [2011.12.23 14:52:44 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.13 09:32:32 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.08.26 07:00:22 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.08.26 07:00:19 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011.08.24 02:13:43 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Programme\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011.01.13 16:28:55 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.07.23 13:13:12 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009.07.23 13:13:08 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2009.07.15 09:08:24 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.05.17 21:04:00 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.08 23:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.25 13:06:52 | 000,077,296 | ---- | M] (CyberLink Corp.) [2011/11/05 14:42:40] [Kernel | Auto | Running] -- C:\Programme\Cyberlink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.08.24 02:13:44 | 000,071,664 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys -- (ntk_PowerDVD)
DRV - [2010.11.29 19:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.07.10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.12.12 00:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.07.15 09:08:24 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.06.12 18:29:33 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009.06.08 09:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009.05.05 22:37:52 | 000,026,216 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008.12.09 14:26:50 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.09.21 08:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.07.03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007.07.03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007.07.03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007.02.21 12:33:54 | 000,080,232 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\sleen15.sys -- (SLEE_15_DRIVER)
DRV - [2005.12.01 09:49:22 | 000,023,600 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\drhard.sys -- (drhard)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={540DA3FE-6920-4852-B8B8-2946201A7B93}&mid=b6f16f60637447d186ecd16d679c5ea8-4eef134359efce55d714de0e7ae09763f79b253c&lang=de&ds=tt014&pr=sa&d=&v=&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://isearch.avg.com?cid=%7B1dd0d0b1-f528-4fe9-b38d-32ba49dd12a0%7D&mid=b6f16f60637447d186ecd16d679c5ea8-4eef134359efce55d714de0e7ae09763f79b253c&ds=tt014&v=9.0.0.22&lang=de&pr=sa&d=2011-12-23%2014%3A52%3A45"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..extensions.enabledItems: verify-u@cybits.de:1.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B1dd0d0b1-f528-4fe9-b38d-32ba49dd12a0%7D&mid=b6f16f60637447d186ecd16d679c5ea8-4eef134359efce55d714de0e7ae09763f79b253c&ds=tt014&v=8.0.0.40&lang=de&pr=sa&d=2011-12-23%2014%3A52%3A45&sap=ku&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.09.22 13:37:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.12.01 19:30:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.10 16:26:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.10 16:26:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.10 16:26:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.01 19:30:03 | 000,000,000 | ---D | M]
 
[2009.06.09 17:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions
[2011.12.23 14:53:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\qwg3d7r0.default\extensions
[2011.12.23 14:53:35 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\qwg3d7r0.default\extensions\avg@toolbar
[2011.02.11 16:47:56 | 000,000,000 | ---D | M] ([verify-U]-AVS) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\qwg3d7r0.default\extensions\verify-u@cybits.de
[2011.12.23 14:52:43 | 000,003,741 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\avg-secure-search.xml
[2011.12.23 17:07:08 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-1.xml
[2009.04.02 07:30:18 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-10.xml
[2009.04.23 17:58:48 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-11.xml
[2009.04.29 07:08:48 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-12.xml
[2009.06.15 20:49:28 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-13.xml
[2009.07.25 22:35:30 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-14.xml
[2010.10.23 06:48:23 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-15.xml
[2010.10.29 06:30:27 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-16.xml
[2010.12.12 12:04:06 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-17.xml
[2008.04.17 15:44:20 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-2.xml
[2008.07.08 06:59:32 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-3.xml
[2008.07.12 09:52:42 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-4.xml
[2008.07.18 11:09:04 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-5.xml
[2008.11.15 12:33:58 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-6.xml
[2008.12.22 20:12:54 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-7.xml
[2009.02.07 19:52:18 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-8.xml
[2009.03.06 23:25:40 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-9.xml
[2008.02.19 17:16:46 | 000,000,951 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin.xml
[2011.11.10 21:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.08.16 08:02:03 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009.06.25 07:54:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.11.10 21:56:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.12 20:11:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.12 20:11:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.12 20:11:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.12 20:11:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.12 20:11:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.12 20:11:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Programme\GamesBar\2.0.1.78\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Programme\GamesBar\2.0.1.78\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl11] C:\Programme\Cyberlink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Users/Michael/Desktop/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///C:/Users/Michael/Desktop/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} hxxp://www.cyberlink.com/prog/aacs/UpdateAdvisor.cab (CUpdateAdvisorCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F18B27DE-BDCE-4084-B7BD-16EEBD280B7F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Michael\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Michael\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4a9996dc-6143-11de-9098-00242178b75b}\Shell\AutoRun\command - "" = explorer.exe START.html
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {99B168DE-8DA4-6F22-BA9D-459F4388269B} - LightScribe Control Panel
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F06E315C-7414-9D2F-F43D-B03C6F9A869B} - Internet Explorer
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.23 18:46:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Avira
[2011.12.23 17:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.23 17:40:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.12.23 17:40:18 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.23 17:40:18 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.23 17:40:18 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.23 17:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.23 17:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.12.23 14:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011.12.23 14:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011.12.23 14:52:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.12.23 14:51:52 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.12.23 14:51:52 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.12.21 22:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.20 19:18:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Viren
[2011.12.20 18:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.12.20 18:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011.12.17 10:21:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2011.12.17 10:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.17 10:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.17 10:21:08 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.17 10:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.10 16:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.12.10 16:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.12.10 16:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.10 16:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.12.10 16:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.11.24 22:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.23 23:38:58 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.23 23:38:58 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.23 23:21:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.23 18:43:14 | 000,037,109 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.23 18:43:13 | 000,037,109 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.23 17:44:06 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.23 17:44:06 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.23 17:44:06 | 000,127,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.23 17:44:06 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.23 17:40:47 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.23 17:39:10 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.23 17:38:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.23 17:38:38 | 3485,659,136 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.19 18:07:16 | 000,000,000 | ---- | M] () -- C:\Users\Michael\defogger_reenable
[2011.12.16 22:57:38 | 000,480,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.16 09:14:09 | 000,002,631 | ---- | M] () -- C:\Users\Michael\Desktop\Microsoft Office Word 2007.lnk
[2011.12.15 17:39:37 | 000,002,633 | ---- | M] () -- C:\Users\Michael\Desktop\Microsoft Office Excel 2007.lnk
[2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.13 09:35:52 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.12.13 09:29:24 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.12.13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.12.10 16:26:47 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.12.10 16:25:26 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011.12.10 16:24:10 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.28 10:05:05 | 000,000,680 | ---- | M] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2011.11.28 10:03:10 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.11.24 22:23:06 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.23 17:40:47 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.19 18:07:16 | 000,000,000 | ---- | C] () -- C:\Users\Michael\defogger_reenable
[2011.12.10 16:26:47 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.12.10 16:24:10 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.24 22:23:06 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.10.25 09:02:59 | 000,074,223 | ---- | C] () -- C:\Windows\hpqins16.dat
[2010.09.04 13:06:17 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010.02.08 17:30:00 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2010.02.03 13:48:40 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.02.03 13:48:40 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.10.04 22:52:25 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.10.04 22:52:09 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.07.08 06:51:08 | 000,000,680 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2009.06.18 16:58:56 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.06.18 16:58:56 | 000,022,328 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\PnkBstrK.sys
[2009.06.18 16:58:24 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.06.18 16:58:23 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.06.18 16:58:23 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.06.17 18:15:57 | 003,211,264 | ---- | C] () -- C:\Program Files\Common FilesDDBACSetup.msi
[2009.06.09 17:38:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.06.09 17:36:36 | 000,054,272 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.09 17:21:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.09 17:21:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.04.02 14:28:23 | 000,000,030 | ---- | C] () -- C:\Windows\System32\drivers\version.dat
[2009.03.26 01:13:21 | 000,632,014 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.03.26 01:13:21 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.03.26 01:13:21 | 000,127,258 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.03.26 01:13:21 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.03.25 17:07:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.02 19:10:14 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2009.02.02 19:08:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2009.02.02 19:08:22 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,480,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,598,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,716 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.07.13 07:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI
 
========== LOP Check ==========
 
[2010.10.31 07:08:39 | 000,000,000 | -HSD | M] -- C:\Users\Michael\AppData\Roaming\.#
[2011.01.08 09:13:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.minecraft
[2009.06.12 18:38:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Acronis
[2010.12.11 18:54:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Amazon
[2011.11.10 18:44:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BeachBlox
[2009.06.17 18:39:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DataDesign
[2011.12.23 17:41:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2010.10.26 15:47:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2010.10.26 15:48:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.02.08 17:29:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\iolo
[2009.06.17 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Lexware
[2010.01.11 19:24:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\MAGIX
[2010.12.01 19:32:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia
[2010.11.22 10:06:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia Ovi Suite
[2011.01.09 10:08:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Oberon Media
[2009.06.17 11:45:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PC Suite
[2010.12.23 17:26:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ProtectDisc
[2010.02.03 13:48:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Samsung
[2010.12.02 10:22:42 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SoftGrid Client
[2009.09.28 07:56:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SoundSpectrum
[2009.06.11 18:27:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Steganos
[2010.10.18 10:01:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\STRATO
[2009.06.12 20:12:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\The Games Company
[2009.06.09 17:39:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\thunderbird
[2010.11.24 17:50:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TP
[2011.02.19 10:35:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TuneUp Software
[2010.05.30 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ubisoft
[2010.12.19 11:57:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Uniblue
[2010.05.03 17:37:06 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Unity
[2011.12.23 17:37:49 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.31 07:08:39 | 000,000,000 | -HSD | M] -- C:\Users\Michael\AppData\Roaming\.#
[2011.01.08 09:13:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.minecraft
[2009.06.12 18:38:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Acronis
[2009.06.11 17:55:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Adobe
[2010.12.11 18:54:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Amazon
[2011.10.20 08:13:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Apple Computer
[2011.12.23 18:46:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Avira
[2011.11.10 18:44:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BeachBlox
[2009.11.04 21:27:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Corel
[2011.11.05 14:43:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\CyberLink
[2009.06.17 18:39:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DataDesign
[2011.12.23 17:41:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2010.10.26 15:47:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2010.10.26 15:48:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.06.09 07:52:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Identities
[2009.07.07 17:17:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\InstallShield
[2010.02.08 17:29:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\iolo
[2009.06.17 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Lexware
[2009.06.09 07:51:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Macromedia
[2010.01.11 19:24:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\MAGIX
[2011.12.17 10:21:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Media Center Programs
[2011.06.20 23:31:34 | 000,000,000 | --SD | M] -- C:\Users\Michael\AppData\Roaming\Microsoft
[2009.06.09 17:39:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mozilla
[2010.12.01 19:32:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia
[2010.11.22 10:06:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia Ovi Suite
[2010.12.23 09:56:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NVIDIA
[2011.01.09 10:08:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Oberon Media
[2009.06.17 11:45:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PC Suite
[2010.12.23 17:26:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ProtectDisc
[2010.02.03 13:48:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Samsung
[2009.06.18 17:59:11 | 000,000,000 | RH-D | M] -- C:\Users\Michael\AppData\Roaming\SecuROM
[2010.12.02 10:22:42 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SoftGrid Client
[2009.09.28 07:56:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SoundSpectrum
[2009.06.11 18:27:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Steganos
[2010.10.18 10:01:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\STRATO
[2009.06.12 20:12:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\The Games Company
[2009.06.09 17:39:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\thunderbird
[2010.11.24 17:50:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TP
[2011.02.19 10:35:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TuneUp Software
[2010.05.30 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ubisoft
[2010.12.19 11:57:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Uniblue
[2010.05.03 17:37:06 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Unity
 
< %APPDATA%\*.exe /s >
[2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.05.25 21:07:42 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010.12.19 14:52:37 | 000,003,584 | R--- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2009.12.13 10:59:08 | 000,004,710 | R--- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Installer\{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}\ARPPRODUCTICON.exe
[2009.07.11 16:34:50 | 000,010,134 | R--- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.02.03 14:08:11 | 000,069,632 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.10.08 23:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.10.08 23:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\drivers\iaStor.sys
[2007.10.08 23:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1bb129e3\iaStor.sys
[2007.10.08 23:19:02 | 000,383,000 | ---- | M] (Intel Corporation) MD5=968BCEAD432CD478D0659FC95ED52170 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 03:24:47 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 2560 bytes -> C:\ProgramData\CLDShowX.ini:Update.CL

< End of report >
         
--- --- ---


Besten Dank, Oldive

Alt 24.12.2011, 15:03   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={540DA3FE-6920-4852-B8B8-2946201A7B93}&mid=b6f16f60637447d186ecd16d679c5ea8-4eef134359efce55d714de0e7ae09763f79b253c&lang=de&ds=tt014&pr=sa&d=&v=&sap=hp
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com?cid=%7B1dd0d0b1-f528-4fe9-b38d-32ba49dd12a0%7D&mid=b6f16f60637447d186ecd16d679c5ea8-4eef134359efce55d714de0e7ae09763f79b253c&ds=tt014&v=9.0.0.22&lang=de&pr=sa&d=2011-12-23%2014%3A52%3A45"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B1dd0d0b1-f528-4fe9-b38d-32ba49dd12a0%7D&mid=b6f16f60637447d186ecd16d679c5ea8-4eef134359efce55d714de0e7ae09763f79b253c&ds=tt014&v=8.0.0.40&lang=de&pr=sa&d=2011-12-23%2014%3A52%3A45&sap=ku&q="
[2011.02.11 16:47:56 | 000,000,000 | ---D | M] ([verify-U]-AVS) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\qwg3d7r0.default\extensions\verify-u@cybits.de
[2011.12.23 14:52:43 | 000,003,741 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\avg-secure-search.xml
[2011.12.23 17:07:08 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-1.xml
[2009.04.02 07:30:18 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-10.xml
[2009.04.23 17:58:48 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-11.xml
[2009.04.29 07:08:48 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-12.xml
[2009.06.15 20:49:28 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-13.xml
[2009.07.25 22:35:30 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-14.xml
[2010.10.23 06:48:23 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-15.xml
[2010.10.29 06:30:27 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-16.xml
[2010.12.12 12:04:06 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-17.xml
[2008.04.17 15:44:20 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-2.xml
[2008.07.08 06:59:32 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-3.xml
[2008.07.12 09:52:42 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-4.xml
[2008.07.18 11:09:04 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-5.xml
[2008.11.15 12:33:58 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-6.xml
[2008.12.22 20:12:54 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-7.xml
[2009.02.07 19:52:18 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-8.xml
[2009.03.06 23:25:40 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-9.xml
[2008.02.19 17:16:46 | 000,000,951 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin.xml
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Programme\GamesBar\2.0.1.78\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Programme\GamesBar\2.0.1.78\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKCU..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4a9996dc-6143-11de-9098-00242178b75b}\Shell\AutoRun\command - "" = explorer.exe START.html
[2010.10.31 07:08:39 | 000,000,000 | -HSD | M] -- C:\Users\Michael\AppData\Roaming\.#
[2010.12.19 11:57:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Uniblue
[2011.01.09 10:08:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Oberon Media
@Alternate Data Stream - 2560 bytes -> C:\ProgramData\CLDShowX.ini:Update.CL
:Files
C:\Programme\Ask.com
C:\Programme\GamesBar
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.12.2011, 09:25   #14
Oldive
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Moin, Arne !

Das Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "hxxp://isearch.avg.com?cid=%7B1dd0d0b1-f528-4fe9-b38d-32ba49dd12a0%7D&mid=b6f16f60637447d186ecd16d679c5ea8-4eef134359efce55d714de0e7ae09763f79b253c&ds=tt014&v=9.0.0.22&lang=de&pr=sa&d=2011-12-23%2014%3A52%3A45" removed from browser.startup.homepage
Prefs.js: "hxxp://isearch.avg.com/search?cid=%7B1dd0d0b1-f528-4fe9-b38d-32ba49dd12a0%7D&mid=b6f16f60637447d186ecd16d679c5ea8-4eef134359efce55d714de0e7ae09763f79b253c&ds=tt014&v=8.0.0.40&lang=de&pr=sa&d=2011-12-23%2014%3A52%3A45&sap=ku&q=" removed from keyword.URL
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\qwg3d7r0.default\extensions\verify-u@cybits.de\skin\img folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\qwg3d7r0.default\extensions\verify-u@cybits.de\skin folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\qwg3d7r0.default\extensions\verify-u@cybits.de\META-INF folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\qwg3d7r0.default\extensions\verify-u@cybits.de\locale\de-DE folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\qwg3d7r0.default\extensions\verify-u@cybits.de\locale folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\qwg3d7r0.default\extensions\verify-u@cybits.de\content folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\qwg3d7r0.default\extensions\verify-u@cybits.de folder moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\avg-secure-search.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB0D163C-E9F4-4236-9496-0597E24B23A5}\ deleted successfully.
C:\Programme\GamesBar\2.0.1.78\oberontb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\ deleted successfully.
File C:\Programme\GamesBar\2.0.1.78\oberontb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a9996dc-6143-11de-9098-00242178b75b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a9996dc-6143-11de-9098-00242178b75b}\ not found.
File explorer.exe START.html not found.
C:\Users\Michael\AppData\Roaming\.# folder moved successfully.
C:\Users\Michael\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Michael\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Michael\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Michael\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Michael\AppData\Roaming\Uniblue folder moved successfully.
C:\Users\Michael\AppData\Roaming\Oberon Media\Search\SearchEngineProtection folder moved successfully.
C:\Users\Michael\AppData\Roaming\Oberon Media\Search folder moved successfully.
C:\Users\Michael\AppData\Roaming\Oberon Media folder moved successfully.
ADS C:\ProgramData\CLDShowX.ini:Update.CL deleted successfully.
========== FILES ==========
File\Folder C:\Programme\Ask.com not found.
File\Folder C:\Programme\GamesBar not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Michael
->Temp folder emptied: 22669302 bytes
->Temporary Internet Files folder emptied: 211512866 bytes
->Java cache emptied: 1148154 bytes
->FireFox cache emptied: 145581820 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2883 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19167063 bytes
RecycleBin emptied: 2893283284 bytes
 
Total Files Cleaned = 3.141,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12252011_091855

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
Danke, Gruß, Oldive

Alt 25.12.2011, 23:50   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu BKA Trojaner - UKash Aufforderung
alternate, antivir, audiograbber, avira, black, bonjour, c:\windows\system32\rundll32.exe, conduit, converter, device driver, document, druck, error, excel.exe, firefox, google, google earth, home, install.exe, intranet, kaspersky, logfile, malware, malware bytes, microsoft office word, mozilla thunderbird, mp3, nvlddmkm.sys, office 2007, otl-datei, programm, realtek, required, scan, security, security update, senden, software, starten, studio, system, trojaner, updates, version=1.0, vista, windows



Ähnliche Themen: BKA Trojaner - UKash Aufforderung


  1. WIN 7 64bit, schwedischer Ableger vom BKA Trojaner. U-Kash Aufforderung
    Plagegeister aller Art und deren Bekämpfung - 13.05.2014 (15)
  2. GVU / BKA Trojaner Win7, abgesicherter Modus m E-Aufforderung möglich
    Plagegeister aller Art und deren Bekämpfung - 10.07.2013 (17)
  3. Online-Banking Trojaner - Aufforderung zur TAN-Eingabe
    Log-Analyse und Auswertung - 01.07.2013 (19)
  4. Trojaner mit Aufforderung 100€ per Ukash - Win 7
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (37)
  5. Polizei Trojaner, Aufforderung zur Zalung
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (15)
  6. Bundestrojaner? UKash Aufforderung mit Systemstillegung
    Log-Analyse und Auswertung - 13.10.2012 (45)
  7. Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (6)
  8. Verschlüsselungs-Trojaner mit Aufforderung Geld zu überweisen
    Plagegeister aller Art und deren Bekämpfung - 16.06.2012 (29)
  9. Windows Trojaner mit 100 Euro U cash Aufforderung!
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  10. Verschlüsselungs-Trojaner eingefangen und Aufforderung zur Zahlung von 50 Euro
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (3)
  11. Windows Security Center UKash-Aufforderung
    Log-Analyse und Auswertung - 25.04.2012 (29)
  12. Trojaner der 'Bundespolizei' mit der Aufforderung 100€ zu zahlen
    Plagegeister aller Art und deren Bekämpfung - 14.04.2012 (34)
  13. BKA Trojaner Aufforderung 100EUR zu beahlen
    Log-Analyse und Auswertung - 12.04.2012 (22)
  14. Trojaner - Aufforderung zur Zahlung von 100€ - Scananalysen
    Log-Analyse und Auswertung - 20.03.2012 (2)
  15. Rechner geloggt mit Aufforderung 50,- EUR über ukash zu bezahlen
    Log-Analyse und Auswertung - 24.12.2011 (21)
  16. Sparkassen-Trojaner ? Aufforderung zur Eingabe 100 TANs
    Plagegeister aller Art und deren Bekämpfung - 27.11.2011 (11)
  17. Trojaner Sparkasse Banking Aufforderung 20 TANs
    Plagegeister aller Art und deren Bekämpfung - 09.01.2011 (13)

Zum Thema BKA Trojaner - UKash Aufforderung - Moin ! Ich hatte ein gesperrtes System und die angebliche Aufforderung des BKA, 100.- € zu zahlen. Weder Neustart noch ein Hochfahren des Computers mit eingeschränkten Rechten funktionierte. Nach Erstellen - BKA Trojaner - UKash Aufforderung...
Archiv
Du betrachtest: BKA Trojaner - UKash Aufforderung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.