Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.12.2011, 10:24   #1
video7de
 
95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert - Standard

95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert



Sehr geehrte Leser,

in der vorletzten Nacht habe ich mir ein Problem eingehandelt, das so oder so ähnlich auch qxFabixpe, DanyRibi und einige andere haben. Ich benutze Windows 7, Avira Antivir und als Browser Firefox. Als letztes Programm habe ich vor ein paar Tagen die web.de toolbar installiert (zur Freischaltung der Vergrößerung des Mailkontos einer Freundin), davor seit zwei oder drei Monaten nichts. In besagter Nacht habe ich einen .otr Film geladen.

Zuerst wurden die Suchergebnisse von google.de umgeleitet. Kurze Zeit später wurde die Seite mediashifting.com geöffnet. Da wollte ich zuerst den Virenscanner aktualisieren dann einen Scan machen. Darauf die Fehlermeldung „Planer nicht aktiviert“.

Als nächstes habe ich einen Scan mit Malwarebytes, dann mit ESET durchgeführt. Beide haben jeweils ca. 10 Probleme gefunden und gelöscht. Daraufhin habe ich Antivir komplett neu installiert und laut Anzeige (ca. „Ihr Computer ist jetzt wieder sicher“) ging alles wieder. Ein manuelles Update hat auch funktioniert. Dann ein kompletter Scan mit Antivier. Auch Antivir hatte noch einmal 4 Probleme gefunden und behoben und einen Neustart verlangt.

Nach dem Neustart ging die Updatefunktion von Antivir nicht mehr und nun war auch die Livescan-Funktion deaktiviert. Die Geschichte mit 95p.com und mediashiftig ist auch geblieben. Ich schreibe hier von einem anderen Rechner, da ich das offenbar hochtoxische Gerät erst mal vom Netzt genommen habe.

Für mich sieht das so aus, als ob hier ein relativ neues Problem vorliegt. Ich habe den Vorgang so ausführlich geschrieben, da ich keine Ahnung habe, was für Sie wichtig ist. Von den Hintergründen habe ich leider gar keine Ahnung, klare Schritt-für-Schritt Anleitungen bekomme ich aber in der Regel hin.

Über Ihre Hilfe würde ich mich sehr freuen. Soll ich den Rechner erst mal wieder ans Netzt nehmen und wie in den Grundregeln defogger und OTL installierten etc.?

Vielen Dank im Voraus und herzliche Grüße nach da draußen

Alt 29.12.2011, 10:30   #2
Chris4You
 
95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert - Standard

95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert



Hi,

Rookit...

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris
__________________

__________________

Alt 29.12.2011, 11:26   #3
video7de
 
95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert - Standard

95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert



Lieber Chris,

Sie schickt der Himmel! Antivir funktioniert und der redirect ist auch hinfort!!! Nach ewigem wuseln nun nach 10 Minuten die Lösung.

Hier die Dateien:

TDSS

Code:
ATTFilter
10:51:45.0860 2640	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
10:51:45.0969 2640	============================================================
10:51:45.0969 2640	Current date / time: 2011/12/29 10:51:45.0969
10:51:45.0969 2640	SystemInfo:
10:51:45.0969 2640	
10:51:45.0969 2640	OS Version: 6.1.7600 ServicePack: 0.0
10:51:45.0969 2640	Product type: Workstation
10:51:45.0969 2640	ComputerName: LENOVO_LAPTOP
10:51:45.0969 2640	UserName: Raphael
10:51:45.0969 2640	Windows directory: C:\Windows
10:51:45.0969 2640	System windows directory: C:\Windows
10:51:45.0969 2640	Processor architecture: Intel x86
10:51:45.0969 2640	Number of processors: 2
10:51:45.0969 2640	Page size: 0x1000
10:51:45.0969 2640	Boot type: Normal boot
10:51:45.0969 2640	============================================================
10:51:47.0888 2640	Initialize success
10:52:13.0051 3028	============================================================
10:52:13.0051 3028	Scan started
10:52:13.0051 3028	Mode: Manual; 
10:52:13.0051 3028	============================================================
10:52:16.0374 3028	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
10:52:16.0389 3028	1394ohci - ok
10:52:16.0483 3028	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
10:52:16.0483 3028	ACPI - ok
10:52:16.0514 3028	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
10:52:16.0514 3028	AcpiPmi - ok
10:52:16.0561 3028	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:52:16.0577 3028	adp94xx - ok
10:52:16.0623 3028	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:52:16.0655 3028	adpahci - ok
10:52:16.0670 3028	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:52:16.0686 3028	adpu320 - ok
10:52:16.0779 3028	AF15BDA         (5b1ef06f0cdcf7ed33bd5d99e9421f02) C:\Windows\system32\DRIVERS\AF15BDA.sys
10:52:16.0795 3028	AF15BDA - ok
10:52:16.0873 3028	AFD             (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
10:52:16.0904 3028	AFD - ok
10:52:16.0935 3028	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
10:52:16.0935 3028	agp440 - ok
10:52:16.0967 3028	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:52:16.0982 3028	aic78xx - ok
10:52:17.0013 3028	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
10:52:17.0029 3028	aliide - ok
10:52:17.0076 3028	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
10:52:17.0076 3028	amdagp - ok
10:52:17.0091 3028	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
10:52:17.0091 3028	amdide - ok
10:52:17.0123 3028	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:52:17.0123 3028	AmdK8 - ok
10:52:17.0185 3028	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:52:17.0201 3028	AmdPPM - ok
10:52:17.0247 3028	amdsata         (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
10:52:17.0247 3028	amdsata - ok
10:52:17.0279 3028	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:52:17.0279 3028	amdsbs - ok
10:52:17.0310 3028	amdxata         (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
10:52:17.0310 3028	amdxata - ok
10:52:17.0419 3028	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
10:52:17.0419 3028	AppID - ok
10:52:17.0481 3028	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:52:17.0481 3028	arc - ok
10:52:17.0497 3028	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:52:17.0513 3028	arcsas - ok
10:52:17.0544 3028	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:52:17.0544 3028	AsyncMac - ok
10:52:17.0575 3028	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
10:52:17.0575 3028	atapi - ok
10:52:17.0653 3028	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
10:52:17.0653 3028	avgntflt - ok
10:52:17.0700 3028	avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
10:52:17.0700 3028	avipbb - ok
10:52:17.0731 3028	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
10:52:17.0731 3028	avkmgr - ok
10:52:17.0825 3028	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:52:17.0856 3028	b06bdrv - ok
10:52:17.0903 3028	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:52:17.0934 3028	b57nd60x - ok
10:52:17.0981 3028	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:52:17.0981 3028	Beep - ok
10:52:18.0027 3028	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:52:18.0027 3028	blbdrive - ok
10:52:18.0074 3028	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
10:52:18.0090 3028	bowser - ok
10:52:18.0105 3028	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:52:18.0121 3028	BrFiltLo - ok
10:52:18.0137 3028	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:52:18.0152 3028	BrFiltUp - ok
10:52:18.0183 3028	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:52:18.0199 3028	Brserid - ok
10:52:18.0230 3028	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:52:18.0246 3028	BrSerWdm - ok
10:52:18.0261 3028	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:52:18.0277 3028	BrUsbMdm - ok
10:52:18.0308 3028	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:52:18.0308 3028	BrUsbSer - ok
10:52:18.0371 3028	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
10:52:18.0386 3028	BthEnum - ok
10:52:18.0417 3028	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:52:18.0417 3028	BTHMODEM - ok
10:52:18.0480 3028	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
10:52:18.0480 3028	BthPan - ok
10:52:18.0558 3028	BTHPORT         (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
10:52:18.0636 3028	BTHPORT - ok
10:52:18.0714 3028	BTHUSB          (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
10:52:18.0714 3028	BTHUSB - ok
10:52:18.0776 3028	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:52:18.0792 3028	cdfs - ok
10:52:18.0854 3028	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
10:52:18.0870 3028	cdrom - ok
10:52:18.0932 3028	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:52:18.0948 3028	circlass - ok
10:52:18.0995 3028	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:52:19.0026 3028	CLFS - ok
10:52:19.0057 3028	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:52:19.0073 3028	CmBatt - ok
10:52:19.0088 3028	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
10:52:19.0088 3028	cmdide - ok
10:52:19.0119 3028	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
10:52:19.0135 3028	CNG - ok
10:52:19.0166 3028	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:52:19.0166 3028	Compbatt - ok
10:52:19.0197 3028	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:52:19.0213 3028	CompositeBus - ok
10:52:19.0244 3028	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:52:19.0244 3028	crcdisk - ok
10:52:19.0338 3028	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
10:52:19.0353 3028	CSC - ok
10:52:19.0431 3028	DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
10:52:19.0447 3028	DfsC - ok
10:52:19.0463 3028	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:52:19.0463 3028	discache - ok
10:52:19.0509 3028	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:52:19.0509 3028	Disk - ok
10:52:19.0587 3028	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:52:19.0587 3028	drmkaud - ok
10:52:19.0650 3028	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
10:52:19.0665 3028	DXGKrnl - ok
10:52:19.0806 3028	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:52:19.0884 3028	ebdrv - ok
10:52:19.0962 3028	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:52:19.0977 3028	elxstor - ok
10:52:20.0009 3028	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
10:52:20.0009 3028	ErrDev - ok
10:52:20.0118 3028	esgiguard - ok
10:52:20.0180 3028	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:52:20.0196 3028	exfat - ok
10:52:20.0227 3028	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:52:20.0243 3028	fastfat - ok
10:52:20.0274 3028	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:52:20.0274 3028	fdc - ok
10:52:20.0305 3028	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:52:20.0321 3028	FileInfo - ok
10:52:20.0336 3028	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:52:20.0336 3028	Filetrace - ok
10:52:20.0352 3028	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:52:20.0367 3028	flpydisk - ok
10:52:20.0399 3028	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:52:20.0414 3028	FltMgr - ok
10:52:20.0461 3028	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:52:20.0461 3028	FsDepends - ok
10:52:20.0492 3028	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
10:52:20.0492 3028	Fs_Rec - ok
10:52:20.0555 3028	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
10:52:20.0586 3028	fvevol - ok
10:52:20.0617 3028	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:52:20.0617 3028	gagp30kx - ok
10:52:20.0711 3028	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:52:20.0711 3028	hcw85cir - ok
10:52:20.0789 3028	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
10:52:20.0804 3028	HdAudAddService - ok
10:52:20.0835 3028	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:52:20.0835 3028	HDAudBus - ok
10:52:20.0867 3028	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:52:20.0882 3028	HidBatt - ok
10:52:20.0913 3028	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:52:20.0929 3028	HidBth - ok
10:52:20.0960 3028	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:52:20.0960 3028	HidIr - ok
10:52:20.0991 3028	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
10:52:21.0007 3028	HidUsb - ok
10:52:21.0038 3028	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:52:21.0054 3028	HpSAMD - ok
10:52:21.0116 3028	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
10:52:21.0163 3028	HTTP - ok
10:52:21.0210 3028	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
10:52:21.0210 3028	hwpolicy - ok
10:52:21.0225 3028	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
10:52:21.0241 3028	i8042prt - ok
10:52:21.0272 3028	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys
10:52:21.0303 3028	iaStorV - ok
10:52:21.0553 3028	igfx            (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:52:21.0818 3028	igfx - ok
10:52:21.0990 3028	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:52:21.0990 3028	iirsp - ok
10:52:22.0021 3028	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
10:52:22.0037 3028	intelide - ok
10:52:22.0068 3028	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:52:22.0068 3028	intelppm - ok
10:52:22.0099 3028	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:52:22.0115 3028	IpFilterDriver - ok
10:52:22.0130 3028	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:52:22.0130 3028	IPMIDRV - ok
10:52:22.0177 3028	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:52:22.0193 3028	IPNAT - ok
10:52:22.0224 3028	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:52:22.0224 3028	IRENUM - ok
10:52:22.0255 3028	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
10:52:22.0255 3028	isapnp - ok
10:52:22.0302 3028	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
10:52:22.0318 3028	iScsiPrt - ok
10:52:22.0364 3028	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:52:22.0364 3028	kbdclass - ok
10:52:22.0380 3028	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
10:52:22.0396 3028	kbdhid - ok
10:52:22.0427 3028	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
10:52:22.0442 3028	KSecDD - ok
10:52:22.0489 3028	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
10:52:22.0505 3028	KSecPkg - ok
10:52:22.0552 3028	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:52:22.0567 3028	lltdio - ok
10:52:22.0630 3028	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:52:22.0630 3028	LSI_FC - ok
10:52:22.0676 3028	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:52:22.0676 3028	LSI_SAS - ok
10:52:22.0723 3028	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:52:22.0723 3028	LSI_SAS2 - ok
10:52:22.0754 3028	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:52:22.0770 3028	LSI_SCSI - ok
10:52:22.0817 3028	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:52:22.0817 3028	luafv - ok
10:52:22.0848 3028	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:52:22.0848 3028	megasas - ok
10:52:22.0879 3028	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:52:22.0895 3028	MegaSR - ok
10:52:22.0926 3028	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:52:22.0926 3028	Modem - ok
10:52:22.0957 3028	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:52:22.0957 3028	monitor - ok
10:52:22.0973 3028	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
10:52:22.0988 3028	mouclass - ok
10:52:23.0020 3028	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:52:23.0020 3028	mouhid - ok
10:52:23.0051 3028	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
10:52:23.0051 3028	mountmgr - ok
10:52:23.0082 3028	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
10:52:23.0098 3028	mpio - ok
10:52:23.0113 3028	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:52:23.0129 3028	mpsdrv - ok
10:52:23.0144 3028	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
10:52:23.0160 3028	MRxDAV - ok
10:52:23.0207 3028	mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:52:23.0222 3028	mrxsmb - ok
10:52:23.0238 3028	mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:52:23.0269 3028	mrxsmb10 - ok
10:52:23.0285 3028	mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:52:23.0300 3028	mrxsmb20 - ok
10:52:23.0316 3028	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
10:52:23.0316 3028	msahci - ok
10:52:23.0332 3028	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
10:52:23.0347 3028	msdsm - ok
10:52:23.0378 3028	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:52:23.0394 3028	Msfs - ok
10:52:23.0410 3028	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:52:23.0410 3028	mshidkmdf - ok
10:52:23.0441 3028	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
10:52:23.0441 3028	msisadrv - ok
10:52:23.0503 3028	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:52:23.0503 3028	MSKSSRV - ok
10:52:23.0519 3028	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:52:23.0534 3028	MSPCLOCK - ok
10:52:23.0566 3028	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:52:23.0566 3028	MSPQM - ok
10:52:23.0581 3028	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:52:23.0612 3028	MsRPC - ok
10:52:23.0628 3028	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
10:52:23.0628 3028	mssmbios - ok
10:52:23.0659 3028	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:52:23.0659 3028	MSTEE - ok
10:52:23.0675 3028	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:52:23.0675 3028	MTConfig - ok
10:52:23.0706 3028	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:52:23.0722 3028	Mup - ok
10:52:23.0768 3028	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:52:23.0800 3028	NativeWifiP - ok
10:52:23.0846 3028	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
10:52:23.0862 3028	NDIS - ok
10:52:23.0878 3028	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:52:23.0893 3028	NdisCap - ok
10:52:23.0924 3028	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:52:23.0924 3028	NdisTapi - ok
10:52:23.0971 3028	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
10:52:23.0971 3028	Ndisuio - ok
10:52:23.0987 3028	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
10:52:24.0002 3028	NdisWan - ok
10:52:24.0018 3028	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
10:52:24.0018 3028	NDProxy - ok
10:52:24.0143 3028	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:52:24.0158 3028	NetBIOS - ok
10:52:24.0190 3028	NetBT           (d6024d5ce4986119199a2a75fd3632db) C:\Windows\system32\DRIVERS\netbt.sys
10:52:24.0205 3028	Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: d6024d5ce4986119199a2a75fd3632db, Fake md5: dd52a733bf4ca5af84562a5e2f963b91
10:52:24.0205 3028	NetBT ( Rootkit.Win32.ZAccess.aml ) - infected
10:52:24.0205 3028	NetBT - detected Rootkit.Win32.ZAccess.aml (0)
10:52:24.0392 3028	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
10:52:24.0548 3028	netw5v32 - ok
10:52:24.0736 3028	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:52:24.0751 3028	nfrd960 - ok
10:52:24.0782 3028	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:52:24.0798 3028	Npfs - ok
10:52:24.0829 3028	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:52:24.0845 3028	nsiproxy - ok
10:52:24.0923 3028	Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
10:52:25.0016 3028	Ntfs - ok
10:52:25.0063 3028	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:52:25.0063 3028	Null - ok
10:52:25.0110 3028	nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
10:52:25.0126 3028	nvraid - ok
10:52:25.0188 3028	nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
10:52:25.0188 3028	nvstor - ok
10:52:25.0204 3028	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
10:52:25.0219 3028	nv_agp - ok
10:52:25.0250 3028	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
10:52:25.0250 3028	ohci1394 - ok
10:52:25.0297 3028	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:52:25.0313 3028	Parport - ok
10:52:25.0360 3028	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
10:52:25.0360 3028	partmgr - ok
10:52:25.0406 3028	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:52:25.0406 3028	Parvdm - ok
10:52:25.0453 3028	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
10:52:25.0453 3028	pci - ok
10:52:25.0500 3028	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
10:52:25.0500 3028	pciide - ok
10:52:25.0547 3028	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:52:25.0562 3028	pcmcia - ok
10:52:25.0594 3028	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:52:25.0594 3028	pcw - ok
10:52:25.0640 3028	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:52:25.0672 3028	PEAUTH - ok
10:52:25.0781 3028	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:52:25.0781 3028	PptpMiniport - ok
10:52:25.0812 3028	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:52:25.0812 3028	Processor - ok
10:52:25.0874 3028	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:52:25.0874 3028	Psched - ok
10:52:25.0937 3028	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:52:25.0984 3028	ql2300 - ok
10:52:25.0999 3028	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:52:26.0015 3028	ql40xx - ok
10:52:26.0046 3028	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:52:26.0046 3028	QWAVEdrv - ok
10:52:26.0077 3028	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:52:26.0077 3028	RasAcd - ok
10:52:26.0124 3028	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:52:26.0124 3028	RasAgileVpn - ok
10:52:26.0155 3028	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:52:26.0171 3028	Rasl2tp - ok
10:52:26.0202 3028	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:52:26.0218 3028	RasPppoe - ok
10:52:26.0249 3028	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:52:26.0249 3028	RasSstp - ok
10:52:26.0280 3028	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
10:52:26.0296 3028	rdbss - ok
10:52:26.0311 3028	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:52:26.0311 3028	rdpbus - ok
10:52:26.0342 3028	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:52:26.0342 3028	RDPCDD - ok
10:52:26.0405 3028	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
10:52:26.0405 3028	RDPDR - ok
10:52:26.0452 3028	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:52:26.0452 3028	RDPENCDD - ok
10:52:26.0483 3028	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:52:26.0483 3028	RDPREFMP - ok
10:52:26.0514 3028	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
10:52:26.0530 3028	RDPWD - ok
10:52:26.0576 3028	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
10:52:26.0576 3028	rdyboost - ok
10:52:26.0670 3028	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
10:52:26.0670 3028	RFCOMM - ok
10:52:26.0732 3028	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:52:26.0748 3028	rspndr - ok
10:52:26.0795 3028	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
10:52:26.0795 3028	s3cap - ok
10:52:26.0857 3028	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
10:52:26.0857 3028	sbp2port - ok
10:52:26.0888 3028	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
10:52:26.0904 3028	scfilter - ok
10:52:26.0966 3028	sdbus           (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
10:52:26.0966 3028	sdbus - ok
10:52:27.0013 3028	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:52:27.0029 3028	secdrv - ok
10:52:27.0076 3028	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:52:27.0076 3028	Serenum - ok
10:52:27.0107 3028	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:52:27.0122 3028	Serial - ok
10:52:27.0154 3028	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:52:27.0154 3028	sermouse - ok
10:52:27.0200 3028	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
10:52:27.0200 3028	sffdisk - ok
10:52:27.0247 3028	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:52:27.0247 3028	sffp_mmc - ok
10:52:27.0294 3028	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:52:27.0294 3028	sffp_sd - ok
10:52:27.0341 3028	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:52:27.0341 3028	sfloppy - ok
10:52:27.0388 3028	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
10:52:27.0388 3028	sisagp - ok
10:52:27.0434 3028	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:52:27.0434 3028	SiSRaid2 - ok
10:52:27.0450 3028	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:52:27.0466 3028	SiSRaid4 - ok
10:52:27.0481 3028	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:52:27.0497 3028	Smb - ok
10:52:27.0528 3028	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:52:27.0528 3028	spldr - ok
10:52:27.0622 3028	srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
10:52:27.0668 3028	srv - ok
10:52:27.0715 3028	srv2            (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
10:52:27.0746 3028	srv2 - ok
10:52:27.0809 3028	SrvHsfHDA       (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
10:52:27.0809 3028	SrvHsfHDA - ok
10:52:27.0856 3028	SrvHsfV92       (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
10:52:27.0918 3028	SrvHsfV92 - ok
10:52:27.0949 3028	SrvHsfWinac     (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
10:52:27.0980 3028	SrvHsfWinac - ok
10:52:28.0027 3028	srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
10:52:28.0043 3028	srvnet - ok
10:52:28.0168 3028	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
10:52:28.0168 3028	ssmdrv - ok
10:52:28.0230 3028	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:52:28.0230 3028	stexstor - ok
10:52:28.0308 3028	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
10:52:28.0308 3028	storflt - ok
10:52:28.0339 3028	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
10:52:28.0355 3028	storvsc - ok
10:52:28.0386 3028	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
10:52:28.0386 3028	swenum - ok
10:52:28.0495 3028	Tcpip           (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys
10:52:28.0542 3028	Tcpip - ok
10:52:28.0620 3028	TCPIP6          (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys
10:52:28.0620 3028	TCPIP6 - ok
10:52:28.0651 3028	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
10:52:28.0667 3028	tcpipreg - ok
10:52:28.0698 3028	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
10:52:28.0698 3028	TDPIPE - ok
10:52:28.0729 3028	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
10:52:28.0745 3028	TDTCP - ok
10:52:28.0776 3028	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
10:52:28.0792 3028	tdx - ok
10:52:28.0823 3028	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
10:52:28.0823 3028	TermDD - ok
10:52:28.0901 3028	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:52:28.0901 3028	tssecsrv - ok
10:52:28.0948 3028	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
10:52:28.0948 3028	tunnel - ok
10:52:28.0963 3028	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:52:28.0979 3028	uagp35 - ok
10:52:29.0010 3028	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
10:52:29.0041 3028	udfs - ok
10:52:29.0104 3028	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:52:29.0119 3028	uliagpkx - ok
10:52:29.0182 3028	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
10:52:29.0197 3028	umbus - ok
10:52:29.0213 3028	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:52:29.0228 3028	UmPass - ok
10:52:29.0291 3028	usbccgp         (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
10:52:29.0291 3028	usbccgp - ok
10:52:29.0338 3028	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
10:52:29.0338 3028	usbcir - ok
10:52:29.0400 3028	usbehci         (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
10:52:29.0400 3028	usbehci - ok
10:52:29.0431 3028	usbhub          (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
10:52:29.0509 3028	usbhub - ok
10:52:29.0540 3028	usbohci         (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
10:52:29.0540 3028	usbohci - ok
10:52:29.0572 3028	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:52:29.0572 3028	usbprint - ok
10:52:29.0634 3028	USBSTOR         (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:52:29.0634 3028	USBSTOR - ok
10:52:29.0665 3028	usbuhci         (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
10:52:29.0665 3028	usbuhci - ok
10:52:29.0743 3028	usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
10:52:29.0743 3028	usbvideo - ok
10:52:29.0821 3028	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:52:29.0821 3028	vdrvroot - ok
10:52:29.0868 3028	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:52:29.0884 3028	vga - ok
10:52:29.0915 3028	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:52:29.0915 3028	VgaSave - ok
10:52:29.0946 3028	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
10:52:29.0946 3028	vhdmp - ok
10:52:29.0993 3028	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
10:52:29.0993 3028	viaagp - ok
10:52:30.0024 3028	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:52:30.0024 3028	ViaC7 - ok
10:52:30.0071 3028	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
10:52:30.0086 3028	viaide - ok
10:52:30.0133 3028	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
10:52:30.0149 3028	vmbus - ok
10:52:30.0180 3028	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
10:52:30.0180 3028	VMBusHID - ok
10:52:30.0211 3028	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
10:52:30.0211 3028	volmgr - ok
10:52:30.0242 3028	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:52:30.0258 3028	volmgrx - ok
10:52:30.0289 3028	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
10:52:30.0305 3028	volsnap - ok
10:52:30.0336 3028	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:52:30.0336 3028	vsmraid - ok
10:52:30.0383 3028	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
10:52:30.0383 3028	vwifibus - ok
10:52:30.0445 3028	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:52:30.0445 3028	WacomPen - ok
10:52:30.0492 3028	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
10:52:30.0492 3028	WANARP - ok
10:52:30.0508 3028	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
10:52:30.0508 3028	Wanarpv6 - ok
10:52:30.0554 3028	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:52:30.0554 3028	Wd - ok
10:52:30.0601 3028	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:52:30.0617 3028	Wdf01000 - ok
10:52:30.0695 3028	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:52:30.0695 3028	WfpLwf - ok
10:52:30.0726 3028	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:52:30.0726 3028	WIMMount - ok
10:52:30.0788 3028	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:52:30.0788 3028	WmiAcpi - ok
10:52:30.0866 3028	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:52:30.0866 3028	ws2ifsl - ok
10:52:30.0913 3028	WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
10:52:30.0913 3028	WSDPrintDevice - ok
10:52:30.0960 3028	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
10:52:30.0976 3028	WudfPf - ok
10:52:31.0007 3028	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:52:31.0007 3028	WUDFRd - ok
10:52:31.0069 3028	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:52:31.0132 3028	\Device\Harddisk0\DR0 - ok
10:52:31.0132 3028	MBR (0x1B8)     (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR2
10:52:31.0288 3028	\Device\Harddisk1\DR2 - ok
10:52:31.0288 3028	Boot (0x1200)   (cf1970a99990a141d68ab8a941942eb6) \Device\Harddisk0\DR0\Partition0
10:52:31.0288 3028	\Device\Harddisk0\DR0\Partition0 - ok
10:52:31.0319 3028	Boot (0x1200)   (a76eb35fd143f30831fb86d63185e27a) \Device\Harddisk0\DR0\Partition1
10:52:31.0334 3028	\Device\Harddisk0\DR0\Partition1 - ok
10:52:31.0366 3028	Boot (0x1200)   (8d9b352d9357148842acff734fddcf19) \Device\Harddisk0\DR0\Partition2
10:52:31.0366 3028	\Device\Harddisk0\DR0\Partition2 - ok
10:52:31.0366 3028	Boot (0x1200)   (050e7189f6cfde5cd08a342cc6880901) \Device\Harddisk1\DR2\Partition0
10:52:31.0366 3028	\Device\Harddisk1\DR2\Partition0 - ok
10:52:31.0381 3028	============================================================
10:52:31.0381 3028	Scan finished
10:52:31.0381 3028	============================================================
10:52:31.0381 1108	Detected object count: 1
10:52:31.0381 1108	Actual detected object count: 1
10:54:12.0610 1108	Backup copy found, using it..
10:54:12.0656 1108	C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot
10:54:14.0029 1108	C:\Windows\System32\c_63923.nls - will be deleted on reboot
10:54:15.0012 1108	NetBT ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure
         
und nun extras.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.12.2011 11:05:47 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Raphael\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 73,04% Memory free
5,92 Gb Paging File | 5,08 Gb Available in Paging File | 85,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,86 Gb Total Space | 108,54 Gb Free Space | 37,84% Space Free | Partition Type: NTFS
Drive D: | 980,72 Mb Total Space | 958,77 Mb Free Space | 97,76% Space Free | Partition Type: FAT
Drive Q: | 9,77 Gb Total Space | 3,00 Gb Free Space | 30,70% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,65 Gb Free Space | 44,62% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO_LAPTOP | User Name: Raphael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{5C069542-CA13-4f1b-B90C-28C6430F4992}" = HP LaserJet Professional CP1520 Series
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AABE44D1-0B72-4C6B-9778-20B2317F8064}" = hpzTLBXFX
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{BEEDEC2C-D33F-4FEF-8692-A5CCE6FF6835}" = hppTLBXFXCP1520
"{D608C59B-424B-45D4-971C-5978F8564CEE}" = hppLaserJetService
"{E15C68A1-9CA5-44AC-A7F7-6C0673F196A8}" = HPLaserJetHelp_LearnCenter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FE6DB3B1-C754-405D-BCAB-F4F9C765BF35}" = hppCP1520LaserJetService
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cinergy T Stick MKII" = Cinergy T Stick MKII V9.06.3.01
"ESET Online Scanner" = ESET Online Scanner v3
"FlashGet 3.3" = FlashGet 3.3
"FlashGet(JetCar)" = FlashGet(JetCar)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Online TV Player 3_is1" = Online TV Player 5
"Videoload Manager" = Videoload Manager 2.0.2200
"VLC media player" = VLC media player 1.1.7
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.12.2011 05:06:38 | Computer Name = Lenovo_Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xd98  Startzeit der fehlerhaften Anwendung: 0x01ccc5400119520f  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 3f41a47e-3133-11e1-bbef-002269f701c6
 
Error - 28.12.2011 05:21:40 | Computer Name = Lenovo_Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xeb8  Startzeit der fehlerhaften Anwendung: 0x01ccc5421a2bb906  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 58dd4441-3135-11e1-bbef-002269f701c6
 
Error - 28.12.2011 05:23:48 | Computer Name = Lenovo_Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SH4SER~1.EXE, Version: 1.0.19.0, 
Zeitstempel: 0x4e930a80  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00452416  ID des fehlerhaften
 Prozesses: 0xa9c  Startzeit der fehlerhaften Anwendung: 0x01ccc54266441dda  Pfad der
 fehlerhaften Anwendung: C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: a523ba3d-3135-11e1-bbef-002269f701c6
 
Error - 28.12.2011 05:24:54 | Computer Name = Lenovo_Laptop | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "SpyHunter 4 Service" konnte nicht neu
 gestartet werden.
 
Error - 28.12.2011 11:33:31 | Computer Name = Lenovo_Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x9d0  Startzeit der fehlerhaften Anwendung: 0x01ccc5760c4a24ae  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 4b9de5b9-3169-11e1-905b-002269f701c6
 
Error - 28.12.2011 11:41:36 | Computer Name = Lenovo_Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x4a0  Startzeit der fehlerhaften Anwendung: 0x01ccc5772e3eb18f  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 6ca02504-316a-11e1-bb66-002269f701c6
 
Error - 28.12.2011 11:56:38 | Computer Name = Lenovo_Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x678  Startzeit der fehlerhaften Anwendung: 0x01ccc579479299c4  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 85fff41b-316c-11e1-bb66-002269f701c6
 
Error - 28.12.2011 12:01:37 | Computer Name = Lenovo_Laptop | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "MSN® Toolbar" konnte nicht heruntergefahren
 werden.
 
Error - 28.12.2011 16:55:23 | Computer Name = Lenovo_Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avguard.exe, Version: 12.1.0.18, 
Zeitstempel: 0x4e7ca198  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0040ce26  ID des fehlerhaften
 Prozesses: 0x5e4  Startzeit der fehlerhaften Anwendung: 0x01ccc5a2fa858ec9  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Avira\AntiVir Desktop\avguard.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 424a9433-3196-11e1-a9c7-002269f701c6
 
Error - 29.12.2011 06:02:44 | Computer Name = Lenovo_Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sched.exe, Version: 12.1.0.18, Zeitstempel:
 0x4e7ca198  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0040ce26  ID des fehlerhaften Prozesses:
 0x5d0  Startzeit der fehlerhaften Anwendung: 0x01ccc610f95aff43  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Avira\AntiVir Desktop\sched.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 4013bc75-3204-11e1-a799-002269f701c6
 
[ System Events ]
Error - 17.10.2011 13:27:47 | Computer Name = Lenovo_Laptop | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
 nicht richtig heruntergefahren werden.
 
Error - 19.10.2011 09:06:52 | Computer Name = Lenovo_Laptop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Bluetooth-Unterstützungsdienst erreicht.
 
Error - 19.10.2011 09:06:52 | Computer Name = Lenovo_Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bluetooth-Unterstützungsdienst" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 21.10.2011 16:57:24 | Computer Name = Lenovo_Laptop | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 24.10.2011 04:40:52 | Computer Name = Lenovo_Laptop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 SBSD Security Center Service erreicht.
 
Error - 24.10.2011 04:40:52 | Computer Name = Lenovo_Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SBSD Security Center Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 28.10.2011 18:11:11 | Computer Name = Lenovo_Laptop | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 02.11.2011 21:44:32 | Computer Name = Lenovo_Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 05.11.2011 05:21:30 | Computer Name = Lenovo_Laptop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Bandoo Coordinator erreicht.
 
Error - 05.11.2011 05:21:30 | Computer Name = Lenovo_Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bandoo Coordinator" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
 
< End of report >
         
--- --- ---

[/code]

und nun noch otl.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.12.2011 11:05:47 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Raphael\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 73,04% Memory free
5,92 Gb Paging File | 5,08 Gb Available in Paging File | 85,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,86 Gb Total Space | 108,54 Gb Free Space | 37,84% Space Free | Partition Type: NTFS
Drive D: | 980,72 Mb Total Space | 958,77 Mb Free Space | 97,76% Space Free | Partition Type: FAT
Drive Q: | 9,77 Gb Total Space | 3,00 Gb Free Space | 30,70% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,65 Gb Free Space | 44,62% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO_LAPTOP | User Name: Raphael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Raphael\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Users\Raphael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\cabd75d4716ede2fed948cbff94dcc38\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\9be84470118f84e965ff0f142701efc6\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SpyHunter 4 Service) --  File not found
SRV - (gupdatem) Google Update-Dienst (gupdatem) --  File not found
SRV - (gupdate) Google Update Service (gupdate) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech                  )
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F C3 24 B6 F3 D8 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.6.4
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll ( )
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 12:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 12:03:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Raphael\AppData\Roaming\5053 [2011.12.07 08:41:27 | 000,000,000 | ---D | M]
 
[2011.09.22 03:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Extensions
[2011.12.19 14:27:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\orc23auv.default\extensions
[2011.06.19 04:23:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\orc23auv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.12.19 14:27:17 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\orc23auv.default\extensions\toolbar@web.de
[2011.08.04 16:43:55 | 000,002,501 | ---- | M] () -- C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\orc23auv.default\searchplugins\SearchResults.xml
[2011.12.28 16:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.02 19:00:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.02 19:00:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.12.07 08:41:27 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\RAPHAEL\APPDATA\ROAMING\5053
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.02.19 03:41:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.02.19 03:41:40 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.02.19 03:41:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.04 16:43:55 | 000,002,501 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011.02.19 03:41:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.02.19 03:41:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\Jccatch.dll (FlashGet)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Raphael\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - Startup: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Raphael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Raphael\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Raphael\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{279AA4D6-97C6-42BB-97AD-EAAB512E16ED}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2D27C62-6423-4D21-A058-EB6E9F7F60AF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk Q:\
O32 - Unable to obtain root file information for disk S:\
O33 - MountPoints2\{060e9960-ea53-11e0-81c2-002269f701c6}\Shell - "" = AutoRun
O33 - MountPoints2\{060e9960-ea53-11e0-81c2-002269f701c6}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.29 11:04:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
[2011.12.29 10:51:32 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Raphael\Desktop\TDSSKiller.exe
[2011.12.29 10:41:38 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\Avira
[2011.12.29 10:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.29 10:41:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.12.29 10:41:12 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.29 10:41:12 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.29 10:41:12 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.29 10:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.28 18:43:24 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Local\ElevatedDiagnostics
[2011.12.28 18:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.28 18:36:19 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.12.28 16:35:46 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\Malwarebytes
[2011.12.28 16:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.28 16:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.28 16:35:35 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.28 16:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.28 10:24:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.12.28 09:45:48 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011.12.28 09:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011.12.28 09:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011.12.27 02:25:13 | 000,000,000 | -HSD | C] -- C:\Users\Raphael\AppData\Local\bb82545e
[2011.12.19 14:15:38 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.12.19 14:15:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.19 14:15:38 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.19 14:15:38 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.19 14:15:38 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.19 14:15:38 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.12.19 14:15:38 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.12.19 14:15:38 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.12.19 14:15:38 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.12.19 14:15:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.19 14:15:38 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.12.19 14:15:38 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.12.19 14:15:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.19 14:15:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.12.19 14:15:38 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.12.19 14:15:38 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.12.19 14:15:38 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.12.19 14:15:38 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.12.19 14:15:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.12.19 14:15:38 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.12.19 14:15:38 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.12.19 14:15:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.12.19 14:15:38 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.12.19 14:15:38 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.12.19 14:15:38 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.12.19 14:15:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.12.19 14:15:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.12.19 14:15:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.12.19 14:15:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.12.19 14:15:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.19 14:15:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.12.19 14:15:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.12.19 14:15:38 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.12.19 14:15:38 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.12.19 14:15:38 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.12.19 14:15:38 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.12.19 14:15:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.12.19 14:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons
[2011.12.09 04:09:28 | 000,000,000 | ---D | C] -- C:\TEMP
[2011.12.09 04:02:37 | 000,000,000 | ---D | C] -- C:\Users\Raphael\Documents\GPass
[2011.12.09 04:02:37 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\GPass
[2011.12.09 03:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online TV Player 5
[2011.12.09 03:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Online TV Player 5
[2011.12.07 08:41:26 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\5053
[2011.12.07 08:41:15 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\xmldm
[2011.12.07 08:41:14 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\kock
[2011.12.03 13:01:49 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\Muoh
[2011.12.03 13:01:49 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\Adxyu
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Raphael\AppData\Roaming\*.tmp files -> C:\Users\Raphael\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.29 11:09:52 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.29 11:09:52 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.29 11:09:52 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.29 11:09:52 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.29 11:03:24 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.29 11:02:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.29 11:02:18 | 2384,900,096 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.29 10:57:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
[2011.12.29 10:50:57 | 000,018,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.29 10:50:57 | 000,018,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.29 10:41:25 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.29 10:20:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.28 22:26:26 | 087,262,320 | ---- | M] () -- C:\Users\Raphael\Desktop\avira_free_antivirus_de.exe
[2011.12.28 16:36:52 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.24 01:58:19 | 021,073,936 | ---- | M] () -- C:\Users\Raphael\Documents\vlc-1.1.11-win32.exe
[2011.12.23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Raphael\Desktop\TDSSKiller.exe
[2011.12.19 14:15:38 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.12.19 14:15:38 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.19 14:15:38 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.19 14:15:38 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.19 14:15:38 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.19 14:15:38 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.12.19 14:15:38 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.12.19 14:15:38 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.12.19 14:15:38 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.12.19 14:15:38 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.19 14:15:38 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.12.19 14:15:38 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.12.19 14:15:38 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.19 14:15:38 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.12.19 14:15:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.12.19 14:15:38 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.12.19 14:15:38 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.12.19 14:15:38 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.12.19 14:15:38 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.12.19 14:15:38 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.12.19 14:15:38 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.12.19 14:15:38 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.12.19 14:15:38 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.12.19 14:15:38 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.12.19 14:15:38 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.12.19 14:15:38 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.12.19 14:15:38 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.12.19 14:15:38 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.12.19 14:15:38 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.12.19 14:15:38 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.12.19 14:15:38 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.19 14:15:38 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.12.19 14:15:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.12.19 14:15:38 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.12.19 14:15:38 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.12.19 14:15:38 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.12.19 14:15:38 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.12.19 14:15:38 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.09 04:09:00 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.12.09 03:35:20 | 000,000,010 | ---- | M] () -- C:\Windows\System32\810429tv4-test.jun
[2011.12.07 08:41:21 | 000,000,036 | ---- | M] () -- C:\Users\Raphael\AppData\Roaming\blckdom.res
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Raphael\AppData\Roaming\*.tmp files -> C:\Users\Raphael\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.29 10:41:25 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.28 22:20:10 | 087,262,320 | ---- | C] () -- C:\Users\Raphael\Desktop\avira_free_antivirus_de.exe
[2011.12.28 16:36:34 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.19 14:15:38 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.12.19 14:13:37 | 000,002,006 | ---- | C] () -- C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk
[2011.12.09 03:35:20 | 000,000,010 | ---- | C] () -- C:\Windows\System32\810429tv4-test.jun
[2011.12.07 08:41:21 | 000,000,036 | ---- | C] () -- C:\Users\Raphael\AppData\Roaming\blckdom.res
[2011.03.05 15:00:00 | 000,000,292 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2011.03.05 07:57:41 | 000,000,598 | ---- | C] () -- C:\Windows\System32\secushr.dat
[2011.03.05 07:57:25 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011.03.03 01:20:04 | 000,643,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.03.03 01:20:04 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.03.03 01:20:04 | 000,126,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.03.03 01:20:04 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009.09.16 10:44:52 | 000,003,235 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,292,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.01.03 01:09:18 | 000,000,356 | ---- | C] () -- C:\Windows\System32\AF15IrTbl.bin

< End of report >
         
--- --- ---

[end code]

Wer so was lesen kann, kann auch in der Matrix lesen ... Was meinen Sie, alles schön?

Herzliche Grüße
__________________

Alt 29.12.2011, 11:33   #4
Chris4You
 
95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert - Standard

95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert



Hi,


Fix für OTL
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
[2011.12.27 02:25:13 | 000,000,000 | -HSD | C] -- C:\Users\Raphael\AppData\Local\bb82545e
[2011.12.28 09:45:48 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011.12.07 08:41:26 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\5053
[2011.12.07 08:41:15 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\xmldm
[2011.12.07 08:41:14 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\kock
[2011.12.03 13:01:49 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\Muoh
[2011.12.03 13:01:49 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\Adxyu
[2011.12.07 08:41:21 | 000,000,036 | ---- | C] () -- C:\Users\Raphael\AppData\Roaming\blckdom.res


:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 29.12.2011, 12:07   #5
video7de
 
95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert - Standard

95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert



Lieber Chris,

ich hoffe dies ist es:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
C:\Users\Raphael\AppData\Local\bb82545e\U folder moved successfully.
C:\Users\Raphael\AppData\Local\bb82545e folder moved successfully.
C:\sh4ldr folder moved successfully.
C:\Users\Raphael\AppData\Roaming\5053\components folder moved successfully.
C:\Users\Raphael\AppData\Roaming\5053 folder moved successfully.
C:\Users\Raphael\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Raphael\AppData\Roaming\kock folder moved successfully.
C:\Users\Raphael\AppData\Roaming\Muoh folder moved successfully.
C:\Users\Raphael\AppData\Roaming\Adxyu folder moved successfully.
C:\Users\Raphael\AppData\Roaming\blckdom.res moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Raphael
->Temp folder emptied: 485566369 bytes
->Temporary Internet Files folder emptied: 66796519 bytes
->Java cache emptied: 750969 bytes
->FireFox cache emptied: 97613134 bytes
->Flash cache emptied: 1353 bytes
 
User: Sue
->Temp folder emptied: 281478 bytes
->Temporary Internet Files folder emptied: 2857811 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1459293 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1207537 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 626,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12292011_115842

Files\Folders moved on Reboot...
C:\Windows\temp\AVSETUP_4efa9388\  folder moved successfully.

Registry entries deleted on Reboot...
         
Wozu war das jetzt?

Herzliche Grüße!


Alt 29.12.2011, 13:20   #6
Chris4You
 
95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert - Standard

95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert



Hi,

REst der lieben Besucher...

Bitte noch das MAM-Log posten...

chris
__________________
--> 95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert

Alt 29.12.2011, 13:35   #7
video7de
 
95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert - Standard

95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert



Lieber Chris,

ich bitte um Entschuldigung, hab' den Suchlauf jetzt gestartet. Dauert ein bischen. Möchstest Du auch den letzten Log zum Vergleich?

Alt 29.12.2011, 14:12   #8
Chris4You
 
95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert - Standard

95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert



Hi,

ja, bitte...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 29.12.2011, 17:23   #9
video7de
 
95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert - Standard

95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert



Hi,

hier der Log nach der Ausführung Deiner Anweisungen

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.29.02

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Raphael :: LENOVO_LAPTOP [Administrator]

29.12.2011 13:32:41
mbam-log-2011-12-29 (13-32-41).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 376953
Laufzeit: 1 Stunde(n), 34 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Und so war es vorher:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.29.01

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Raphael :: LENOVO_LAPTOP [Administrator]

29.12.2011 09:22:31
mbam-log-2011-12-29 (09-22-31).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 379190
Laufzeit: 1 Stunde(n), 11 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Löschen bei Neustart.

(Ende)
         
Herzliche Grüße!

Alt 29.12.2011, 18:23   #10
Chris4You
 
95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert - Standard

95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert



Hi,

das Rootkit scheint jetzt tatsächlich vollständig erwischt worden zu sein... Hmm, sicherheitshalber lassen wir noch CureIT los...

Cureit
Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 29.12.2011, 18:38   #11
video7de
 
95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert - Standard

95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert



Nachtrag,

nach einem Neustart habe ich noch einmal ein Update von Avira Free Antivirus versucht. Jetzt zeigt er wieder als Fehler an "Planer nicht gestartet". Der Echtzeitscanner zeigt aber "ON" an. Ich habe die Version 12.01.00.18

Der OTL log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.12.2011 18:28:53 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Raphael\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 57,23% Memory free
5,92 Gb Paging File | 4,63 Gb Available in Paging File | 78,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,86 Gb Total Space | 109,35 Gb Free Space | 38,12% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 3,00 Gb Free Space | 30,70% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,65 Gb Free Space | 44,62% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO_LAPTOP | User Name: Raphael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Raphael\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Users\Raphael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\HP\HPLJUT\HPLJUTSCH.exe (Hewlett Packard)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\cabd75d4716ede2fed948cbff94dcc38\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Programme\Mozilla Firefox\js3250.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SpyHunter 4 Service) --  File not found
SRV - (gupdatem) Google Update-Dienst (gupdatem) --  File not found
SRV - (gupdate) Google Update Service (gupdate) --  File not found
SRV - (AntiVirSchedulerService) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech                  )
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F C3 24 B6 F3 D8 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.6.4
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll ( )
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 12:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 12:03:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Raphael\AppData\Roaming\5053
 
[2011.09.22 03:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Extensions
[2011.12.19 14:27:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\orc23auv.default\extensions
[2011.06.19 04:23:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\orc23auv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.12.19 14:27:17 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\orc23auv.default\extensions\toolbar@web.de
[2011.08.04 16:43:55 | 000,002,501 | ---- | M] () -- C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\orc23auv.default\searchplugins\SearchResults.xml
[2011.12.28 16:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.02 19:00:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.02 19:00:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.02.19 03:41:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.02.19 03:41:40 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.02.19 03:41:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.04 16:43:55 | 000,002,501 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011.02.19 03:41:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.02.19 03:41:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\Jccatch.dll (FlashGet)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Raphael\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - Startup: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Raphael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Raphael\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Raphael\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{279AA4D6-97C6-42BB-97AD-EAAB512E16ED}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2D27C62-6423-4D21-A058-EB6E9F7F60AF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk Q:\
O32 - Unable to obtain root file information for disk S:\
O33 - MountPoints2\{060e9960-ea53-11e0-81c2-002269f701c6}\Shell - "" = AutoRun
O33 - MountPoints2\{060e9960-ea53-11e0-81c2-002269f701c6}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.29 11:58:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.29 11:04:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
[2011.12.29 10:51:32 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Raphael\Desktop\TDSSKiller.exe
[2011.12.29 10:41:38 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\Avira
[2011.12.29 10:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.29 10:41:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.12.29 10:41:12 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.29 10:41:12 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.29 10:41:12 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.29 10:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.28 18:43:24 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Local\ElevatedDiagnostics
[2011.12.28 18:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.28 18:36:19 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.12.28 16:35:46 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\Malwarebytes
[2011.12.28 16:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.28 16:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.28 16:35:35 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.28 16:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.28 10:24:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.12.28 09:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011.12.28 09:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011.12.19 14:15:38 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.12.19 14:15:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.19 14:15:38 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.19 14:15:38 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.19 14:15:38 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.19 14:15:38 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.12.19 14:15:38 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.12.19 14:15:38 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.12.19 14:15:38 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.12.19 14:15:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.19 14:15:38 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.12.19 14:15:38 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.12.19 14:15:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.19 14:15:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.12.19 14:15:38 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.12.19 14:15:38 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.12.19 14:15:38 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.12.19 14:15:38 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.12.19 14:15:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.12.19 14:15:38 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.12.19 14:15:38 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.12.19 14:15:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.12.19 14:15:38 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.12.19 14:15:38 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.12.19 14:15:38 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.12.19 14:15:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.12.19 14:15:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.12.19 14:15:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.12.19 14:15:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.12.19 14:15:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.19 14:15:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.12.19 14:15:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.12.19 14:15:38 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.12.19 14:15:38 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.12.19 14:15:38 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.12.19 14:15:38 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.12.19 14:15:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.12.19 14:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons
[2011.12.09 04:09:28 | 000,000,000 | ---D | C] -- C:\TEMP
[2011.12.09 04:02:37 | 000,000,000 | ---D | C] -- C:\Users\Raphael\Documents\GPass
[2011.12.09 04:02:37 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\GPass
[2011.12.09 03:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online TV Player 5
[2011.12.09 03:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Online TV Player 5
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Users\Raphael\AppData\Roaming\*.tmp files -> C:\Users\Raphael\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.29 18:20:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.29 17:37:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.29 17:33:29 | 000,018,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.29 17:33:29 | 000,018,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.29 17:30:18 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.29 17:30:18 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.29 17:30:18 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.29 17:30:18 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.29 17:26:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.29 17:25:59 | 2384,900,096 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.29 10:57:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
[2011.12.29 10:41:25 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.28 22:26:26 | 087,262,320 | ---- | M] () -- C:\Users\Raphael\Desktop\avira_free_antivirus_de.exe
[2011.12.28 16:36:52 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.24 01:58:19 | 021,073,936 | ---- | M] () -- C:\Users\Raphael\Documents\vlc-1.1.11-win32.exe
[2011.12.23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Raphael\Desktop\TDSSKiller.exe
[2011.12.19 14:15:38 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.12.19 14:15:38 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.19 14:15:38 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.19 14:15:38 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.19 14:15:38 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.19 14:15:38 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.12.19 14:15:38 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.12.19 14:15:38 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.12.19 14:15:38 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.12.19 14:15:38 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.19 14:15:38 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.12.19 14:15:38 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.12.19 14:15:38 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.19 14:15:38 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.12.19 14:15:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.12.19 14:15:38 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.12.19 14:15:38 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.12.19 14:15:38 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.12.19 14:15:38 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.12.19 14:15:38 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.12.19 14:15:38 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.12.19 14:15:38 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.12.19 14:15:38 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.12.19 14:15:38 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.12.19 14:15:38 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.12.19 14:15:38 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.12.19 14:15:38 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.12.19 14:15:38 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.12.19 14:15:38 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.12.19 14:15:38 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.12.19 14:15:38 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.19 14:15:38 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.12.19 14:15:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.12.19 14:15:38 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.12.19 14:15:38 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.12.19 14:15:38 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.12.19 14:15:38 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.12.19 14:15:38 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.09 04:09:00 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.12.09 03:35:20 | 000,000,010 | ---- | M] () -- C:\Windows\System32\810429tv4-test.jun
[1 C:\Users\Raphael\AppData\Roaming\*.tmp files -> C:\Users\Raphael\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.29 10:41:25 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.28 22:20:10 | 087,262,320 | ---- | C] () -- C:\Users\Raphael\Desktop\avira_free_antivirus_de.exe
[2011.12.28 16:36:34 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.19 14:15:38 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.12.19 14:13:37 | 000,002,006 | ---- | C] () -- C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk
[2011.12.09 03:35:20 | 000,000,010 | ---- | C] () -- C:\Windows\System32\810429tv4-test.jun
[2011.03.05 15:00:00 | 000,000,292 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2011.03.05 07:57:41 | 000,000,598 | ---- | C] () -- C:\Windows\System32\secushr.dat
[2011.03.05 07:57:25 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011.03.03 01:20:04 | 000,643,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.03.03 01:20:04 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.03.03 01:20:04 | 000,126,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.03.03 01:20:04 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009.09.16 10:44:52 | 000,003,235 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,292,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.01.03 01:09:18 | 000,000,356 | ---- | C] () -- C:\Windows\System32\AF15IrTbl.bin

< End of report >
         
Herzliche Grüße

Alt 29.12.2011, 18:49   #12
video7de
 
95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert - Standard

95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert



Hi,

nur schon mal als Zwischenstand: Der Livescan von Antivir funktioniert, die aktualisierung aber nicht. Es ist also noch nicht alles OK. Jetzt erst mal CureIT ...

Alt 29.12.2011, 18:53   #13
Chris4You
 
95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert - Standard

95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert



Hi,

die ist draufgegangen...
SRV - (AntiVirSchedulerService) -- File not found
Wobei...
Hmm...
Aber CureIT läuft ja... in einem anderen Thread hat pikanter Weise das liebe Teil sich über den AntiVirSchedulerService kopiert, da war das File auch nichtmehr zu finden ... und natürlich tat das update dann auch nicht...
Aber CureIT sollte das finden (zumindest bei einem Scan von CD aus)...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 29.12.2011, 19:07   #14
video7de
 
95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert - Standard

95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert



Hi,

Dr. Web meldet infizierte Objekte in einem Archiv - soll ich wirkich erst mal nichts verschieben bzw nein für alle?

Alt 29.12.2011, 20:37   #15
Chris4You
 
95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert - Standard

95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert



Hi,

was für Archive? Sind normalerweise nicht ausführbar, außer Du packst die Dinge mal aus und startest sie... Your decision...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu 95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert
antivir, antivir guard nicht mehr aktivierbar, anzeige, avira, avira antivir, browser, computer, fehlermeldung, film, live, malwarebytes, mediashifting.com, neu, neustart, nicht mehr, problem, probleme, programm, rechner, redirect google search, scan, seite, suchergebnisse, update, virenscanner, wichtig, windows




Ähnliche Themen: 95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert


  1. Google-Redirect und Sicherheitscenter-Dienst deaktiviert
    Log-Analyse und Auswertung - 25.11.2017 (12)
  2. McAfee Echtzeit-Scan deaktiviert sich automatisch
    Log-Analyse und Auswertung - 31.10.2015 (6)
  3. McAfee AntiVir Plus Echtzeit-Scan deaktiviert sich ständig
    Antiviren-, Firewall- und andere Schutzprogramme - 28.04.2014 (10)
  4. McAfee Echtzeit Scan deaktiviert, PC-Scan nicht möglich
    Log-Analyse und Auswertung - 01.11.2013 (7)
  5. Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu
    Log-Analyse und Auswertung - 07.08.2013 (25)
  6. McAfee Echtzeitscann deaktiviert , kein Scan möglich
    Log-Analyse und Auswertung - 06.06.2013 (15)
  7. McAfee Echtzeitscan deaktiviert und kein Scan möglich
    Plagegeister aller Art und deren Bekämpfung - 20.03.2013 (17)
  8. Google Redirect Virus und Windows Sicherheitscenter deaktiviert und lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 10.03.2013 (16)
  9. Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen
    Log-Analyse und Auswertung - 26.12.2012 (32)
  10. Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert
    Log-Analyse und Auswertung - 16.12.2012 (10)
  11. McAffee deaktiviert den Echtzeit-Scan
    Log-Analyse und Auswertung - 10.10.2012 (3)
  12. Google-Redirect und Sicherheitscenter-Dienst deaktiviert
    Log-Analyse und Auswertung - 01.03.2012 (21)
  13. 95p.com redirect/ mediashiftig.com Öffnen sich
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (11)
  14. goingonearth Redirect & Windows Sicherheitscenter deaktiviert
    Log-Analyse und Auswertung - 21.06.2011 (24)
  15. Windows Update deaktiviert sich - Antivir Seiten gesperrt
    Log-Analyse und Auswertung - 03.10.2009 (29)
  16. Google redirect, firefox crash, avira antivir update nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 11.04.2009 (6)
  17. Google Redirect - Programme Schließen - Antivir deaktiviert sich - Rechner lahmt
    Log-Analyse und Auswertung - 02.03.2009 (1)

Zum Thema 95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert - Sehr geehrte Leser, in der vorletzten Nacht habe ich mir ein Problem eingehandelt, das so oder so ähnlich auch qxFabixpe, DanyRibi und einige andere haben. Ich benutze Windows 7, Avira - 95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert...
Archiv
Du betrachtest: 95p.com redirect/ mediashiftig.com / Antivir update und live scan deaktiviert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.