Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 24.03.2012, 15:20   #1
timgeorc
 
TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar - Standard

TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar



Hallo Forum!

Zunächst einmal ein großes Lob - habe hier schon viele gute Informationen und ich hoffe, dass mir jemand weiterhelfen kann ;-)

Plötzlich wurden alle Programme runtergefahren, ein Pseudo-System Check öffnete sich, viele Popups, keine Eingabe mehr möglich, aus das Ausführen des Taskmanagers ging nicht mehr. Nach einem Neustart war der komplette Desktop leer, alle Programme (Start-Menü) verschwunden, keine Eingabe mehr möglich. Auch im Dos-Modus über Konsole keine Ordner/Programme mehr.

Free AV und Windows eigene Scanner haben folgendes gefunden:

- TR/Crypt.PEPM.Gen
- EXP/CVE-2010-0840
- Java.Inject.U
- TR/Crypt.XPACK.Gen in SoftwareUpdate.exe
- TR/Crypt.XPACK.Gen in CE49.tmp

Bisher habe ich abgesehendie folgenden Programme laufen lassen:

-Defogger
-DDS
-GMER


DDS-Text
Code:
ATTFilter
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421
Run by tim at 1:15:47 on 2012-03-24
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2985.1002 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Intel\Services\IPT\jhi_service.exe
C:\Windows\system32\DRIVERS\o2flash.exe
c:\Windows\system32\srvany.exe
c:\Windows\system32\SDIOAssist.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Mesh\WLSync.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Mesh\MOE.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uStart Page = hxxp://www.google.de/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\users\tim\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IntelPROSet] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [DFEPApplication] c:\program files\dell\feature enhancement pack\DFEPApplication.exe
mRun: [TdmNotify] c:\program files\dell\dell data protection\access\advanced\wave\trusted drive manager\TdmNotify.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [<NO NAME>] 
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [LexwareInfoService] c:\program files\common files\lexware\update manager\LxUpdateManager.exe /autostart
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [ACPW05EN] "c:\program files\acd systems\acdsee pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: An OneNote s&enden - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: In Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 213.191.92.86 62.109.123.7
TCP: Interfaces\{4B8CF7C7-5844-48B7-93C0-009D803A38C3} : DhcpNameServer = 213.191.92.86 62.109.123.7
TCP: Interfaces\{4B8CF7C7-5844-48B7-93C0-009D803A38C3}\142736F627D2731433631383F554B425 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4B8CF7C7-5844-48B7-93C0-009D803A38C3}\3516D636F6E6 : DhcpNameServer = 89.0.0.63
TCP: Interfaces\{4B8CF7C7-5844-48B7-93C0-009D803A38C3}\3736866FE686F6C6A7 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4B8CF7C7-5844-48B7-93C0-009D803A38C3}\75F4F4D4542514F5E45445 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F8DBC941-330C-4470-8F09-24C7E44A34EB} : NameServer = 193.189.244.225 193.189.244.206
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - 
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
AppInit_DLLs: c:\windows\system32\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tim\appdata\roaming\mozilla\firefox\profiles\7ninmsum.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/webhp?hl=de&tab=fw
FF - prefs.js: network.proxy.ftp - 108.62.148.233
FF - prefs.js: network.proxy.ftp_port - 19755
FF - prefs.js: network.proxy.http - 108.62.148.233
FF - prefs.js: network.proxy.http_port - 19755
FF - prefs.js: network.proxy.socks - 108.62.148.233
FF - prefs.js: network.proxy.socks_port - 19755
FF - prefs.js: network.proxy.ssl - 108.62.148.233
FF - prefs.js: network.proxy.ssl_port - 19755
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\tim\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys [2012-1-5 20328]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2012-1-4 17904]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-23 36000]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-1-4 81920]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-3-23 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-3-23 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-23 74640]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2011-5-11 826272]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2011-5-11 31648]
R2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\dell\feature enhancement pack\DFEPService.exe [2011-8-24 1568664]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2012-1-10 13336]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-1-5 112800]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2011-2-24 212944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-1-4 1997416]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\system32\srvany.exe [2012-1-5 8192]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-6-5 378472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2012-1-5 2656536]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\dell\dell data protection\access\advanced\wave\authentication manager\WaveAMService.exe [2011-7-1 1131520]
R2 ZcfgSvc7;Intel(R) PROSet/Wireless ZeroConfig Service;c:\program files\intel\wifi\bin\ZCfgSvc7.exe [2010-12-23 577536]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2012-1-5 44144]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2012-1-5 302120]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-1-5 33832]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2012-1-5 144576]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2011-5-10 33896]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2012-1-5 268968]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-1-5 41088]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-1-5 7434240]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2012-1-5 62440]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2012-1-5 63976]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2012-1-5 134144]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-1-31 201168]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2012-1-31 101120]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2012-1-5 132480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2010-11-21 126464]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-1-5 139368]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfw7.sys [2012-1-5 60904]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2010-11-21 19456]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-10 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-03-23 23:52:15	--------	d-----w-	c:\users\tim\appdata\local\{FEFAFC49-B184-41C0-A871-5C71A3F12A93}
2012-03-23 23:51:09	--------	d-----w-	c:\users\tim\appdata\local\{08821E59-7892-4EAA-A1F7-5119AC2F7BA8}
2012-03-23 21:20:51	--------	d-----w-	c:\users\tim\appdata\roaming\Avira
2012-03-23 21:15:36	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-03-23 21:15:36	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-03-23 21:15:36	--------	d-----w-	c:\programdata\Avira
2012-03-23 21:15:36	--------	d-----w-	c:\program files\Avira
2012-03-23 11:45:35	--------	d--h--w-	c:\users\tim\appdata\roaming\MySEOSolution_DB_Dir
2012-03-23 11:45:31	--------	d--h--w-	c:\users\tim\appdata\local\MySEOSolution
2012-03-23 11:45:01	--------	d-----w-	c:\program files\Article Wizard
2012-03-23 09:42:21	--------	d--h--w-	c:\users\tim\appdata\local\{271870CF-448E-45AE-ADAF-24E6C25DD9D3}
2012-03-23 09:41:13	--------	d--h--w-	c:\users\tim\appdata\local\{80C75872-6458-4FDD-85F2-872AC216C186}
2012-03-23 08:46:08	6582328	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{ed53bb12-40c8-43c0-9af5-412feb0ce39d}\mpengine.dll
2012-03-22 21:16:46	--------	d--h--w-	c:\users\tim\appdata\local\{0F31B976-6470-4CDA-AB61-6EEAFD8B5DA2}
2012-03-22 21:16:35	--------	d--h--w-	c:\users\tim\appdata\local\{AE10FD9E-B7AA-4DD9-9429-F0D8AF7ECF01}
2012-03-22 09:16:12	--------	d--h--w-	c:\users\tim\appdata\local\{ACA94B5F-F5EE-4D38-BD0C-23E2B76B00BF}
2012-03-22 09:16:02	--------	d--h--w-	c:\users\tim\appdata\local\{0FF106DB-FDCF-4A36-85A5-E143421CA464}
2012-03-21 21:15:38	--------	d--h--w-	c:\users\tim\appdata\local\{87BF61A4-1BEF-434D-B77B-1AFDC1423516}
2012-03-21 09:15:17	--------	d--h--w-	c:\users\tim\appdata\local\{DB66502F-A12D-471F-89D0-2CDD4B5CDC8F}
2012-03-21 09:14:40	--------	d--h--w-	c:\users\tim\appdata\local\{086299ED-B6C4-4D03-8944-3FDAB5EE1CFE}
2012-03-20 20:45:40	--------	d--h--w-	c:\users\tim\appdata\local\{89784105-383F-479A-8D2D-FCFC253DD7BE}
2012-03-20 08:45:09	--------	d--h--w-	c:\users\tim\appdata\local\{2A120F72-14C2-4E6C-8AE3-6A9FBE90F23F}
2012-03-20 08:44:01	--------	d--h--w-	c:\users\tim\appdata\local\{63E822B4-FFDD-4204-A230-3C391B080AC1}
2012-03-19 20:22:54	--------	d--h--w-	c:\users\tim\appdata\local\{E1C86CA5-75F1-47E1-ABFD-7CD215FA519C}
2012-03-19 20:22:45	--------	d--h--w-	c:\users\tim\appdata\local\{3A38CCD4-BE0D-4E5E-BFAE-EE02FCF2266D}
2012-03-19 08:22:21	--------	d--h--w-	c:\users\tim\appdata\local\{DB96986A-90C8-4415-A142-F59E0EF194C8}
2012-03-19 08:20:45	--------	d--h--w-	c:\users\tim\appdata\local\{E6F2045E-0915-4F6B-9DE2-C67E840F9C06}
2012-03-18 13:08:29	--------	d--h--w-	c:\users\tim\appdata\local\{45580A3C-5A36-43D0-93C4-DB1097E6E8E7}
2012-03-18 13:08:19	--------	d--h--w-	c:\users\tim\appdata\local\{3753E0A4-F2F2-4A06-9CA1-17F2A8D8E88A}
2012-03-17 17:18:51	592824	----a-w-	c:\program files\mozilla firefox\gkmedias.dll
2012-03-17 17:18:51	44472	----a-w-	c:\program files\mozilla firefox\mozglue.dll
2012-03-17 09:56:34	--------	d--h--w-	c:\users\tim\appdata\local\{B9E53D4C-C04B-4D26-B76E-72CF91D01485}
2012-03-17 09:54:59	--------	d--h--w-	c:\users\tim\appdata\local\{5DBA6D5D-1FCF-4FE3-B0D3-B5F2611F8E18}
2012-03-16 18:07:13	--------	d-----w-	c:\users\tim\appdata\local\ElevatedDiagnostics
2012-03-16 12:15:44	--------	d--h--w-	c:\users\tim\appdata\local\{BF4CBE36-31C9-44D7-B875-37C8D3479205}
2012-03-16 12:15:34	--------	d--h--w-	c:\users\tim\appdata\local\{80CAC4A6-B04D-4BA3-9167-C18E9FF4B919}
2012-03-15 23:37:39	--------	d--h--w-	c:\users\tim\appdata\local\{9A36813A-FD9C-41C1-A104-89DDD11564ED}
2012-03-15 23:37:29	--------	d--h--w-	c:\users\tim\appdata\local\{46C0BD45-A012-4F59-AE7E-DFB423D78EB5}
2012-03-15 10:36:24	--------	d--h--w-	c:\users\tim\appdata\local\{1AFC7E61-B75C-46FB-8DC2-4E14509ECA6A}
2012-03-15 10:34:48	--------	d--h--w-	c:\users\tim\appdata\local\{C5D4F8A9-F1F1-4E79-ADF0-B6C843A50CEC}
2012-03-14 12:32:00	--------	d-----w-	c:\windows\system32\appmgmt
2012-03-14 12:13:21	--------	d-----w-	c:\windows\system32\32bit
2012-03-14 11:36:24	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-14 11:36:24	3913584	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 11:32:21	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 11:32:20	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 11:31:51	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 11:31:51	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-14 11:31:51	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:31:50	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:31:49	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 11:31:49	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:29:02	--------	d--h--w-	c:\users\tim\appdata\local\{AA9E8203-F10E-451D-BFCF-3F9C0CB1F49F}
2012-03-14 11:28:51	--------	d--h--w-	c:\users\tim\appdata\local\{ED9E28F4-55E8-46FF-8187-2CD7435F3D70}
2012-03-13 09:17:42	--------	d--h--w-	c:\users\tim\appdata\local\{F517FB15-9A96-4D9B-BBA3-FD678B57EBC8}
2012-03-12 14:57:06	--------	d--h--w-	c:\users\tim\appdata\local\{5335B526-C3CC-43C1-9E0A-2A74C1FD64FF}
2012-03-12 14:56:55	--------	d--h--w-	c:\users\tim\appdata\local\{E4AA9C88-0C5D-4230-844C-4059EFCEFA59}
2012-03-10 11:26:45	--------	d--h--w-	c:\users\tim\appdata\local\{8E246D73-9CCC-4F26-A45D-B6ABDDC192E4}
2012-03-10 11:26:34	--------	d--h--w-	c:\users\tim\appdata\local\{E5CE3353-BC33-4878-9BA1-1283B5299E50}
2012-03-10 00:16:48	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-03-09 22:03:13	--------	d--h--w-	c:\users\tim\appdata\local\{7598CAA2-2F46-4C3F-A828-BBC2B8E22200}
2012-03-09 22:03:01	--------	d--h--w-	c:\users\tim\appdata\local\{ED4828B2-024A-4FD5-A9FB-24A60B37A25C}
2012-03-09 12:51:22	--------	d--h--w-	C:\Black
2012-03-09 10:02:28	--------	d--h--w-	c:\users\tim\appdata\local\{E6B01C48-1723-46CA-9731-17D5B678E83F}
2012-03-08 22:01:50	--------	d--h--w-	c:\users\tim\appdata\local\{1D32F748-3217-4EE9-A668-CCA6F81F58F3}
2012-03-08 10:01:10	--------	d--h--w-	c:\users\tim\appdata\local\{6DC01205-E85F-47EE-B5B1-2A94690358D6}
2012-03-08 10:00:57	--------	d--h--w-	c:\users\tim\appdata\local\{6E042693-057C-40D0-AE0F-006D227B44B4}
2012-03-07 21:10:02	--------	d--h--w-	c:\users\tim\appdata\local\{E5D1EFA8-E8A1-4AF5-AB4F-791C7C996881}
2012-03-07 09:09:28	--------	d--h--w-	c:\users\tim\appdata\local\{EC6A002E-6DAF-4249-976B-11215EB7624B}
2012-03-07 09:09:16	--------	d--h--w-	c:\users\tim\appdata\local\{86F45F20-359B-48DA-9FD3-BED0A3C8F45F}
2012-03-06 20:58:21	--------	d--h--w-	c:\users\tim\appdata\local\{6CF797DF-06AC-48D2-B457-FDFEB0DD7D2F}
2012-03-06 20:58:10	--------	d--h--w-	c:\users\tim\appdata\local\{13B5A5C2-01C7-4623-B653-F8F7032CCB02}
2012-03-06 08:57:33	--------	d--h--w-	c:\users\tim\appdata\local\{C1246D82-F5C7-4705-8800-42B2299BE262}
2012-03-06 08:57:22	--------	d--h--w-	c:\users\tim\appdata\local\{A699392E-0403-4548-AACC-3713158919D1}
2012-03-05 22:34:54	--------	d--h--w-	c:\users\tim\appdata\local\{97DF9F08-92EB-4BFC-9BB9-816E38B90E0C}
2012-03-05 19:57:25	--------	d--h--w-	c:\users\tim\appdata\roaming\DataDesign
2012-03-05 10:34:18	--------	d--h--w-	c:\users\tim\appdata\local\{0F922214-881D-459E-AF9A-29BCFD4FBB04}
2012-03-05 10:34:07	--------	d--h--w-	c:\users\tim\appdata\local\{81522F1E-AF6B-4FB3-A48E-D9DA98BB7BFE}
2012-03-02 09:26:58	--------	d--h--w-	c:\users\tim\appdata\local\{10248E99-FCD5-4DBC-BD8D-A2C88B8BB222}
2012-03-02 09:26:46	--------	d--h--w-	c:\users\tim\appdata\local\{A6DAB23E-0950-4836-BDD4-FAB2BF3D65B2}
2012-03-01 21:26:13	--------	d--h--w-	c:\users\tim\appdata\local\{2F467FBD-3EBE-4282-8C5D-8B88C2267795}
2012-03-01 21:26:02	--------	d--h--w-	c:\users\tim\appdata\local\{6308FC79-414A-4532-920F-81F430981621}
2012-03-01 09:44:04	131072	----a-w-	c:\windows\system32\DellSPMsg.dll
2012-03-01 09:25:32	--------	d--h--w-	c:\users\tim\appdata\local\{F94A49AB-B7FC-47C4-A20C-A0D6EFBCB36C}
2012-02-29 11:08:29	--------	d--h--w-	c:\users\tim\appdata\local\{748CC442-51FD-4FA0-A241-0A0E6CBA10FE}
2012-02-29 11:08:19	--------	d--h--w-	c:\users\tim\appdata\local\{0EDA4505-C612-477C-A70E-EAF717A42136}
2012-02-28 23:07:48	--------	d--h--w-	c:\users\tim\appdata\local\{03501109-3989-49CC-9303-490010641B9E}
2012-02-28 23:07:32	--------	d--h--w-	c:\users\tim\appdata\local\{58A09299-50FF-41AF-A282-BFA6423AE1DB}
2012-02-28 11:04:52	--------	d--h--w-	c:\users\tim\appdata\local\{35A9597E-5562-41E2-888A-DCAB973F061C}
2012-02-28 11:04:41	--------	d--h--w-	c:\users\tim\appdata\local\{80BBCC43-1885-4392-8F2E-A15402859A2F}
2012-02-27 23:04:08	--------	d--h--w-	c:\users\tim\appdata\local\{9C52CD55-1CBE-462D-BDC2-8DCC9C1A81F0}
2012-02-27 23:03:54	--------	d--h--w-	c:\users\tim\appdata\local\{D44D7871-94C5-4B7F-961A-67C8E6055433}
2012-02-27 11:03:18	--------	d--h--w-	c:\users\tim\appdata\local\{7694AC0F-5DC5-4BA7-AAE3-7477FA04321B}
2012-02-26 13:14:57	--------	d--h--w-	c:\users\tim\appdata\local\{7E602F4A-F8C8-4E38-801E-87669497DBAC}
2012-02-26 13:14:45	--------	d--h--w-	c:\users\tim\appdata\local\{D21EA966-0F3F-4FAE-AFED-C5DCE9FF22D7}
2012-02-25 12:11:30	--------	d--h--w-	c:\users\tim\appdata\local\{8CFA108B-66CA-4C3A-B836-000D7F938271}
2012-02-25 12:11:19	--------	d--h--w-	c:\users\tim\appdata\local\{BE3D9C9D-92A6-440E-BC7A-A4CD7D2C564B}
2012-02-25 00:10:49	--------	d--h--w-	c:\users\tim\appdata\local\{DE350CA9-4EE7-4EDF-A009-9AC17CF6067F}
2012-02-24 12:10:20	--------	d--h--w-	c:\users\tim\appdata\local\{A7874EA8-F078-4BC8-B59D-A32F381BAC3C}
2012-02-24 12:10:09	--------	d--h--w-	c:\users\tim\appdata\local\{C25BF937-C6DE-4CE8-B42A-548A298C212B}
2012-02-24 00:09:45	--------	d--h--w-	c:\users\tim\appdata\local\{8F27F645-3CED-4F33-B44E-4BAAD0635222}
2012-02-23 12:09:24	--------	d--h--w-	c:\users\tim\appdata\local\{C3CFB9F6-7EB8-47C3-9B19-6DFDA530F9D8}
.
==================== Find3M  ====================
.
2012-02-23 08:18:36	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-16 09:45:53	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-10 12:28:16	0	----a-w-	c:\windows\invcol.tmp
2012-01-05 01:52:59	119808	----a-w-	c:\windows\system32\umpo.dll
2012-01-05 00:19:33	505128	----a-w-	c:\windows\system32\msvcp71.dll
2012-01-05 00:19:33	353576	----a-w-	c:\windows\system32\msvcr71.dll
2012-01-05 00:19:33	29480	----a-w-	c:\windows\system32\msxml3a.dll
2012-01-05 00:08:44	93224	----a-w-	c:\windows\system32\drivers\btwaudio.sys
2012-01-05 00:08:44	33832	----a-w-	c:\windows\system32\drivers\btwl2cap.sys
2012-01-05 00:08:44	302120	----a-w-	c:\windows\system32\drivers\btwampfl.sys
2012-01-05 00:08:44	18728	----a-w-	c:\windows\system32\drivers\btwrchid.sys
2012-01-05 00:08:44	114728	----a-w-	c:\windows\system32\drivers\btwavdt.sys
2012-01-04 08:58:41	442880	----a-w-	c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56	478720	----a-w-	c:\windows\system32\timedate.cpl
.
============= FINISH:  1:16:08,03 ===============
         
Ich hoffe wirklich, dass mir hier jemand helfen kann - schon mal im voraus!

Alt 24.03.2012, 16:13   #2
markusg
/// Malware-holic
 
TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar - Standard

TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar



hi,
öffne avira, ereignisse, poste die fundmeldungen komplett.
falls es ein scan war, avira, berichte, kompletten scan bericht posten, den mit funden.
danach:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 24.03.2012, 19:16   #3
timgeorc
 
TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar - Standard

TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar



Hi Markus!

Danke für die Hilfe!!

Ereignisse aus Avira

Code:
ATTFilter
Exportierte Ereignisse:

24.03.2012 00:48 [System Scanner] Malware gefunden
      Die Datei 
      'C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\12e69ce6-739481d
      d'
      enthielt einen Virus oder unerwünschtes Programm 'JAVA/Inject.U' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0070dd99.qua' 
      verschoben!

24.03.2012 00:48 [System Scanner] Malware gefunden
      Die Datei 
      'C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\65d69226-71ad306
      c'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2010-0840' [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '522c876c.qua' 
      verschoben!

24.03.2012 00:48 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\tim\Documents\GOLDPUNKT OMA\Arbeitsmaterialien\SEO 
      Tools\SBOX\Addons\sboutbound.sb'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.PEPM.Gen' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ab6af26.qua' 
      verschoben!

24.03.2012 00:48 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\tim\AppData\Local\Temp\CE49.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '23b0b888.qua' 
      verschoben!

24.03.2012 00:48 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\tim\AppData\Local\Temp\SoftwareUpdate.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6646959c.qua' 
      verschoben!
         
OTL

Code:
ATTFilter
OTL logfile created on: 24.03.2012 19:00:54 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\tim\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,91 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 56,82% Memory free
5,83 Gb Paging File | 4,37 Gb Available in Paging File | 75,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,28 Gb Total Space | 130,02 Gb Free Space | 57,71% Space Free | Partition Type: NTFS
 
Computer Name: GOLDKISTE | User Name: tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.24 18:58:13 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe
PRC - [2012.01.31 08:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.31 08:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.05 02:53:03 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012.01.05 02:53:02 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.01.03 08:23:11 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011.08.24 23:15:32 | 001,568,664 | ---- | M] (Dell Inc.) -- c:\Programme\Dell\Feature Enhancement Pack\DFEPService.exe
PRC - [2011.08.24 23:15:20 | 006,306,712 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\Feature Enhancement Pack\DFEPApplication.exe
PRC - [2011.08.10 16:39:48 | 001,313,640 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\itype.exe
PRC - [2011.08.10 16:39:48 | 000,412,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2011.08.08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.08.08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.07.25 16:43:18 | 000,686,704 | ---- | M] () -- C:\Programme\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2011.07.21 00:09:46 | 000,505,720 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2011.07.01 20:28:34 | 001,131,520 | ---- | M] (Wave Systems Corp.) -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
PRC - [2011.06.29 17:51:24 | 000,112,800 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe
PRC - [2011.06.05 06:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.06.05 06:20:20 | 000,803,944 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.06.05 05:31:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.28 00:39:28 | 002,605,424 | ---- | M] (Wave Systems Corp.) -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
PRC - [2011.05.28 00:39:18 | 000,214,384 | ---- | M] (Wave Systems Corp.) -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
PRC - [2011.05.11 07:15:08 | 000,826,272 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2011.05.11 07:15:08 | 000,031,648 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2011.04.13 20:41:22 | 000,057,680 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.03.08 22:52:08 | 000,227,328 | -H-- | M] (Dell Computer Corporation) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2011.02.24 07:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Services\IPT\jhi_service.exe
PRC - [2011.02.08 07:48:18 | 000,660,768 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2011.01.25 10:57:18 | 000,536,668 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2011.01.25 10:57:18 | 000,274,514 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2010.12.23 21:04:26 | 000,936,208 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2010.12.23 21:04:10 | 001,210,640 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2010.12.23 20:55:44 | 000,577,536 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\ZCfgSvc7.exe
PRC - [2010.12.23 20:48:40 | 000,481,552 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 22:29:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.01 23:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2010.09.15 18:14:36 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Programme\Common Files\SPBA\upeksvr.exe
PRC - [2010.08.14 02:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\System32\SDIOAssist.exe
PRC - [2010.07.07 22:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2010.05.31 23:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2010.03.12 17:42:02 | 000,462,993 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010.02.11 02:50:50 | 000,072,296 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
PRC - [2009.03.03 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe
PRC - [2003.04.19 03:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.16 10:43:32 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\bc264c7dba2096c2c88080090bf42600\IAStorUtil.ni.dll
MOD - [2012.02.16 10:36:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.16 10:35:57 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.16 10:35:52 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.16 10:35:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.16 10:35:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.16 10:35:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.16 10:35:36 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.01.26 13:29:55 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll
MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2012.01.05 02:52:59 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.01.04 17:58:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.07.25 16:43:18 | 000,686,704 | ---- | M] () -- C:\Programme\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2011.06.10 19:36:34 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011.06.05 16:22:00 | 000,004,096 | ---- | M] () -- C:\Programme\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011.05.05 00:04:04 | 000,355,432 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nView\nvShell.dll
MOD - [2011.05.05 00:04:02 | 001,558,120 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nView\nView.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.11.21 01:45:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.02.27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.03.10 13:30:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.10 22:11:30 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.08.24 23:15:32 | 001,568,664 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Programme\Dell\Feature Enhancement Pack\DFEPService.exe -- (DFEPService)
SRV - [2011.08.08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.08.08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011.07.01 20:28:34 | 001,131,520 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
SRV - [2011.06.29 17:51:24 | 000,112,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.06.05 06:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.06.05 05:31:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.05.28 00:39:28 | 002,605,424 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2011.05.24 22:13:38 | 001,508,232 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2011.05.11 07:15:08 | 000,826,272 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2011.05.11 07:15:08 | 000,031,648 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.24 07:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R)
SRV - [2011.02.17 16:08:52 | 001,633,280 | ---- | M] () [Auto | Stopped] -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2011.02.08 07:48:18 | 000,660,768 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.01.25 10:57:18 | 000,274,514 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010.12.23 21:04:26 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010.12.23 20:55:44 | 000,577,536 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7) Intel(R)
SRV - [2010.12.23 20:48:40 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010.11.25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010.11.25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.09.22 23:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.02.11 02:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.03 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2003.04.19 03:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\srvany.exe -- (O2SDIOAssist)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.01.31 08:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.01.31 08:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 21:28:26 | 000,044,144 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\accelern.sys -- (Acceler)
DRV - [2011.07.20 18:36:42 | 000,268,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress) Intel(R)
DRV - [2011.07.19 23:24:20 | 000,011,008 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HBtnKey.sys -- (HBtnKey)
DRV - [2011.07.15 21:30:50 | 000,017,904 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2011.06.05 16:22:00 | 010,581,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.06.05 16:22:00 | 000,020,328 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)
DRV - [2011.05.26 19:50:30 | 000,305,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2011.05.10 21:05:48 | 000,033,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2011.05.10 11:41:30 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.03.23 22:50:58 | 000,063,976 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdjw7.sys -- (O2SDJRDR)
DRV - [2011.01.25 10:57:18 | 000,435,200 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011.01.04 23:41:58 | 000,062,440 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\O2MDRw7.sys -- (O2MDRRDR)
DRV - [2011.01.04 22:44:06 | 000,060,904 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2mdfw7.sys -- (O2MDFRDR)
DRV - [2010.12.21 20:07:44 | 007,434,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 22:29:03 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.20 03:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel(R)
DRV - [2010.07.21 20:13:40 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2010.02.27 01:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.12.07 19:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.16 23:07:42 | 000,144,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.05.28 17:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKLM\..\SearchScopes\{D633CD86-8500-4D76-AFF1-2B31A057F4A0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{AE420E34-B413-4D93-ACC3-279F27852A26}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\tim\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\tim\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.01.10 22:59:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.17 18:18:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.17 18:03:01 | 000,000,000 | ---D | M]
 
[2012.02.08 14:51:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\tim\AppData\Roaming\Mozilla\Extensions
[2012.02.08 14:51:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\tim\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012.03.13 17:50:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions
[2012.03.13 17:50:41 | 000,000,000 | -H-D | M] (FireShot) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012.01.26 10:21:39 | 000,000,000 | -H-D | M] (TradeManager-Plugin) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2012.01.26 10:21:40 | 000,000,000 | -H-D | M] ("OutWit Kernel") -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}
[2012.01.26 10:21:42 | 000,000,000 | -H-D | M] (ColorZilla) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012.03.13 16:04:26 | 000,000,000 | -H-D | M] (FT DeepDark) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012.01.26 10:21:18 | 000,000,000 | -H-D | M] ("OutWit Hub") -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\base-outfit@outwit.com
[2012.01.26 10:21:27 | 000,000,000 | -H-D | M] (Delicious Extension) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\delicious@vjkarunapg.com
[2012.01.26 10:21:28 | 000,000,000 | -H-D | M] (Разпознаване на устройство Logitech) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\DeviceDetection@logitech.com
[2012.01.26 10:21:35 | 000,000,000 | -H-D | M] ("Xmarks") -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\foxmarks@kei.com
[2012.01.26 10:21:35 | 000,000,000 | -H-D | M] (Page Ruler) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\jid1-g0J5YenAv9JWlA@jetpack
[2012.01.26 10:21:37 | 000,000,000 | -H-D | M] (Linky) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\linky@gemal.dk
[2012.01.26 10:21:37 | 000,000,000 | -H-D | M] ([verify-U]-AVS) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\verify-u_2@cybits.de
[2012.02.01 15:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.17 18:18:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.20 17:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\tim\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\tim\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\tim\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: NapsterLink (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\tim\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Google Mail = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACPW05EN] C:\Program Files\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DFEPApplication] c:\Programme\Dell\Feature Enhancement Pack\DFEPApplication.exe (Dell Inc.)
O4 - HKLM..\Run: [FreeFallProtection] C:\Programme\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TdmNotify] C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.74.19 62.109.123.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B8CF7C7-5844-48B7-93C0-009D803A38C3}: DhcpNameServer = 213.191.74.19 62.109.123.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8DBC941-330C-4470-8F09-24C7E44A34EB}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{81926905-4c0c-11e1-97ed-74de2b9c8e2e}\Shell - "" = AutoRun
O33 - MountPoints2\{81926905-4c0c-11e1-97ed-74de2b9c8e2e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{81926912-4c0c-11e1-97ed-74de2b9c8e2e}\Shell - "" = AutoRun
O33 - MountPoints2\{81926912-4c0c-11e1-97ed-74de2b9c8e2e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c04531e0-4d78-11e1-ac4b-100ba9101ce0}\Shell - "" = AutoRun
O33 - MountPoints2\{c04531e0-4d78-11e1-ac4b-100ba9101ce0}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{c691bbe7-4c5b-11e1-97d4-74de2b9c8e2e}\Shell - "" = AutoRun
O33 - MountPoints2\{c691bbe7-4c5b-11e1-97d4-74de2b9c8e2e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {713D3715-4B10-B951-7BCB-A1F8A741D1B5} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.24 18:57:59 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe
[2012.03.24 18:41:42 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\{2FB28022-CE87-4063-951A-149C08A6338D}
[2012.03.24 18:40:35 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\{9133C499-B5F9-4905-83AF-48B000237585}
[2012.03.24 15:22:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.24 01:15:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\tim\Desktop\dds.com
[2012.03.24 00:52:15 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\{FEFAFC49-B184-41C0-A871-5C71A3F12A93}
[2012.03.24 00:51:09 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\{08821E59-7892-4EAA-A1F7-5119AC2F7BA8}
[2012.03.23 22:20:51 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Roaming\Avira
[2012.03.23 22:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.03.23 22:15:36 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.03.23 22:15:36 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.03.23 22:15:36 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.03.23 22:15:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.03.23 22:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.03.23 22:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.03.23 21:49:54 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.23 12:45:35 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Roaming\MySEOSolution_DB_Dir
[2012.03.23 12:45:31 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\MySEOSolution
[2012.03.23 12:45:01 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Article Wizard
[2012.03.23 12:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Article Wizard
[2012.03.23 10:42:21 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{271870CF-448E-45AE-ADAF-24E6C25DD9D3}
[2012.03.23 10:41:13 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{80C75872-6458-4FDD-85F2-872AC216C186}
[2012.03.22 22:16:46 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{0F31B976-6470-4CDA-AB61-6EEAFD8B5DA2}
[2012.03.22 22:16:35 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{AE10FD9E-B7AA-4DD9-9429-F0D8AF7ECF01}
[2012.03.22 10:16:12 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{ACA94B5F-F5EE-4D38-BD0C-23E2B76B00BF}
[2012.03.22 10:16:02 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{0FF106DB-FDCF-4A36-85A5-E143421CA464}
[2012.03.21 22:15:38 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{87BF61A4-1BEF-434D-B77B-1AFDC1423516}
[2012.03.21 10:15:17 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{DB66502F-A12D-471F-89D0-2CDD4B5CDC8F}
[2012.03.21 10:14:40 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{086299ED-B6C4-4D03-8944-3FDAB5EE1CFE}
[2012.03.20 21:45:40 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{89784105-383F-479A-8D2D-FCFC253DD7BE}
[2012.03.20 09:45:09 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{2A120F72-14C2-4E6C-8AE3-6A9FBE90F23F}
[2012.03.20 09:44:01 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{63E822B4-FFDD-4204-A230-3C391B080AC1}
[2012.03.19 21:22:54 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{E1C86CA5-75F1-47E1-ABFD-7CD215FA519C}
[2012.03.19 21:22:45 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{3A38CCD4-BE0D-4E5E-BFAE-EE02FCF2266D}
[2012.03.19 09:22:21 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{DB96986A-90C8-4415-A142-F59E0EF194C8}
[2012.03.19 09:20:45 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{E6F2045E-0915-4F6B-9DE2-C67E840F9C06}
[2012.03.18 14:08:29 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{45580A3C-5A36-43D0-93C4-DB1097E6E8E7}
[2012.03.18 14:08:19 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{3753E0A4-F2F2-4A06-9CA1-17F2A8D8E88A}
[2012.03.17 10:56:34 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{B9E53D4C-C04B-4D26-B76E-72CF91D01485}
[2012.03.17 10:54:59 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{5DBA6D5D-1FCF-4FE3-B0D3-B5F2611F8E18}
[2012.03.16 19:07:13 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\ElevatedDiagnostics
[2012.03.16 13:15:44 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{BF4CBE36-31C9-44D7-B875-37C8D3479205}
[2012.03.16 13:15:34 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{80CAC4A6-B04D-4BA3-9167-C18E9FF4B919}
[2012.03.16 00:37:39 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{9A36813A-FD9C-41C1-A104-89DDD11564ED}
[2012.03.16 00:37:29 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{46C0BD45-A012-4F59-AE7E-DFB423D78EB5}
[2012.03.15 11:36:24 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{1AFC7E61-B75C-46FB-8DC2-4E14509ECA6A}
[2012.03.15 11:34:48 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{C5D4F8A9-F1F1-4E79-ADF0-B6C843A50CEC}
[2012.03.14 13:32:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012.03.14 13:13:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\32bit
[2012.03.14 12:29:02 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{AA9E8203-F10E-451D-BFCF-3F9C0CB1F49F}
[2012.03.14 12:28:51 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{ED9E28F4-55E8-46FF-8187-2CD7435F3D70}
[2012.03.13 10:17:42 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{F517FB15-9A96-4D9B-BBA3-FD678B57EBC8}
[2012.03.12 15:57:06 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{5335B526-C3CC-43C1-9E0A-2A74C1FD64FF}
[2012.03.12 15:56:55 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{E4AA9C88-0C5D-4230-844C-4059EFCEFA59}
[2012.03.10 13:30:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012.03.10 12:26:45 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{8E246D73-9CCC-4F26-A45D-B6ABDDC192E4}
[2012.03.10 12:26:34 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{E5CE3353-BC33-4878-9BA1-1283B5299E50}
[2012.03.09 23:03:13 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{7598CAA2-2F46-4C3F-A828-BBC2B8E22200}
[2012.03.09 23:03:01 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{ED4828B2-024A-4FD5-A9FB-24A60B37A25C}
[2012.03.09 13:51:22 | 000,000,000 | -H-D | C] -- C:\Black
[2012.03.09 11:02:28 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{E6B01C48-1723-46CA-9731-17D5B678E83F}
[2012.03.08 23:01:50 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{1D32F748-3217-4EE9-A668-CCA6F81F58F3}
[2012.03.08 11:01:10 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{6DC01205-E85F-47EE-B5B1-2A94690358D6}
[2012.03.08 11:00:57 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{6E042693-057C-40D0-AE0F-006D227B44B4}
[2012.03.07 22:10:02 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{E5D1EFA8-E8A1-4AF5-AB4F-791C7C996881}
[2012.03.07 10:09:28 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{EC6A002E-6DAF-4249-976B-11215EB7624B}
[2012.03.07 10:09:16 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{86F45F20-359B-48DA-9FD3-BED0A3C8F45F}
[2012.03.06 21:58:21 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{6CF797DF-06AC-48D2-B457-FDFEB0DD7D2F}
[2012.03.06 21:58:10 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{13B5A5C2-01C7-4623-B653-F8F7032CCB02}
[2012.03.06 09:57:33 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{C1246D82-F5C7-4705-8800-42B2299BE262}
[2012.03.06 09:57:22 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{A699392E-0403-4548-AACC-3713158919D1}
[2012.03.05 23:34:54 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{97DF9F08-92EB-4BFC-9BB9-816E38B90E0C}
[2012.03.05 20:57:25 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Roaming\DataDesign
[2012.03.05 11:34:18 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{0F922214-881D-459E-AF9A-29BCFD4FBB04}
[2012.03.05 11:34:07 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{81522F1E-AF6B-4FB3-A48E-D9DA98BB7BFE}
[2012.03.02 16:59:52 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.03.02 10:26:58 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{10248E99-FCD5-4DBC-BD8D-A2C88B8BB222}
[2012.03.02 10:26:46 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{A6DAB23E-0950-4836-BDD4-FAB2BF3D65B2}
[2012.03.01 22:26:13 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{2F467FBD-3EBE-4282-8C5D-8B88C2267795}
[2012.03.01 22:26:02 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{6308FC79-414A-4532-920F-81F430981621}
[2012.03.01 10:44:04 | 000,131,072 | ---- | C] (Dell, Inc.) -- C:\Windows\System32\DellSPMsg.dll
[2012.03.01 10:25:32 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{F94A49AB-B7FC-47C4-A20C-A0D6EFBCB36C}
[2012.02.29 12:08:29 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{748CC442-51FD-4FA0-A241-0A0E6CBA10FE}
[2012.02.29 12:08:19 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{0EDA4505-C612-477C-A70E-EAF717A42136}
[2012.02.29 00:07:48 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{03501109-3989-49CC-9303-490010641B9E}
[2012.02.29 00:07:32 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{58A09299-50FF-41AF-A282-BFA6423AE1DB}
[2012.02.28 12:04:52 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{35A9597E-5562-41E2-888A-DCAB973F061C}
[2012.02.28 12:04:41 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{80BBCC43-1885-4392-8F2E-A15402859A2F}
[2012.02.28 00:04:08 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{9C52CD55-1CBE-462D-BDC2-8DCC9C1A81F0}
[2012.02.28 00:03:54 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{D44D7871-94C5-4B7F-961A-67C8E6055433}
[2012.02.27 12:03:18 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{7694AC0F-5DC5-4BA7-AAE3-7477FA04321B}
[2012.02.26 14:14:57 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{7E602F4A-F8C8-4E38-801E-87669497DBAC}
[2012.02.26 14:14:45 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{D21EA966-0F3F-4FAE-AFED-C5DCE9FF22D7}
[2012.02.25 13:11:30 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{8CFA108B-66CA-4C3A-B836-000D7F938271}
[2012.02.25 13:11:19 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{BE3D9C9D-92A6-440E-BC7A-A4CD7D2C564B}
[2012.02.25 01:10:49 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{DE350CA9-4EE7-4EDF-A009-9AC17CF6067F}
[2012.02.24 13:10:20 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{A7874EA8-F078-4BC8-B59D-A32F381BAC3C}
[2012.02.24 13:10:09 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{C25BF937-C6DE-4CE8-B42A-548A298C212B}
[2012.02.24 01:09:45 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{8F27F645-3CED-4F33-B44E-4BAAD0635222}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\tim\Desktop\*.tmp files -> C:\Users\tim\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.24 18:58:13 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe
[2012.03.24 18:47:16 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.24 18:47:16 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.24 18:44:29 | 000,711,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.24 18:44:29 | 000,666,084 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.24 18:44:29 | 000,152,664 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.24 18:44:29 | 000,125,444 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.24 18:40:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.24 18:39:56 | 2347,417,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.24 15:17:11 | 000,004,574 | ---- | M] () -- C:\Users\tim\Desktop\Logfiles.zip
[2012.03.24 15:04:00 | 000,001,112 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1369712254-226175664-1249323534-1002UA.job
[2012.03.24 01:34:34 | 000,302,592 | ---- | M] () -- C:\Users\tim\Desktop\c4g1rcis.exe
[2012.03.24 01:20:08 | 000,302,592 | ---- | M] () -- C:\Users\tim\Desktop\dsqkremy.exe
[2012.03.24 01:15:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\tim\Desktop\dds.com
[2012.03.24 01:14:20 | 000,000,000 | ---- | M] () -- C:\Users\tim\defogger_reenable
[2012.03.24 01:13:21 | 000,050,477 | ---- | M] () -- C:\Users\tim\Desktop\Defogger.exe
[2012.03.23 22:17:46 | 001,941,713 | ---- | M] () -- C:\Users\tim\Desktop\bookmarks.html
[2012.03.23 22:15:38 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.23 22:03:14 | 087,227,952 | ---- | M] () -- C:\Users\tim\Desktop\avira_free_antivirus_de.exe
[2012.03.23 21:49:55 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~aRVSajHSHnPUwD
[2012.03.23 21:49:55 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~aRVSajHSHnPUwDr
[2012.03.23 21:49:51 | 000,000,336 | -H-- | M] () -- C:\ProgramData\aRVSajHSHnPUwD
[2012.03.23 17:04:00 | 000,001,060 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1369712254-226175664-1249323534-1002Core.job
[2012.03.23 12:45:02 | 000,002,975 | -H-- | M] () -- C:\Users\tim\Desktop\Article Wizard.lnk
[2012.03.23 10:51:44 | 000,001,456 | -H-- | M] () -- C:\Users\tim\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.03.22 21:04:35 | 000,002,392 | -H-- | M] () -- C:\Users\tim\Desktop\Google Chrome.lnk
[2012.03.21 12:02:30 | 017,533,723 | -H-- | M] () -- C:\Users\tim\Desktop\kayschlaf.wmv
[2012.03.14 18:03:57 | 000,038,468 | -H-- | M] () -- C:\Users\tim\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012.03.14 13:21:57 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2012.03.14 12:40:10 | 003,851,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.10 00:08:19 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.03.08 12:11:16 | 000,648,902 | -H-- | M] () -- C:\Users\tim\Desktop\ExCam handout.pdf
[2012.03.05 13:45:36 | 000,005,032 | -H-- | M] () -- C:\Users\tim\Desktop\GOLDPUNKT OMA - Verknüpfung.lnk
[2012.03.01 22:56:19 | 000,219,683 | -H-- | M] () -- C:\Users\tim\Desktop\sample-advanced.csv
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\tim\Desktop\*.tmp files -> C:\Users\tim\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.24 15:17:11 | 000,004,574 | ---- | C] () -- C:\Users\tim\Desktop\Logfiles.zip
[2012.03.24 01:34:32 | 000,302,592 | ---- | C] () -- C:\Users\tim\Desktop\c4g1rcis.exe
[2012.03.24 01:20:06 | 000,302,592 | ---- | C] () -- C:\Users\tim\Desktop\dsqkremy.exe
[2012.03.24 01:14:20 | 000,000,000 | ---- | C] () -- C:\Users\tim\defogger_reenable
[2012.03.24 01:13:20 | 000,050,477 | ---- | C] () -- C:\Users\tim\Desktop\Defogger.exe
[2012.03.23 22:17:45 | 001,941,713 | ---- | C] () -- C:\Users\tim\Desktop\bookmarks.html
[2012.03.23 22:15:38 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.23 22:02:24 | 087,227,952 | ---- | C] () -- C:\Users\tim\Desktop\avira_free_antivirus_de.exe
[2012.03.23 21:49:55 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~aRVSajHSHnPUwD
[2012.03.23 21:49:55 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~aRVSajHSHnPUwDr
[2012.03.23 21:49:51 | 000,000,336 | -H-- | C] () -- C:\ProgramData\aRVSajHSHnPUwD
[2012.03.23 12:45:02 | 000,002,975 | -H-- | C] () -- C:\Users\tim\Desktop\Article Wizard.lnk
[2012.03.21 12:01:48 | 017,533,723 | -H-- | C] () -- C:\Users\tim\Desktop\kayschlaf.wmv
[2012.03.14 17:43:51 | 000,038,468 | -H-- | C] () -- C:\Users\tim\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012.03.10 00:08:19 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.03.08 12:11:14 | 000,648,902 | -H-- | C] () -- C:\Users\tim\Desktop\ExCam handout.pdf
[2012.03.05 13:45:36 | 000,005,032 | -H-- | C] () -- C:\Users\tim\Desktop\GOLDPUNKT OMA - Verknüpfung.lnk
[2012.03.02 16:59:54 | 000,002,392 | -H-- | C] () -- C:\Users\tim\Desktop\Google Chrome.lnk
[2012.03.02 16:59:23 | 000,001,112 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1369712254-226175664-1249323534-1002UA.job
[2012.03.02 16:59:23 | 000,001,060 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1369712254-226175664-1249323534-1002Core.job
[2012.03.01 21:35:46 | 000,219,683 | -H-- | C] () -- C:\Users\tim\Desktop\sample-advanced.csv
[2012.02.09 11:39:13 | 000,001,456 | -H-- | C] () -- C:\Users\tim\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.02.05 21:05:50 | 000,000,132 | -H-- | C] () -- C:\Users\tim\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.01.26 17:33:03 | 000,021,916 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2012.01.25 19:00:51 | 000,000,425 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2012.01.25 19:00:51 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.01.25 18:59:44 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2012.01.25 18:59:39 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2012.01.05 02:48:56 | 000,982,016 | ---- | C] () -- C:\Windows\System32\taboem.dll
[2012.01.05 02:48:26 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2012.01.05 02:48:26 | 000,218,304 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2012.01.05 02:48:26 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012.01.05 02:48:26 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.01.05 02:48:25 | 013,906,944 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.05 02:48:25 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2012.01.05 02:48:25 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012.01.05 02:48:25 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.01.05 01:15:04 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2012.01.05 01:15:02 | 000,308,624 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll
[2012.01.05 01:15:02 | 000,205,192 | ---- | C] () -- C:\Windows\System32\bipbsp.dll
[2012.01.05 01:13:13 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2012.01.05 01:13:03 | 000,032,256 | ---- | C] () -- C:\Windows\System32\instsrv.exe
[2012.01.05 01:13:03 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.06.05 06:20:52 | 001,613,548 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2011.05.13 00:33:50 | 000,074,752 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2011.05.13 00:33:48 | 000,087,040 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2011.05.13 00:33:46 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2011.05.13 00:33:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2011.05.13 00:33:44 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2011.05.13 00:33:40 | 000,088,064 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2011.05.13 00:33:38 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2011.05.13 00:33:38 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2011.05.13 00:33:36 | 000,091,136 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2011.05.13 00:33:34 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2011.05.13 00:33:34 | 000,084,480 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2011.05.13 00:33:32 | 000,095,744 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2011.05.13 00:33:30 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2011.05.13 00:33:28 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2011.05.13 00:33:28 | 000,074,752 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2011.05.13 00:33:26 | 000,074,240 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2011.05.13 00:33:24 | 000,090,624 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2011.05.13 00:33:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2011.05.13 00:33:22 | 000,093,184 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2011.05.13 00:33:20 | 000,092,160 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2011.05.13 00:33:20 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2011.05.13 00:33:18 | 000,096,256 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2011.05.13 00:33:16 | 000,078,848 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2011.05.13 00:33:14 | 000,093,696 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2011.05.13 00:33:14 | 000,080,384 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2011.05.13 00:33:12 | 000,093,696 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2011.05.13 00:33:10 | 000,093,184 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2011.05.13 00:33:08 | 000,094,720 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2011.05.13 00:33:06 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2011.03.21 23:13:58 | 000,012,288 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2010.11.21 01:46:14 | 000,711,412 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 01:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 01:46:14 | 000,152,664 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 01:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.08.20 00:18:20 | 001,008,640 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
 
========== LOP Check ==========
 
[2012.02.06 22:26:59 | 000,000,000 | -H-D | M] -- C:\Users\tim\AppData\Roaming\ACD Systems
[2012.03.05 20:57:25 | 000,000,000 | -H-D | M] -- C:\Users\tim\AppData\Roaming\DataDesign
[2012.03.19 13:24:08 | 000,000,000 | -H-D | M] -- C:\Users\tim\AppData\Roaming\FileZilla
[2012.01.27 11:54:03 | 000,000,000 | -H-D | M] -- C:\Users\tim\AppData\Roaming\FireShot
[2012.01.26 12:22:23 | 000,000,000 | -H-D | M] -- C:\Users\tim\AppData\Roaming\gnupg
[2012.01.25 18:55:34 | 000,000,000 | -H-D | M] -- C:\Users\tim\AppData\Roaming\Lexware
[2012.03.23 19:06:24 | 000,000,000 | -H-D | M] -- C:\Users\tim\AppData\Roaming\MySEOSolution_DB_Dir
[2012.01.25 18:22:57 | 000,000,000 | -H-D | M] -- C:\Users\tim\AppData\Roaming\OpenOffice.org
[2012.03.15 11:34:29 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.02.17 17:58:06 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.01.05 01:08:40 | 000,000,000 | -H-D | M] -- C:\Apps
[2012.03.09 13:51:22 | 000,000,000 | -H-D | M] -- C:\Black
[2012.03.24 18:39:56 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2012.03.01 10:43:59 | 000,000,000 | -H-D | M] -- C:\dell
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.01.10 13:25:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.01.05 02:48:45 | 000,000,000 | -H-D | M] -- C:\Drivers
[2012.01.10 14:10:24 | 000,000,000 | -H-D | M] -- C:\Intel
[2012.02.05 15:05:48 | 000,000,000 | -H-D | M] -- C:\Logs
[2012.01.26 17:42:45 | 000,000,000 | -H-D | M] -- C:\Macromedia
[2012.01.10 21:22:44 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.23 22:15:36 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.23 22:15:36 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.01.10 13:25:37 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.03.24 19:02:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.10 13:25:43 | 000,000,000 | ---D | M] -- C:\Users
[2012.03.23 22:00:09 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2012.01.05 02:53:03 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2012.01.05 02:53:03 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2012.01.05 02:53:03 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.11.06 03:39:18 | 000,354,840 | -H-- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Drivers\storage\R291720\iaStor.sys
[2010.11.06 03:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\drivers\iaStor.sys
[2010.11.06 03:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1d4bb208009ee37\iaStor.sys
[2010.11.06 03:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_b507f73c7f31069a\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2012.01.05 02:53:02 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2012.01.05 02:53:02 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2012.01.05 02:53:02 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2012.01.05 02:53:02 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2012.01.05 02:53:02 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2012.01.05 02:53:02 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2012.01.05 02:53:02 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2012.01.05 02:53:02 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2011.11.08 13:15:28 | 000,003,312 | -H-- | M] () -- C:\Users\tim\.ganttproject
[2011.11.08 13:15:28 | 000,037,483 | -H-- | M] () -- C:\Users\tim\.ganttproject.log
[2012.03.24 01:14:20 | 000,000,000 | ---- | M] () -- C:\Users\tim\defogger_reenable
[2011.11.24 16:36:08 | 000,000,078 | -H-- | M] () -- C:\Users\tim\fwactivation.log
[2012.03.24 19:00:49 | 005,767,168 | -HS- | M] () -- C:\Users\tim\NTUSER.DAT
[2012.03.24 19:00:49 | 000,262,144 | -HS- | M] () -- C:\Users\tim\ntuser.dat.LOG1
[2012.01.10 13:25:48 | 000,000,000 | -HS- | M] () -- C:\Users\tim\ntuser.dat.LOG2
[2012.01.10 13:47:05 | 000,065,536 | -HS- | M] () -- C:\Users\tim\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2012.01.10 13:47:05 | 000,524,288 | -HS- | M] () -- C:\Users\tim\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2012.01.10 13:47:05 | 000,524,288 | -HS- | M] () -- C:\Users\tim\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.01.10 13:25:48 | 000,000,020 | -HS- | M] () -- C:\Users\tim\ntuser.ini
[2011.11.08 13:01:16 | 000,001,924 | -H-- | M] () -- C:\Users\tim\Untitled Gantt Project-chart.html
[2011.11.08 13:01:16 | 000,001,714 | -H-- | M] () -- C:\Users\tim\Untitled Gantt Project-resources.html
[2011.11.08 13:01:16 | 000,003,524 | -H-- | M] () -- C:\Users\tim\Untitled Gantt Project-tasks.html
[2011.11.08 13:01:16 | 000,001,921 | -H-- | M] () -- C:\Users\tim\Untitled Gantt Project.html
[2011.11.08 13:01:16 | 000,009,633 | -H-- | M] () -- C:\Users\tim\Untitled Gantt Project.png
[2011.11.08 13:01:16 | 000,003,055 | -H-- | M] () -- C:\Users\tim\Untitled Gantt Project.res.png
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
__________________

Alt 24.03.2012, 19:17   #4
timgeorc
 
TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar - Standard

TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar



Extras

Code:
ATTFilter
OTL Extras logfile created on: 24.03.2012 19:00:54 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\tim\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,91 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 56,82% Memory free
5,83 Gb Paging File | 4,37 Gb Available in Paging File | 75,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,28 Gb Total Space | 130,02 Gb Free Space | 57,71% Space Free | Partition Type: NTFS
 
Computer Name: GOLDKISTE | User Name: tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{0CCAF47C-E428-48C2-82B2-5F25CE1D67DA}" = Gemalto
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11FCA050-2066-4351-A336-748D838C049C}" = Adobe Creative Suite 5 Web Premium
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{24C152B6-544C-4B64-A4CA-575843C0CFE6}" = Article Wizard
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 30
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}" = ACDSee Pro 5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{414B7B9C-B353-4821-9393-78AE034079E7}" = NTRU TCG Software Stack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43034BED-DF67-4CC8-8D13-D18B0298F402}" = Lexware büro easy 2011
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-490CW
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel(R) PROSet/Wireless WiFi-Software
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63CD55E5-2938-46FA-88E6-AE8EADDC7937}" = Wave Infrastructure Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E3BA00-6B3D-466B-96FA-6309A7F42BB0}" = Adobe Flash Player 10 ActiveX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7FA89EC8-023D-4AEA-94E2-32820FBBDC44}" = Dell ControlVault Host Components Installer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90899269-554B-4672-9F8D-4A2A0D0AF5B5}" = Intel(R) Network Connections 16.5.2.0
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}" = Dell Feature Enhancement Pack
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7FB9195-E9FC-4316-930E-D799D5D712F7}" = Dell Backup and Recovery Manager
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD3068DE-D53B-4CE8-B2BC-32E1323441CD}" = PC-CCID
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C8E00BC8-D619-4081-813A-6B5BCC846534}" = Lexware Elster
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1999042-FC82-4098-96B8-510A857C8EA8}" = Google AdWords Editor
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F6995FC4-2D91-4169-B3C4-7C51B7123902}" = Lexware online banking
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"3F930CC3EE841B82D6D463716B5F67BD240BBD46" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5)
"7-Zip" = 7-Zip 9.20
"812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1" = Outlook Backup Assistant 6 (Vollversion)
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dell Webcam Central" = Dell Webcam Central
"FileZilla Client" = FileZilla Client 3.5.3
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 16.5.2.0
"Screaming Frog SEO Spider" = Screaming Frog SEO Spider
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.03.2012 15:54:20 | Computer Name = goldkiste | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/20 20:54:20.612]: [00002488]: SendSKeySettingToDevice::
 Snmp Load Error[0] To[192.168.0.100]  
 
Error - 20.03.2012 16:07:45 | Computer Name = goldkiste | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/20 21:07:45.447]: [00002488]: SendSKeySettingToDevice::
 Snmp Load Error[0] To[192.168.0.100]  
 
Error - 20.03.2012 16:12:07 | Computer Name = goldkiste | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/20 21:12:07.543]: [00002488]: SendSKeySettingToDevice::
 Snmp Load Error[0] To[192.168.0.100]  
 
Error - 20.03.2012 16:17:22 | Computer Name = goldkiste | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/20 21:17:22.993]: [00002488]: SendSKeySettingToDevice::
 Snmp Load Error[0] To[192.168.0.100]  
 
Error - 20.03.2012 16:19:24 | Computer Name = goldkiste | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\outlook
 backup assistant\AddIn\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\outlook backup assistant\AddIn\adxloader.dll.Manifest" in Zeile
 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 20.03.2012 16:19:24 | Computer Name = goldkiste | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 20.03.2012 16:19:25 | Computer Name = goldkiste | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\O2Micro\Oz600\DPInst64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.03.2012 16:19:53 | Computer Name = goldkiste | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Adobe\adobe
 media encoder cs5\PhotoshopServer.exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\Adobe\adobe media encoder cs5\PhotoshopServer.exe" in Zeile 2.
Mehrere
 requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 20.03.2012 16:44:19 | Computer Name = goldkiste | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/20 21:44:19.668]: [00002488]: SendSKeySettingToDevice::
 Snmp Load Error[-1] To[192.168.0.100]  
 
Error - 20.03.2012 16:45:29 | Computer Name = goldkiste | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/20 21:45:29.508]: [00002488]: SendSKeySettingToDevice::
 Snmp Load Error[0] To[192.168.0.100]  
 
[ System Events ]
Error - 21.03.2012 08:10:38 | Computer Name = goldkiste | Source = bowser | ID = 8003
Description = 
 
Error - 21.03.2012 08:46:38 | Computer Name = goldkiste | Source = bowser | ID = 8003
Description = 
 
Error - 21.03.2012 08:58:38 | Computer Name = goldkiste | Source = bowser | ID = 8003
Description = 
 
Error - 21.03.2012 09:47:36 | Computer Name = goldkiste | Source = bowser | ID = 8003
Description = 
 
Error - 22.03.2012 05:13:42 | Computer Name = goldkiste | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.36 TCS" ist vom Dienst "TPM-Basisdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%0
 
Error - 22.03.2012 12:03:42 | Computer Name = goldkiste | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.36 TCS" ist vom Dienst "TPM-Basisdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%0
 
Error - 22.03.2012 14:13:34 | Computer Name = goldkiste | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.36 TCS" ist vom Dienst "TPM-Basisdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%0
 
Error - 22.03.2012 16:57:44 | Computer Name = goldkiste | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.36 TCS" ist vom Dienst "TPM-Basisdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%0
 
Error - 23.03.2012 04:42:30 | Computer Name = goldkiste | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.36 TCS" ist vom Dienst "TPM-Basisdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%0
 
Error - 23.03.2012 05:40:50 | Computer Name = goldkiste | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.36 TCS" ist vom Dienst "TPM-Basisdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%0
 
 
< End of report >
         

Alt 25.03.2012, 19:08   #5
markusg
/// Malware-holic
 
TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar - Standard

TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.03.2012, 19:56   #6
timgeorc
 
TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar - Standard

TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar



Hi!

Wow - Verknüpfungen, Programme und Dateien sind wieder da!

Hier die Logdatei

Code:
ATTFilter
ComboFix 12-03-22.01 - tim 25.03.2012  20:45:45.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2985.1620 [GMT 2:00]
ausgeführt von:: c:\users\tim\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~aRVSajHSHnPUwD
c:\programdata\~aRVSajHSHnPUwDr
c:\programdata\aRVSajHSHnPUwD
c:\users\tim\AppData\Local\assembly\tmp
c:\users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\windows\system32\instsrv.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-25 bis 2012-03-25  ))))))))))))))))))))))))))))))
.
.
2012-03-23 21:20 . 2012-03-23 21:20	--------	d-----w-	c:\users\tim\AppData\Roaming\Avira
2012-03-23 21:15 . 2012-03-23 21:15	--------	d-----w-	c:\programdata\Avira
2012-03-23 21:15 . 2012-03-23 21:15	--------	d-----w-	c:\program files\Avira
2012-03-23 21:15 . 2012-01-31 07:56	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-03-23 21:15 . 2012-01-31 07:56	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-03-23 21:15 . 2011-09-16 15:08	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-03-23 11:45 . 2012-03-23 18:06	--------	d--h--w-	c:\users\tim\AppData\Roaming\MySEOSolution_DB_Dir
2012-03-23 11:45 . 2012-03-23 11:45	--------	d--h--w-	c:\users\tim\AppData\Local\MySEOSolution
2012-03-23 11:45 . 2012-03-23 11:45	--------	d-----w-	c:\program files\Article Wizard
2012-03-23 08:46 . 2012-03-14 02:15	6582328	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED53BB12-40C8-43C0-9AF5-412FEB0CE39D}\mpengine.dll
2012-03-17 17:18 . 2012-03-17 17:18	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-17 17:18 . 2012-03-17 17:18	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 18:07 . 2012-03-16 18:07	--------	d-----w-	c:\users\tim\AppData\Local\ElevatedDiagnostics
2012-03-14 12:13 . 2010-05-12 02:11	--------	d-----w-	c:\windows\system32\32bit
2012-03-14 11:36 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-14 11:36 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 11:32 . 2012-02-03 03:54	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 11:32 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 11:31 . 2012-02-17 05:34	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 11:31 . 2012-02-17 04:14	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:31 . 2012-02-17 04:13	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-14 11:31 . 2012-01-25 05:27	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:31 . 2012-01-25 05:32	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 11:31 . 2012-01-25 05:32	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-10 00:16 . 2012-03-10 00:16	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-03-09 12:51 . 2012-03-09 12:51	--------	d-----w-	C:\Black
2012-03-05 19:57 . 2012-03-05 19:57	--------	d--h--w-	c:\users\tim\AppData\Roaming\DataDesign
2012-03-01 09:44 . 2009-09-02 05:13	131072	----a-w-	c:\windows\system32\DellSPMsg.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2012-01-10 12:44	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-16 09:45 . 2012-01-05 00:01	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-26 10:16 . 2010-06-24 17:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-10 12:28 . 2012-01-10 12:28	0	----a-w-	c:\windows\invcol.tmp
2012-01-05 01:53 . 2012-01-05 01:53	86528	----a-w-	c:\windows\system32\SearchFilterHost.exe
2012-01-05 01:53 . 2012-01-05 01:53	666624	----a-w-	c:\windows\system32\mssvp.dll
2012-01-05 01:53 . 2012-01-05 01:53	59392	----a-w-	c:\windows\system32\msscntrs.dll
2012-01-05 01:53 . 2012-01-05 01:53	427520	----a-w-	c:\windows\system32\SearchIndexer.exe
2012-01-05 01:53 . 2012-01-05 01:53	337408	----a-w-	c:\windows\system32\mssph.dll
2012-01-05 01:53 . 2012-01-05 01:53	31232	----a-w-	c:\windows\system32\prevhost.exe
2012-01-05 01:53 . 2012-01-05 01:53	197120	----a-w-	c:\windows\system32\mssphtb.dll
2012-01-05 01:53 . 2012-01-05 01:53	164352	----a-w-	c:\windows\system32\SearchProtocolHost.exe
2012-01-05 01:53 . 2012-01-05 01:53	1549312	----a-w-	c:\windows\system32\tquery.dll
2012-01-05 01:53 . 2012-01-05 01:53	1401344	----a-w-	c:\windows\system32\mssrch.dll
2012-01-05 01:53 . 2012-01-26 17:56	2616320	----a-w-	c:\windows\explorer - Kopie.exe
2012-01-05 01:53 . 2012-01-05 01:53	75776	----a-w-	c:\windows\system32\psisrndr.ax
2012-01-05 01:53 . 2012-01-05 01:53	741376	----a-w-	c:\windows\system32\inetcomm.dll
2012-01-05 01:53 . 2012-01-05 01:53	70656	----a-w-	c:\windows\system32\fontsub.dll
2012-01-05 01:53 . 2012-01-05 01:53	60416	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
2012-01-05 01:53 . 2012-01-05 01:53	465408	----a-w-	c:\windows\system32\psisdecd.dll
2012-01-05 01:53 . 2012-01-05 01:53	393728	----a-w-	c:\windows\system32\drivers\bthport.sys
2012-01-05 01:53 . 2012-01-05 01:53	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-01-05 01:53 . 2012-01-05 01:53	338944	----a-w-	c:\windows\system32\drivers\afd.sys
2012-01-05 01:53 . 2012-01-05 01:53	294912	----a-w-	c:\windows\system32\atmfd.dll
2012-01-05 01:53 . 2012-01-05 01:53	293376	----a-w-	c:\windows\system32\umpnpmgr.dll
2012-01-05 01:53 . 2012-01-05 01:53	288256	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2012-01-05 01:53 . 2012-01-05 01:53	27008	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2012-01-05 01:53 . 2012-01-05 01:53	2616320	----a-w-	c:\windows\explorer.exe
2012-01-05 01:53 . 2012-01-05 01:53	161792	----a-w-	c:\windows\system32\d3d10_1.dll
2012-01-05 01:53 . 2012-01-05 01:53	1164288	----a-w-	c:\windows\system32\mfc42u.dll
2012-01-05 01:53 . 2012-01-05 01:53	1137664	----a-w-	c:\windows\system32\mfc42.dll
2012-01-05 01:53 . 2012-01-05 01:53	86016	----a-w-	c:\windows\system32\odbccu32.dll
2012-01-05 01:53 . 2012-01-05 01:53	850944	----a-w-	c:\windows\system32\sbe.dll
2012-01-05 01:53 . 2012-01-05 01:53	81920	----a-w-	c:\windows\system32\odbccr32.dll
2012-01-05 01:53 . 2012-01-05 01:53	805376	----a-w-	c:\windows\system32\FntCache.dll
2012-01-05 01:53 . 2012-01-05 01:53	80256	----a-w-	c:\windows\system32\drivers\amdsata.sys
2012-01-05 01:53 . 2012-01-05 01:53	74240	----a-w-	c:\windows\system32\fsutil.exe
2012-01-05 01:53 . 2012-01-05 01:53	739840	----a-w-	c:\windows\system32\d2d1.dll
2012-01-05 01:53 . 2012-01-05 01:53	642048	----a-w-	c:\windows\system32\CPFilters.dll
2012-01-05 01:53 . 2012-01-05 01:53	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	571904	----a-w-	c:\windows\system32\oleaut32.dll
2012-01-05 01:53 . 2012-01-05 01:53	542208	----a-w-	c:\windows\system32\kerberos.dll
2012-01-05 01:53 . 2012-01-05 01:53	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	4096	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3584	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3584	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	332160	----a-w-	c:\windows\system32\drivers\iaStorV.sys
2012-01-05 01:53 . 2012-01-05 01:53	319488	----a-w-	c:\windows\system32\odbcjt32.dll
2012-01-05 01:53 . 2012-01-05 01:53	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3072	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53	290816	----a-w-	c:\windows\system32\KernelBase.dll
2012-01-05 01:53 . 2012-01-05 01:53	271360	----a-w-	c:\windows\system32\conhost.exe
2012-01-05 01:53 . 2012-01-05 01:53	233472	----a-w-	c:\windows\system32\oleacc.dll
2012-01-05 01:53 . 2012-01-05 01:53	22400	----a-w-	c:\windows\system32\drivers\amdxata.sys
2012-01-05 01:53 . 2012-01-05 01:53	199680	----a-w-	c:\windows\system32\mpg2splt.ax
2012-01-05 01:53 . 2012-01-05 01:53	191488	----a-w-	c:\windows\system32\FXSCOVER.exe
2012-01-05 01:53 . 2012-01-05 01:53	169984	----a-w-	c:\windows\system32\winsrv.dll
2012-01-05 01:53 . 2012-01-05 01:53	1699328	----a-w-	c:\windows\system32\esent.dll
2012-01-05 01:53 . 2012-01-05 01:53	163840	----a-w-	c:\windows\system32\odbctrac.dll
2012-01-05 01:53 . 2012-01-05 01:53	148864	----a-w-	c:\windows\system32\drivers\storport.sys
2012-01-05 01:53 . 2012-01-05 01:53	143744	----a-w-	c:\windows\system32\drivers\nvstor.sys
2012-01-05 01:53 . 2012-01-05 01:53	122880	----a-w-	c:\windows\system32\odbccp32.dll
2012-01-05 01:53 . 2012-01-05 01:53	1211264	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-01-05 01:53 . 2012-01-05 01:53	117120	----a-w-	c:\windows\system32\drivers\nvraid.sys
2012-01-05 01:53 . 2012-01-05 01:53	96768	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2012-01-05 01:53 . 2012-01-05 01:53	76288	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2012-01-05 01:53 . 2012-01-05 01:53	712576	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-01-05 01:53 . 2012-01-05 01:53	5888	----a-w-	c:\windows\system32\drivers\usbd.sys
2012-01-05 01:53 . 2012-01-05 01:53	43008	----a-w-	c:\windows\system32\drivers\usbehci.sys
2012-01-05 01:53 . 2012-01-05 01:53	311808	----a-w-	c:\windows\system32\drivers\srv.sys
2012-01-05 01:53 . 2012-01-05 01:53	310272	----a-w-	c:\windows\system32\drivers\srv2.sys
2012-01-05 01:53 . 2012-01-05 01:53	28672	----a-w-	c:\windows\system32\dnscacheugc.exe
2012-01-05 01:53 . 2012-01-05 01:53	284672	----a-w-	c:\windows\system32\drivers\usbport.sys
2012-01-05 01:53 . 2012-01-05 01:53	258560	----a-w-	c:\windows\system32\drivers\usbhub.sys
2012-01-05 01:53 . 2012-01-05 01:53	24064	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2012-01-05 01:53 . 2012-01-05 01:53	223744	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2012-01-05 01:53 . 2012-01-05 01:53	20480	----a-w-	c:\windows\system32\drivers\usbohci.sys
2012-01-05 01:53 . 2012-01-05 01:53	202240	----a-w-	c:\windows\system32\input.dll
2012-01-05 01:53 . 2012-01-05 01:53	196608	----a-w-	c:\windows\system32\mfreadwrite.dll
2012-03-17 17:18 . 2012-01-10 20:34	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 23:38	120184	----a-w-	c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 23:38	120184	----a-w-	c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 505720]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-25 536668]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1210640]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2011-08-24 6306712]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 214384]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-03 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 176408]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 288872]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"ACPW05EN"="c:\program files\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" [2011-11-16 822384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-25 494488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2010-09-15 17:11	1971536	----a-w-	c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages	REG_MULTI_SZ   	msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\system32\srvany.exe [2003-04-19 8192]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 201168]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 132480]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-20 126464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-05-10 139368]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7.sys [2011-01-04 60904]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-20 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-05 20328]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-15 17904]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-05-11 826272]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-05-11 31648]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-08-24 1568664]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 112800]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-08 2656536]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1131520]
S2 ZcfgSvc7;Intel(R) PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 577536]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [2011-07-22 44144]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2012-01-05 302120]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-01-05 33832]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-05-10 33896]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2011-07-20 268968]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-12-21 7434240]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7.sys [2011-01-04 62440]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7.sys [2011-03-23 63976]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1369712254-226175664-1249323534-1002Core.job
- c:\users\tim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 15:59]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1369712254-226175664-1249323534-1002UA.job
- c:\users\tim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 15:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 213.191.92.87 62.109.123.6
TCP: Interfaces\{F8DBC941-330C-4470-8F09-24C7E44A34EB}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/webhp?hl=de&tab=fw
FF - prefs.js: network.proxy.ftp - 108.62.148.233
FF - prefs.js: network.proxy.ftp_port - 19755
FF - prefs.js: network.proxy.http - 108.62.148.233
FF - prefs.js: network.proxy.http_port - 19755
FF - prefs.js: network.proxy.socks - 108.62.148.233
FF - prefs.js: network.proxy.socks_port - 19755
FF - prefs.js: network.proxy.ssl - 108.62.148.233
FF - prefs.js: network.proxy.ssl_port - 19755
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1369712254-226175664-1249323534-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]
@Denied: (2) (S-1-5-21-1369712254-226175664-1249323534-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50po"
.
[HKEY_USERS\S-1-5-21-1369712254-226175664-1249323534-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]
@Denied: (2) (S-1-5-21-1369712254-226175664-1249323534-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50pp"
.
[HKEY_USERS\S-1-5-21-1369712254-226175664-1249323534-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]
@Denied: (2) (S-1-5-21-1369712254-226175664-1249323534-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50ppf"
.
[HKEY_USERS\S-1-5-21-1369712254-226175664-1249323534-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-1369712254-226175664-1249323534-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\wvauth.DLL
c:\windows\System32\TdmNetworkProvider.dll
.
Zeit der Fertigstellung: 2012-03-25  20:51:46
ComboFix-quarantined-files.txt  2012-03-25 18:51
.
Vor Suchlauf: 5 Verzeichnis(se), 138.756.972.544 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 142.356.094.976 Bytes frei
.
- - End Of File - - 7E6D394EF884F94E77A96320BE72C75D
         
Wie weiter vorgehen?

Nachtrag: Dateien sind anscheinend alle wieder da.

Auch Programme kann ich öffnen, wenn ich die .exe direkt über c/programme/ aufrufe, allerdings sind die Verknüpfungen aus Windows Taskleiste/Schnellstart etc. noch leer.

Alt 26.03.2012, 10:22   #7
markusg
/// Malware-holic
 
TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar - Standard

TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar



welche verknüpfungen meinst du, zuletzt verwendet oder alle programme?

malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.03.2012, 11:14   #8
timgeorc
 
TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar - Standard

TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar



Ich rede vom Startmenü. Unter "Alle Programme" werden mir die Ordner der meisten Programme angezeigt (einige Programmordner fehlen aber, z.b. Firefox). Bei den Programmen, die angezeigt werden (beispielsweise MS Office) erscheint dort nur (leer). Direkt kann ich wie gesagt alle Programme über den entsprechenden Pfad aufrufen (C:\Program Files\Microsoft Office\Office14\Outlook.exe).

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.26.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
tim :: GOLDKISTE [Administrator]

26.03.2012 11:28:58
mbam-log-2012-03-26 (11-28-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 436206
Laufzeit: 32 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 26.03.2012, 15:34   #9
markusg
/// Malware-holic
 
TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar - Standard

TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar



lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.03.2012, 12:29   #10
timgeorc
 
TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar - Standard

TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar



unhide hat einige der Verknüpfungen wiederhergestellt - einige musste ich per Hand geradeziehen.

An dieser Stelle VIELEN VIELEN DANK für die großartige + schnelle Hilfe. Ohne deine Hilfe hätte ich das niemals geschafft...

Den Spendenbutton habe ich schon gesehen und werde ihn auch beherzigen.

Damit sowas nicht nochmal passiert: Gibt es eine Empfehlung für einen guten Virenscanner?

Danke nochmals + viele Grüße: Tim

Alt 27.03.2012, 17:46   #11
markusg
/// Malware-holic
 
TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar - Standard

TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar



der spenden buton is immer in meiner signatur :-)
anleitung zur absicherung gibts noch.

lade den CCleaner standard:
CCleaner Download - CCleaner 3.17.1689
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar
adobe, antivir, browser, defender, desktop, desktop leer, document, exp/cve-2010-0840, explorer, firefox, helper, hängen, java/inject.u, neustart, notification, nvidia update, nvpciflt.sys, pdf, plug-in, scan, security, server, svchost.exe, tr/crypt.pepm.gen, tr/crypt.xpack.ge, tr/crypt.xpack.gen, updates, viele popups, windows



Ähnliche Themen: TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar


  1. WIN7: Dateien + Programme unsichtbar. Speicherplatz unverändert
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (27)
  2. TR/Crypt.XPACK.Gen3 alle dateien verschwunden
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (7)
  3. TR/Dropper.Gen und TR/Crypt.XPack.Gen ( Dateien verschwunden )
    Log-Analyse und Auswertung - 09.12.2013 (35)
  4. TR/Crypt.XPACK.Gen in C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\Savrt\0000NAV~.TMP
    Log-Analyse und Auswertung - 25.04.2013 (7)
  5. alle Programme und dateien unsichtbar
    Log-Analyse und Auswertung - 28.02.2013 (7)
  6. Dateien verschlüsselt nach Trojanerinfizierung (TR/Crypt.XPACK.Gen8, TR/Matsnu.EB.98)
    Plagegeister aller Art und deren Bekämpfung - 26.01.2013 (1)
  7. TR/Crypt.XPACK.Gen - Trojaner mit Avira identifiziert/alle Dateien weg
    Plagegeister aller Art und deren Bekämpfung - 16.11.2012 (1)
  8. Dateien versteckt nach Fund von TR/Crypt.XPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (10)
  9. Smart HDD Virus hat alle Dateien und Programme versteckt
    Plagegeister aller Art und deren Bekämpfung - 25.04.2012 (1)
  10. TR/crypt.xpack.gen2 unter windows 7, eigene Dateien ausgeblendet
    Log-Analyse und Auswertung - 16.04.2012 (3)
  11. TR/Crypt.XPACK.Gen , Dateien versteckt, Desktop schwarz
    Log-Analyse und Auswertung - 15.04.2012 (25)
  12. Doppeltrojaner weg - aber alle Programme/Dateien unauffindbar
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (18)
  13. Virus TR/Crypt.XPACK.Gen-alle Dateien unsichtbar
    Log-Analyse und Auswertung - 27.03.2012 (11)
  14. dwl3gina.dll Desktop bleibt nach Login schwarz, aber trotzdem Zugriff auf alle Dateien/Programme...
    Plagegeister aller Art und deren Bekämpfung - 03.11.2011 (5)
  15. Desktop schwarz, alle Dateien und viele Programme weg, falsche Fehlermeldung
    Log-Analyse und Auswertung - 12.10.2011 (9)
  16. Alle Dateien und Programme weg, Desktop schwarz
    Plagegeister aller Art und deren Bekämpfung - 08.09.2011 (19)
  17. Crypt.XPACK.Gen3 in C:\Programme\Plancal\nova6\Nova.exe
    Plagegeister aller Art und deren Bekämpfung - 05.01.2011 (10)

Zum Thema TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar - Hallo Forum! Zunächst einmal ein großes Lob - habe hier schon viele gute Informationen und ich hoffe, dass mir jemand weiterhelfen kann ;-) Plötzlich wurden alle Programme runtergefahren, ein Pseudo-System - TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar...
Archiv
Du betrachtest: TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.