Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 100€ Virus blockiert meinen Rechner (XP)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.03.2012, 05:50   #1
Gorilla
 
100€ Virus blockiert meinen Rechner (XP) - Standard

100€ Virus blockiert meinen Rechner (XP)



guten morgen liebe helfer,

nun hat es also auch mich erwischt. konnte meinen rechner bis eben nicht im normalen modus starten ohne diese BKA vollbild meldung zu bekommen, die den zugriff auf meinen desktop verhinderte.

habe also eben im abgesicherten modus mit netzwerktreibern hier reingeschaut, malwarebytes laufen lassen und die 2 funde gelöscht:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.28.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: MICHA-B47E0D6EE [administrator]

29.03.2012 04:43:05
mbam-log-2012-03-29 (04-43-05).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 384433
Time elapsed: 42 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Dokumente und Einstellungen\Micha\Lokale Einstellungen\temp\cgs8h0.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Micha\Startmenü\Programme\Autostart\cgs8h0.exe.lnk (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

(end)
         
daraufhin wurde ich zum neustart aufgefordert. während diesem startete windows von sich aus einen chkdsk und bootete erneut.

hier bin ich nun also im normalen modus.

es scheint alles wieder gut zu sein, aber ich würde gerne mit eurer hilfe lieber mal alles durchchecken :-)


nachtrag: habe eben den taskmanager starten wollen und bekam die meldung, dass dieser durch den administrator deaktiviert worden sei.
habe die verantwortliche zeile (google sei dank) gelöscht und nu funzt er wieder. hoffe, das war ok!?

Alt 29.03.2012, 09:02   #2
Chris4You
 
100€ Virus blockiert meinen Rechner (XP) - Standard

100€ Virus blockiert meinen Rechner (XP)



Hi,

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

chris
__________________

__________________

Alt 29.03.2012, 13:25   #3
Gorilla
 
100€ Virus blockiert meinen Rechner (XP) - Standard

100€ Virus blockiert meinen Rechner (XP)



hallo chris,

OTL.txt
Code:
ATTFilter
OTL logfile created on: 29.03.2012 13:08:45 - Run 4
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\Micha\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 67,42% Memory free
3,85 Gb Paging File | 3,19 Gb Available in Paging File | 82,87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 186,30 Gb Total Space | 58,08 Gb Free Space | 31,17% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 544,66 Gb Free Space | 58,47% Space Free | Partition Type: NTFS
 
Computer Name: MICHA-B47E0D6EE | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Micha\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\IObit\Advanced SystemCare 5\madexcept_.bpl ()
MOD - C:\Programme\IObit\Advanced SystemCare 5\madbasic_.bpl ()
MOD - C:\Programme\IObit\Advanced SystemCare 5\maddisAsm_.bpl ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdvancedSystemCareService5) -- C:\Programme\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe (Valve Corporation)
SRV - (postgresql-8.4) -- C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (MagicTuneEngine) -- C:\Programme\MagicTune Premium\MagicTuneEngine.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (GPU-Z) -- C:\DOKUME~1\Micha\LOKALE~1\Temp\GPU-Z.sys File not found
DRV - (gdfg) -- System32\drivers\pqhv.sys File not found
DRV - (ECSIoDriver_1_1_0_0) -- C:\DOKUME~1\Micha\LOKALE~1\Temp\is-FC7LA.tmp\ECSIoDriver.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\Micha\LOKALE~1\Temp\catchme.sys File not found
DRV - (AMDPCI) -- C:\DOKUME~1\Micha\LOKALE~1\Temp\AMDPCI.sys File not found
DRV - (ALSysIO) -- C:\DOKUME~1\Micha\LOKALE~1\Temp\ALSysIO.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (DrvAgent32) -- C:\WINDOWS\system32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (HWiNFO32) -- C:\Programme\HWiNFO32\HWiNFO32.SYS (REALiX(tm))
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (RzSynapse) -- C:\WINDOWS\system32\drivers\RzSynapse.sys (Razer USA Ltd)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MagicTune) -- C:\WINDOWS\system32\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Micha\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.19 02:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.14 17:41:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.11.18 14:49:09 | 000,000,000 | ---D | M]
 
[2011.10.06 05:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Extensions
[2011.10.06 05:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Extensions\prism@developer.mozilla.org
[2012.03.24 19:09:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Firefox\Profiles\g58u29s8.default\extensions
[2012.01.05 12:06:57 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Firefox\Profiles\g58u29s8.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010.05.05 16:42:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Firefox\Profiles\g58u29s8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.12 15:30:42 | 000,000,000 | ---D | M] (Dictionary (EN/DE)) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Firefox\Profiles\g58u29s8.default\extensions\dictlookup@arnhold.com
[2011.10.15 15:49:28 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Firefox\Profiles\g58u29s8.default\extensions\firefox@tvunetworks.com
[2010.02.12 16:25:30 | 000,001,201 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Firefox\Profiles\g58u29s8.default\searchplugins\winamp-search.xml
[2012.03.14 17:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.18 18:13:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.02.19 11:01:44 | 000,000,000 | ---D | M] (Yummy CONDUIT Player) -- C:\Programme\Mozilla Firefox\extensions\YPlayer@yummy.net
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MICHA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\G58U29S8.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MICHA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\G58U29S8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MICHA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\G58U29S8.DEFAULT\EXTENSIONS\YESPOPUPSV1@PATHETICCOCKROACH.COM.XPI
[2011.12.19 02:47:19 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.03.14 17:41:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.11.18 16:40:16 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.27 21:04:22 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2011.05.06 12:43:59 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.06 12:43:59 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.05.06 12:43:59 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.06 12:43:59 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.06 12:43:59 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.06 12:43:59 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.17 02:37:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Razer Naga Driver] C:\Programme\Razer\Naga Epic\NagaEpicSysTray.exe (Razer USA Ltd)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Programme\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265985632375 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7246A0B-E278-4F57-A0FF-034F8F789B23}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.12 11:12:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.02.16 14:58:45 | 000,200,260 | ---- | M] () - D:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010.02.16 14:58:45 | 000,007,316 | ---- | M] () - D:\AUTO.pst -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.29 13:09:29 | 000,000,000 | ---D | C] -- C:\TDSS
[2012.03.29 12:54:28 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Micha\Desktop\OTL.exe
[2012.03.22 13:38:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net
[2012.03.22 02:43:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Micha\Startmenü\Programme\Diablo III
[2012.03.16 16:34:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Micha\Desktop\2012_03_16
[2012.03.14 13:41:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2012.03.14 13:41:42 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2012.03.09 14:48:28 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV
[2012.03.09 14:02:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Micha\Desktop\2012_03_09
[2012.03.08 18:28:54 | 000,021,336 | ---- | C] (IObit) -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2012.03.08 17:24:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IObit
[2012.03.08 17:23:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Advanced SystemCare 5
[2012.03.08 17:23:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\IObit
[2012.03.08 17:23:24 | 000,000,000 | ---D | C] -- C:\Programme\IObit
[2012.03.03 16:05:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Micha\Startmenü\Programme\TerraTec
[2012.03.03 16:05:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Micha\_noxon_iradio
[2012.03.03 16:05:17 | 000,000,000 | ---D | C] -- C:\Programme\TerraTec
[2012.03.03 16:04:59 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012.03.03 16:04:59 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012.03.03 16:04:59 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.29 12:54:29 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Micha\Desktop\OTL.exe
[2012.03.29 05:33:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.29 05:26:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.29 04:06:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.26 19:56:10 | 000,564,474 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.03.26 19:56:10 | 000,541,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.26 19:56:10 | 000,119,694 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.03.26 19:56:10 | 000,102,820 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.16 18:18:37 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012.03.16 18:18:37 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012.03.16 18:18:34 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012.03.14 17:32:17 | 000,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.14 17:06:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.03.14 13:45:34 | 000,000,206 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Desktop\cc_20120314_124532.reg
[2012.03.14 13:45:23 | 000,000,430 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Desktop\cc_20120314_124520.reg
[2012.03.14 13:44:56 | 000,002,590 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Desktop\cc_20120314_124448.reg
[2012.03.14 13:41:44 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.03.13 21:56:10 | 000,006,120 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Eigene Dateien\Untitled[1].pdf
[2012.03.13 21:56:08 | 000,006,122 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Eigene Dateien\Untitled.pdf
[2012.03.03 16:05:20 | 000,000,821 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Desktop\NOXON player Basic.lnk
[2012.03.02 18:46:08 | 000,038,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Desktop\happynazi.jpg
[2012.03.02 02:11:10 | 000,161,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.01 01:58:00 | 018,624,512 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2012.03.01 01:58:00 | 017,534,976 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2012.03.01 01:58:00 | 013,417,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2012.03.01 01:58:00 | 005,918,720 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2012.03.01 01:58:00 | 004,309,760 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2012.03.01 01:58:00 | 002,784,050 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
[2012.03.01 01:58:00 | 002,522,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2012.03.01 01:58:00 | 002,437,440 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2012.03.01 01:58:00 | 002,291,712 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2012.03.01 01:58:00 | 001,000,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2012.03.01 01:58:00 | 000,881,984 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2012.03.01 01:58:00 | 000,065,536 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012.03.01 01:58:00 | 000,007,843 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2012.02.29 23:15:40 | 000,335,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll
[2012.02.29 23:15:40 | 000,274,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll
[2012.02.29 23:15:40 | 000,274,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll
[2012.02.29 23:15:40 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll
[2012.02.29 23:15:40 | 000,253,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll
[2012.02.29 23:15:39 | 000,249,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll
[2012.02.29 23:15:39 | 000,249,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll
[2012.02.29 23:15:38 | 000,282,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll
[2012.02.29 23:15:38 | 000,278,528 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll
[2012.02.29 23:15:38 | 000,270,336 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll
[2012.02.29 23:15:38 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll
[2012.02.29 23:15:37 | 000,274,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll
[2012.02.29 23:15:37 | 000,262,144 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll
[2012.02.29 23:15:36 | 000,266,240 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll
[2012.02.29 23:15:35 | 000,335,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll
[2012.02.29 23:15:35 | 000,282,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll
[2012.02.29 23:15:35 | 000,274,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll
[2012.02.29 23:15:35 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll
[2012.02.29 23:15:35 | 000,253,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll
[2012.02.29 23:15:35 | 000,253,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll
[2012.02.29 23:15:34 | 000,286,720 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll
[2012.02.29 23:15:34 | 000,282,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll
[2012.02.29 23:15:34 | 000,270,336 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll
[2012.02.29 23:15:34 | 000,229,376 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll
[2012.02.29 23:15:33 | 000,126,976 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll
[2012.02.29 23:15:11 | 000,253,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll
[2012.02.29 23:15:11 | 000,249,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll
[2012.02.29 23:15:10 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll
[2012.02.29 22:30:31 | 000,054,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2012.02.29 22:30:24 | 015,494,464 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2012.02.29 22:30:24 | 000,143,680 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2012.02.29 22:30:23 | 000,108,352 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.29 04:57:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.14 17:05:39 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.03.14 13:45:33 | 000,000,206 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Desktop\cc_20120314_124532.reg
[2012.03.14 13:45:22 | 000,000,430 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Desktop\cc_20120314_124520.reg
[2012.03.14 13:44:54 | 000,002,590 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Desktop\cc_20120314_124448.reg
[2012.03.14 13:41:44 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.03.13 21:56:10 | 000,006,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Eigene Dateien\Untitled[1].pdf
[2012.03.13 21:56:08 | 000,006,122 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Eigene Dateien\Untitled.pdf
[2012.03.03 16:05:20 | 000,000,821 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Desktop\NOXON player Basic.lnk
[2012.03.02 18:45:53 | 000,038,457 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Desktop\happynazi.jpg
[2012.02.16 21:42:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.10.12 02:41:17 | 000,123,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.10.06 11:13:16 | 000,000,032 | R--- | C] () -- C:\WINDOWS\hash.dat
[2011.09.27 03:25:59 | 743,598,133 | ---- | C] () -- C:\Programme\DATA3.CAB.downloading
[2011.09.27 03:25:59 | 1782,579,200 | ---- | C] () -- C:\Programme\DATA2.CAB.downloading
[2011.09.27 03:25:59 | 1782,579,200 | ---- | C] () -- C:\Programme\DATA1.CAB.downloading
[2011.09.27 03:25:59 | 009,832,696 | ---- | C] () -- C:\Programme\setup.exe.downloading
[2011.08.12 05:33:49 | 000,492,456 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.06.02 17:18:09 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2010.10.07 06:39:10 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010.10.07 06:39:00 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010.10.07 06:39:00 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.09.05 19:57:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2010.06.30 18:06:38 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.06.30 18:06:38 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.06.30 18:06:36 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.06.30 18:06:35 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.06.30 18:06:35 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

< End of report >
         

Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 29.03.2012 13:08:45 - Run 4
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\Micha\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 67,42% Memory free
3,85 Gb Paging File | 3,19 Gb Available in Paging File | 82,87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 186,30 Gb Total Space | 58,08 Gb Free Space | 31,17% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 544,66 Gb Free Space | 58,47% Space Free | Partition Type: NTFS
 
Computer Name: MICHA-B47E0D6EE | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58553:TCP" = 58553:TCP:*:Enabled:Pando Media Booster
"58553:UDP" = 58553:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5432:TCP" = 5432:TCP:*:Enabled:postgres
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung 
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"1119:TCP" = 1119:TCP:*:Enabled:Blizzard Downloader
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"58553:TCP" = 58553:TCP:*:Enabled:Pando Media Booster
"58553:UDP" = 58553:UDP:*:Enabled:Pando Media Booster
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\MagicTune Premium\MagicTune.exe" = C:\Programme\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune -- (SEC)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Programme\World of Warcraft\WoW-3.2.0-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX-Diagnoseprogramm -- (Microsoft Corporation)
"C:\Programme\World of Warcraft\BackgroundDownloader.exe" = C:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader -- (Blizzard Entertainment)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\World of Warcraft Public Test\Launcher.exe" = C:\Programme\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\Steam\SteamApps\common\iron grip marauders\prism.exe" = C:\Programme\Steam\SteamApps\common\iron grip marauders\prism.exe:*:Enabled:Iron Grip: Marauders -- (Mozilla Foundation)
"C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\World of Warcraft\Launcher.patch.exe" = C:\Programme\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Programme\World of Warcraft Public Test\Launcher.patch.exe" = C:\Programme\World of Warcraft Public Test\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"D:\downloads\Diablo III\Diablo-III-8370-deDE-Installer-downloader.exe" = D:\downloads\Diablo III\Diablo-III-8370-deDE-Installer-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.524\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.524\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\Temp\wow-4.2.1.2727-enUS-tools-downloader.exe" = C:\Programme\World of Warcraft\Temp\wow-4.2.1.2727-enUS-tools-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Dokumente und Einstellungen\Micha\Lokale Einstellungen\Apps\2.0\HQ0CX64P.PGB\C7EXKLHT.ZAK\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe" = C:\Dokumente und Einstellungen\Micha\Lokale Einstellungen\Apps\2.0\HQ0CX64P.PGB\C7EXKLHT.ZAK\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7797FC7F-05A2-4FDB-BADD-74B3DA296935}" = ActivePerl 5.12.2 Build 1203
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Betsafe Poker_is1" = Betsafe Poker
"Canon MP540 series Benutzerregistrierung" = Canon MP540 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DivX Setup" = DivX-Setup
"DriverAgent.exe" = DriverAgent by eSupport.com
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"HoldemManager" = Holdem Manager
"HWiNFO32_is1" = HWiNFO32 Version 3.90
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NOXON player Basic" = NOXON player Basic
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"Secunia PSI" = Secunia PSI (2.0.0.4002)
"Security Task Manager" = Security Task Manager 1.8d
"Steam App 201230" = EverQuest II
"Steam App 31740" = Iron Grip: Marauders
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Unlocker" = Unlocker 1.8.8
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.11
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"SOE-EverQuest Test" = EverQuest
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
"World of Logs Client" = World of Logs Client
"World of Logs Client (4.2)" = World of Logs Client (4.2)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.03.2012 22:07:06 | Computer Name = MICHA-B47E0D6EE | Source = ESENT | ID = 490
Description = svchost (1732) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 28.03.2012 22:09:20 | Computer Name = MICHA-B47E0D6EE | Source = MSSQL$SQLEXPRESS | ID = 9003
Description = The log scan number (275:112:1) passed to log scan in database 'master'
 is not valid. This error may indicate data corruption or that the log file (.ldf)
 does not match the data file (.mdf). If this error occurred during replication,
 re-create the publication. Otherwise, restore from backup if the problem results
 in a failure during startup. 
 
Error - 28.03.2012 22:09:31 | Computer Name = MICHA-B47E0D6EE | Source = PostgreSQL | ID = 0
Description = 2012-03-29 04:09:31 CESTFATAL:  the database system is starting up

 
Error - 28.03.2012 22:09:33 | Computer Name = MICHA-B47E0D6EE | Source = PostgreSQL | ID = 0
Description = 2012-03-29 04:09:33 CESTFATAL:  the database system is starting up

 
Error - 28.03.2012 22:09:35 | Computer Name = MICHA-B47E0D6EE | Source = PostgreSQL | ID = 0
Description = 2012-03-29 04:09:35 CESTFATAL:  the database system is starting up

 
Error - 28.03.2012 22:10:02 | Computer Name = MICHA-B47E0D6EE | Source = ESENT | ID = 490
Description = svchost (1680) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 28.03.2012 23:33:56 | Computer Name = MICHA-B47E0D6EE | Source = MSSQL$SQLEXPRESS | ID = 9003
Description = The log scan number (275:112:1) passed to log scan in database 'master'
 is not valid. This error may indicate data corruption or that the log file (.ldf)
 does not match the data file (.mdf). If this error occurred during replication,
 re-create the publication. Otherwise, restore from backup if the problem results
 in a failure during startup. 
 
Error - 28.03.2012 23:34:12 | Computer Name = MICHA-B47E0D6EE | Source = PostgreSQL | ID = 0
Description = 2012-03-29 05:34:12 CESTFATAL:  the database system is starting up

 
Error - 28.03.2012 23:34:14 | Computer Name = MICHA-B47E0D6EE | Source = PostgreSQL | ID = 0
Description = 2012-03-29 05:34:14 CESTFATAL:  the database system is starting up

 
Error - 28.03.2012 23:34:16 | Computer Name = MICHA-B47E0D6EE | Source = PostgreSQL | ID = 0
Description = 2012-03-29 05:34:16 CESTFATAL:  the database system is starting up

 
[ System Events ]
Error - 07.02.2012 21:30:12 | Computer Name = MICHA-B47E0D6EE | Source = Service Control Manager | ID = 7024
Description = Der Dienst "SQL Server (SQLEXPRESS)" wurde mit folgendem dienstspezifischem
 Fehler beendet: 3417 (0xD59).
 
Error - 08.02.2012 05:02:45 | Computer Name = MICHA-B47E0D6EE | Source = Service Control Manager | ID = 7024
Description = Der Dienst "SQL Server (SQLEXPRESS)" wurde mit folgendem dienstspezifischem
 Fehler beendet: 3417 (0xD59).
 
Error - 09.02.2012 14:11:00 | Computer Name = MICHA-B47E0D6EE | Source = Service Control Manager | ID = 7024
Description = Der Dienst "SQL Server (SQLEXPRESS)" wurde mit folgendem dienstspezifischem
 Fehler beendet: 3417 (0xD59).
 
Error - 11.02.2012 15:25:05 | Computer Name = MICHA-B47E0D6EE | Source = Service Control Manager | ID = 7024
Description = Der Dienst "SQL Server (SQLEXPRESS)" wurde mit folgendem dienstspezifischem
 Fehler beendet: 3417 (0xD59).
 
Error - 12.02.2012 23:07:13 | Computer Name = MICHA-B47E0D6EE | Source = nvgts | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden.
 
Error - 12.02.2012 23:07:15 | Computer Name = MICHA-B47E0D6EE | Source = nvgts | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden.
 
Error - 12.02.2012 23:07:17 | Computer Name = MICHA-B47E0D6EE | Source = nvgts | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden.
 
Error - 12.02.2012 23:07:20 | Computer Name = MICHA-B47E0D6EE | Source = nvgts | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden.
 
Error - 12.02.2012 23:07:22 | Computer Name = MICHA-B47E0D6EE | Source = nvgts | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden.
 
Error - 12.02.2012 23:07:22 | Computer Name = MICHA-B47E0D6EE | Source = VolSnap | ID = 393230
Description = Die Schattenkopie von Volume "C:" wurde aufgrund eines E/A-Fehlers
 abgebrochen.
 
[ TuneUp Events ]
Error - 21.05.2010 14:06:48 | Computer Name = MICHA-B47E0D6EE | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 27.06.2010 14:23:03 | Computer Name = MICHA-B47E0D6EE | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         

TDSS
Code:
ATTFilter
13:19:03.0046 1724	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
13:19:03.0156 1724	============================================================
13:19:03.0156 1724	Current date / time: 2012/03/29 13:19:03.0156
13:19:03.0156 1724	SystemInfo:
13:19:03.0156 1724	
13:19:03.0156 1724	OS Version: 5.1.2600 ServicePack: 3.0
13:19:03.0156 1724	Product type: Workstation
13:19:03.0156 1724	ComputerName: MICHA-B47E0D6EE
13:19:03.0156 1724	UserName: Micha
13:19:03.0156 1724	Windows directory: C:\WINDOWS
13:19:03.0156 1724	System windows directory: C:\WINDOWS
13:19:03.0156 1724	Processor architecture: Intel x86
13:19:03.0156 1724	Number of processors: 1
13:19:03.0156 1724	Page size: 0x1000
13:19:03.0156 1724	Boot type: Normal boot
13:19:03.0156 1724	============================================================
13:19:04.0843 1724	Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
13:19:04.0859 1724	Drive \Device\Harddisk1\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:19:05.0312 1724	\Device\Harddisk0\DR0:
13:19:05.0312 1724	MBR used
13:19:05.0312 1724	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
13:19:05.0312 1724	\Device\Harddisk1\DR2:
13:19:05.0312 1724	MBR used
13:19:05.0312 1724	\Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
13:19:05.0375 1724	Initialize success
13:19:05.0375 1724	============================================================
13:20:56.0578 0364	============================================================
13:20:56.0578 0364	Scan started
13:20:56.0578 0364	Mode: Manual; SigCheck; TDLFS; 
13:20:56.0578 0364	============================================================
13:20:56.0937 0364	Abiosdsk - ok
13:20:56.0953 0364	abp480n5 - ok
13:20:57.0000 0364	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:20:57.0281 0364	ACPI - ok
13:20:57.0328 0364	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:20:57.0453 0364	ACPIEC - ok
13:20:57.0468 0364	adpu160m - ok
13:20:57.0562 0364	AdvancedSystemCareService5 (e410da575ff48d976b41670c6d262a82) C:\Programme\IObit\Advanced SystemCare 5\ASCService.exe
13:20:57.0593 0364	AdvancedSystemCareService5 - ok
13:20:57.0625 0364	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:20:57.0765 0364	aec - ok
13:20:57.0812 0364	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:20:57.0890 0364	AFD - ok
13:20:57.0906 0364	Aha154x - ok
13:20:57.0906 0364	aic78u2 - ok
13:20:57.0921 0364	aic78xx - ok
13:20:57.0968 0364	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
13:20:58.0125 0364	Alerter - ok
13:20:58.0140 0364	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
13:20:58.0203 0364	ALG - ok
13:20:58.0218 0364	AliIde - ok
13:20:58.0328 0364	ALSysIO - ok
13:20:58.0343 0364	AMDPCI - ok
13:20:58.0375 0364	AmdPPM          (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
13:20:58.0437 0364	AmdPPM - ok
13:20:58.0453 0364	amsint - ok
13:20:58.0500 0364	AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Programme\Avira\AntiVir Desktop\sched.exe
13:20:58.0515 0364	AntiVirSchedulerService - ok
13:20:58.0562 0364	AntiVirService  (df5a3016052755c910a206058b4a1729) C:\Programme\Avira\AntiVir Desktop\avguard.exe
13:20:58.0578 0364	AntiVirService - ok
13:20:58.0578 0364	AppMgmt - ok
13:20:58.0593 0364	asc - ok
13:20:58.0609 0364	asc3350p - ok
13:20:58.0625 0364	asc3550 - ok
13:20:58.0750 0364	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:20:58.0781 0364	aspnet_state - ok
13:20:58.0828 0364	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:20:58.0937 0364	AsyncMac - ok
13:20:58.0968 0364	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:20:59.0093 0364	atapi - ok
13:20:59.0109 0364	Atdisk - ok
13:20:59.0156 0364	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
13:20:59.0390 0364	atksgt - ok
13:20:59.0437 0364	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:20:59.0593 0364	Atmarpc - ok
13:20:59.0656 0364	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
13:20:59.0796 0364	AudioSrv - ok
13:20:59.0828 0364	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:20:59.0968 0364	audstub - ok
13:21:00.0093 0364	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
13:21:00.0093 0364	avgio - ok
13:21:00.0140 0364	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:21:00.0156 0364	avgntflt - ok
13:21:00.0171 0364	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:21:00.0187 0364	avipbb - ok
13:21:00.0234 0364	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:21:00.0375 0364	Beep - ok
13:21:00.0406 0364	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
13:21:00.0546 0364	BITS - ok
13:21:00.0609 0364	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
13:21:00.0781 0364	Browser - ok
13:21:00.0921 0364	catchme - ok
13:21:00.0953 0364	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:21:01.0140 0364	cbidf2k - ok
13:21:01.0156 0364	cd20xrnt - ok
13:21:01.0203 0364	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:21:01.0359 0364	Cdaudio - ok
13:21:01.0390 0364	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:21:01.0531 0364	Cdfs - ok
13:21:01.0578 0364	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:21:01.0734 0364	Cdrom - ok
13:21:01.0734 0364	Changer - ok
13:21:01.0781 0364	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
13:21:01.0921 0364	CiSvc - ok
13:21:01.0953 0364	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
13:21:02.0109 0364	ClipSrv - ok
13:21:02.0187 0364	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:21:02.0203 0364	clr_optimization_v2.0.50727_32 - ok
13:21:02.0265 0364	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:21:02.0296 0364	clr_optimization_v4.0.30319_32 - ok
13:21:02.0312 0364	CmdIde - ok
13:21:02.0312 0364	COMSysApp - ok
13:21:02.0328 0364	Cpqarray - ok
13:21:02.0359 0364	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
13:21:02.0562 0364	CryptSvc - ok
13:21:02.0578 0364	dac2w2k - ok
13:21:02.0593 0364	dac960nt - ok
13:21:02.0640 0364	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
13:21:02.0703 0364	DcomLaunch - ok
13:21:02.0734 0364	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
13:21:02.0875 0364	Dhcp - ok
13:21:02.0921 0364	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:21:03.0109 0364	Disk - ok
13:21:03.0109 0364	dmadmin - ok
13:21:03.0187 0364	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:21:03.0375 0364	dmboot - ok
13:21:03.0421 0364	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:21:03.0593 0364	dmio - ok
13:21:03.0656 0364	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:21:03.0796 0364	dmload - ok
13:21:03.0828 0364	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
13:21:03.0968 0364	dmserver - ok
13:21:04.0015 0364	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:21:04.0203 0364	DMusic - ok
13:21:04.0234 0364	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
13:21:04.0281 0364	Dnscache - ok
13:21:04.0328 0364	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
13:21:04.0500 0364	Dot3svc - ok
13:21:04.0500 0364	dpti2o - ok
13:21:04.0531 0364	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:21:04.0640 0364	drmkaud - ok
13:21:04.0687 0364	DrvAgent32      (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
13:21:04.0703 0364	DrvAgent32 ( UnsignedFile.Multi.Generic ) - warning
13:21:04.0703 0364	DrvAgent32 - detected UnsignedFile.Multi.Generic (1)
13:21:04.0750 0364	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
13:21:04.0875 0364	EapHost - ok
13:21:05.0015 0364	ECSIoDriver_1_1_0_0 - ok
13:21:05.0062 0364	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
13:21:05.0218 0364	ERSvc - ok
13:21:05.0281 0364	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:21:05.0281 0364	Eventlog - ok
13:21:05.0343 0364	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
13:21:05.0375 0364	EventSystem - ok
13:21:05.0421 0364	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:21:05.0546 0364	Fastfat - ok
13:21:05.0609 0364	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:21:05.0875 0364	FastUserSwitchingCompatibility - ok
13:21:05.0890 0364	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:21:06.0093 0364	Fdc - ok
13:21:06.0109 0364	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:21:06.0234 0364	Fips - ok
13:21:06.0265 0364	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:21:06.0500 0364	Flpydisk - ok
13:21:06.0546 0364	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:21:06.0687 0364	FltMgr - ok
13:21:06.0781 0364	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:21:06.0781 0364	FontCache3.0.0.0 - ok
13:21:06.0812 0364	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:21:06.0937 0364	Fs_Rec - ok
13:21:06.0953 0364	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:21:07.0171 0364	Ftdisk - ok
13:21:07.0187 0364	gdfg - ok
13:21:07.0234 0364	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:21:07.0390 0364	Gpc - ok
13:21:07.0546 0364	GPU-Z - ok
13:21:07.0578 0364	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:21:07.0890 0364	HDAudBus - ok
13:21:07.0968 0364	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:21:08.0187 0364	helpsvc - ok
13:21:08.0203 0364	HidServ - ok
13:21:08.0250 0364	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:21:08.0484 0364	HidUsb - ok
13:21:08.0531 0364	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
13:21:08.0750 0364	hkmsvc - ok
13:21:08.0765 0364	hpn - ok
13:21:08.0859 0364	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:21:08.0921 0364	HTTP - ok
13:21:08.0984 0364	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
13:21:09.0203 0364	HTTPFilter - ok
13:21:09.0265 0364	HWiNFO32        (79b69cd1dfbdc48ccad4b8b6d4048786) C:\Programme\HWiNFO32\HWiNFO32.SYS
13:21:09.0281 0364	HWiNFO32 - ok
13:21:09.0296 0364	i2omgmt - ok
13:21:09.0328 0364	i2omp - ok
13:21:09.0375 0364	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:21:09.0562 0364	i8042prt - ok
13:21:09.0687 0364	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:21:09.0765 0364	idsvc - ok
13:21:09.0828 0364	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:21:10.0015 0364	Imapi - ok
13:21:10.0078 0364	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
13:21:10.0281 0364	ImapiService - ok
13:21:10.0281 0364	ini910u - ok
13:21:10.0484 0364	IntcAzAudAddService (1ebde650d97a8eccdc1cc4a0804647cd) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:21:10.0734 0364	IntcAzAudAddService - ok
13:21:10.0765 0364	IntelIde - ok
13:21:10.0828 0364	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:21:11.0046 0364	Ip6Fw - ok
13:21:11.0109 0364	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:21:11.0328 0364	IpFilterDriver - ok
13:21:11.0375 0364	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:21:11.0562 0364	IpInIp - ok
13:21:11.0593 0364	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:21:11.0765 0364	IpNat - ok
13:21:11.0812 0364	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:21:12.0015 0364	IPSec - ok
13:21:12.0078 0364	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:21:12.0156 0364	IRENUM - ok
13:21:12.0187 0364	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:21:12.0359 0364	isapnp - ok
13:21:12.0484 0364	JavaQuickStarterService (92e16f5d034e7864da308ba6309a98b7) C:\Programme\Java\jre7\bin\jqs.exe
13:21:12.0500 0364	JavaQuickStarterService - ok
13:21:12.0546 0364	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:21:12.0750 0364	Kbdclass - ok
13:21:12.0781 0364	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:21:12.0968 0364	kbdhid - ok
13:21:13.0000 0364	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:21:13.0203 0364	kmixer - ok
13:21:13.0234 0364	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:21:13.0296 0364	KSecDD - ok
13:21:13.0343 0364	L8042Kbd        (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
13:21:13.0343 0364	L8042Kbd - ok
13:21:13.0375 0364	L8042mou        (8a5993705add14352c9a279fa8338334) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
13:21:13.0390 0364	L8042mou - ok
13:21:13.0453 0364	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
13:21:13.0531 0364	lanmanserver - ok
13:21:13.0578 0364	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
13:21:13.0609 0364	lanmanworkstation - ok
13:21:13.0640 0364	LBeepKE         (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
13:21:13.0656 0364	LBeepKE - ok
13:21:13.0671 0364	lbrtfdc - ok
13:21:13.0796 0364	LBTServ         (3af6b73a3ad1fc37c5933441f66ceb91) C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
13:21:13.0812 0364	LBTServ - ok
13:21:13.0828 0364	LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
13:21:13.0843 0364	LHidFilt - ok
13:21:13.0890 0364	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
13:21:13.0890 0364	lirsgt - ok
13:21:13.0953 0364	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
13:21:14.0156 0364	LmHosts - ok
13:21:14.0218 0364	LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
13:21:14.0234 0364	LMouFilt - ok
13:21:14.0265 0364	LMouKE          (9837e55673818ecd8febb47f7f77521a) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
13:21:14.0281 0364	LMouKE - ok
13:21:14.0312 0364	LUsbFilt        (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
13:21:14.0328 0364	LUsbFilt - ok
13:21:14.0375 0364	MagicTune       (4e4c9d7ce77be0c9266b1089f93e7c01) C:\WINDOWS\system32\drivers\MTiCtwl.sys
13:21:14.0375 0364	MagicTune ( UnsignedFile.Multi.Generic ) - warning
13:21:14.0375 0364	MagicTune - detected UnsignedFile.Multi.Generic (1)
13:21:14.0468 0364	MagicTuneEngine (86504fe0759d4dce38e997921062df6b) C:\Programme\MagicTune Premium\MagicTuneEngine.exe
13:21:14.0484 0364	MagicTuneEngine ( UnsignedFile.Multi.Generic ) - warning
13:21:14.0484 0364	MagicTuneEngine - detected UnsignedFile.Multi.Generic (1)
13:21:14.0531 0364	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
13:21:14.0546 0364	MBAMProtector - ok
13:21:14.0609 0364	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
13:21:14.0687 0364	MBAMService - ok
13:21:14.0750 0364	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
13:21:14.0937 0364	Messenger - ok
13:21:15.0000 0364	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:21:15.0187 0364	mnmdd - ok
13:21:15.0218 0364	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
13:21:15.0421 0364	mnmsrvc - ok
13:21:15.0468 0364	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:21:15.0671 0364	Modem - ok
13:21:15.0734 0364	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:21:15.0921 0364	Mouclass - ok
13:21:15.0953 0364	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:21:16.0203 0364	mouhid - ok
13:21:16.0250 0364	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:21:16.0515 0364	MountMgr - ok
13:21:16.0531 0364	mraid35x - ok
13:21:16.0578 0364	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:21:16.0828 0364	MRxDAV - ok
13:21:16.0890 0364	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:21:16.0968 0364	MRxSmb - ok
13:21:17.0015 0364	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
13:21:17.0453 0364	MSDTC - ok
13:21:17.0734 0364	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:21:17.0875 0364	Msfs - ok
13:21:17.0890 0364	MSIServer - ok
13:21:17.0921 0364	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:21:18.0046 0364	MSKSSRV - ok
13:21:18.0078 0364	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:21:18.0187 0364	MSPCLOCK - ok
13:21:18.0218 0364	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:21:18.0359 0364	MSPQM - ok
13:21:18.0375 0364	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:21:18.0515 0364	mssmbios - ok
13:21:18.0625 0364	MSSQL$SQLEXPRESS - ok
13:21:18.0687 0364	MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:21:18.0781 0364	MSSQLServerADHelper - ok
13:21:18.0812 0364	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:21:18.0921 0364	Mup - ok
13:21:19.0171 0364	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
13:21:19.0343 0364	napagent - ok
13:21:19.0421 0364	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:21:19.0625 0364	NDIS - ok
13:21:19.0718 0364	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:21:19.0781 0364	NdisTapi - ok
13:21:19.0859 0364	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:21:20.0000 0364	Ndisuio - ok
13:21:20.0046 0364	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:21:20.0218 0364	NdisWan - ok
13:21:20.0312 0364	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:21:20.0406 0364	NDProxy - ok
13:21:20.0453 0364	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:21:20.0625 0364	NetBIOS - ok
13:21:20.0718 0364	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:21:20.0968 0364	NetBT - ok
13:21:21.0046 0364	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:21:21.0203 0364	NetDDE - ok
13:21:21.0203 0364	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:21:21.0390 0364	NetDDEdsdm - ok
13:21:21.0468 0364	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:21:21.0609 0364	Netlogon - ok
13:21:21.0687 0364	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
13:21:21.0843 0364	Netman - ok
13:21:21.0890 0364	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:21:21.0906 0364	NetTcpPortSharing - ok
13:21:21.0953 0364	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
13:21:21.0984 0364	Nla - ok
13:21:22.0031 0364	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:21:22.0140 0364	Npfs - ok
13:21:22.0203 0364	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:21:22.0359 0364	Ntfs - ok
13:21:22.0390 0364	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:21:22.0546 0364	NtLmSsp - ok
13:21:22.0593 0364	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
13:21:22.0734 0364	NtmsSvc - ok
13:21:22.0765 0364	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:21:22.0875 0364	Null - ok
13:21:23.0375 0364	nv              (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:21:24.0171 0364	nv - ok
13:21:24.0296 0364	nvata           (9eccd189a9554c30a0d18a429778c7ba) C:\WINDOWS\system32\DRIVERS\nvata.sys
13:21:24.0359 0364	nvata - ok
13:21:24.0375 0364	NVENETFD        (0ae6258709d58fb53638e8d28f4480d4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:21:24.0421 0364	NVENETFD - ok
13:21:24.0437 0364	nvgts           (619d8943725402d1179941fd58574cc8) C:\WINDOWS\system32\DRIVERS\nvgts.sys
13:21:24.0453 0364	nvgts - ok
13:21:24.0484 0364	nvnetbus        (1296b33c223a58485d5eaa779752216a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:21:24.0500 0364	nvnetbus - ok
13:21:24.0546 0364	NVSvc           (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
13:21:24.0562 0364	NVSvc - ok
13:21:24.0750 0364	nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:21:24.0843 0364	nvUpdatusService - ok
13:21:24.0890 0364	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:21:25.0031 0364	NwlnkFlt - ok
13:21:25.0046 0364	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:21:25.0171 0364	NwlnkFwd - ok
13:21:25.0203 0364	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:21:25.0328 0364	Parport - ok
13:21:25.0390 0364	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:21:25.0515 0364	PartMgr - ok
13:21:25.0562 0364	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:21:25.0671 0364	ParVdm - ok
13:21:25.0687 0364	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:21:25.0812 0364	PCI - ok
13:21:25.0828 0364	PCIDump - ok
13:21:25.0859 0364	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:21:25.0984 0364	PCIIde - ok
13:21:26.0015 0364	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:21:26.0125 0364	Pcmcia - ok
13:21:26.0140 0364	PDCOMP - ok
13:21:26.0156 0364	PDFRAME - ok
13:21:26.0156 0364	PDRELI - ok
13:21:26.0171 0364	PDRFRAME - ok
13:21:26.0484 0364	perc2 - ok
13:21:26.0875 0364	perc2hib - ok
13:21:27.0015 0364	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:21:27.0046 0364	PlugPlay - ok
13:21:27.0078 0364	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:21:27.0234 0364	PolicyAgent - ok
13:21:27.0312 0364	postgresql-8.4 - ok
13:21:27.0343 0364	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:21:27.0484 0364	PptpMiniport - ok
13:21:27.0500 0364	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
13:21:27.0625 0364	Processor - ok
13:21:27.0640 0364	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:21:28.0031 0364	ProtectedStorage - ok
13:21:28.0046 0364	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:21:28.0296 0364	PSched - ok
13:21:28.0390 0364	PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
13:21:28.0406 0364	PSI - ok
13:21:28.0421 0364	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:21:28.0531 0364	Ptilink - ok
13:21:28.0562 0364	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:21:28.0578 0364	PxHelp20 - ok
13:21:28.0593 0364	ql1080 - ok
13:21:28.0609 0364	Ql10wnt - ok
13:21:28.0625 0364	ql12160 - ok
13:21:28.0640 0364	ql1240 - ok
13:21:28.0640 0364	ql1280 - ok
13:21:28.0671 0364	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:21:28.0843 0364	RasAcd - ok
13:21:28.0875 0364	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
13:21:29.0000 0364	RasAuto - ok
13:21:29.0031 0364	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:21:29.0171 0364	Rasl2tp - ok
13:21:29.0234 0364	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
13:21:29.0359 0364	RasMan - ok
13:21:29.0375 0364	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:21:29.0812 0364	RasPppoe - ok
13:21:29.0812 0364	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:21:30.0093 0364	Raspti - ok
13:21:30.0125 0364	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:21:30.0546 0364	Rdbss - ok
13:21:30.0578 0364	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:21:30.0781 0364	RDPCDD - ok
13:21:30.0828 0364	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:21:30.0890 0364	RDPWD - ok
13:21:30.0921 0364	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
13:21:31.0093 0364	RDSessMgr - ok
13:21:31.0156 0364	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:21:31.0312 0364	redbook - ok
13:21:31.0343 0364	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
13:21:31.0484 0364	RemoteAccess - ok
13:21:31.0500 0364	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
13:21:31.0609 0364	RpcLocator - ok
13:21:31.0671 0364	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
13:21:31.0687 0364	RpcSs - ok
13:21:31.0718 0364	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
13:21:31.0828 0364	RSVP - ok
13:21:31.0859 0364	RzSynapse       (2e2f0d988f6d46e5e5e84d9fcad39081) C:\WINDOWS\system32\DRIVERS\RzSynapse.sys
13:21:31.0875 0364	RzSynapse - ok
13:21:31.0921 0364	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:21:32.0062 0364	SamSs - ok
13:21:32.0078 0364	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
13:21:32.0203 0364	SCardSvr - ok
13:21:32.0250 0364	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
13:21:32.0531 0364	Schedule - ok
13:21:32.0656 0364	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:21:32.0703 0364	Secdrv - ok
13:21:32.0734 0364	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
13:21:32.0890 0364	seclogon - ok
13:21:32.0953 0364	Secunia PSI Agent - ok
13:21:32.0968 0364	Secunia Update Agent - ok
13:21:33.0031 0364	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
13:21:33.0156 0364	SENS - ok
13:21:33.0187 0364	Serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:21:33.0328 0364	Serenum - ok
13:21:33.0343 0364	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:21:33.0468 0364	Serial - ok
13:21:33.0531 0364	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:21:33.0656 0364	Sfloppy - ok
13:21:33.0687 0364	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
13:21:33.0828 0364	SharedAccess - ok
13:21:33.0859 0364	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:21:33.0875 0364	ShellHWDetection - ok
13:21:33.0890 0364	Simbad - ok
13:21:33.0906 0364	Sparrow - ok
13:21:33.0921 0364	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:21:34.0062 0364	splitter - ok
13:21:34.0093 0364	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:21:34.0156 0364	Spooler - ok
13:21:34.0250 0364	SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:21:34.0265 0364	SQLBrowser - ok
13:21:34.0312 0364	SQLWriter       (d89083c4eb02daca8f944b0e05e57f9d) C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:21:34.0312 0364	SQLWriter - ok
13:21:34.0343 0364	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:21:34.0406 0364	sr - ok
13:21:34.0453 0364	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
13:21:34.0500 0364	srservice - ok
13:21:34.0562 0364	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:21:34.0609 0364	Srv - ok
13:21:34.0640 0364	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
13:21:34.0703 0364	SSDPSRV - ok
13:21:34.0750 0364	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:21:34.0750 0364	ssmdrv - ok
13:21:34.0781 0364	Steam Client Service - ok
13:21:34.0828 0364	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
13:21:34.0968 0364	stisvc - ok
13:21:35.0000 0364	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:21:35.0140 0364	swenum - ok
13:21:35.0187 0364	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:21:35.0312 0364	swmidi - ok
13:21:35.0312 0364	SwPrv - ok
13:21:35.0328 0364	symc810 - ok
13:21:35.0343 0364	symc8xx - ok
13:21:35.0343 0364	sym_hi - ok
13:21:35.0359 0364	sym_u3 - ok
13:21:35.0390 0364	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:21:35.0500 0364	sysaudio - ok
13:21:35.0531 0364	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
13:21:35.0656 0364	SysmonLog - ok
13:21:35.0687 0364	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
13:21:35.0812 0364	TapiSrv - ok
13:21:35.0859 0364	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:21:35.0906 0364	Tcpip - ok
13:21:35.0937 0364	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:21:36.0046 0364	TDPIPE - ok
13:21:36.0078 0364	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:21:36.0187 0364	TDTCP - ok
13:21:36.0218 0364	teamviewervpn   (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
13:21:36.0281 0364	teamviewervpn - ok
13:21:36.0312 0364	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:21:36.0437 0364	TermDD - ok
13:21:36.0484 0364	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
13:21:36.0593 0364	TermService - ok
13:21:36.0640 0364	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:21:36.0656 0364	Themes - ok
13:21:36.0656 0364	TosIde - ok
13:21:36.0687 0364	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
13:21:36.0796 0364	TrkWks - ok
13:21:36.0859 0364	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:21:36.0968 0364	Udfs - ok
13:21:36.0984 0364	ultra - ok
13:21:37.0046 0364	UMWdf           (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
13:21:37.0093 0364	UMWdf - ok
13:21:37.0140 0364	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:21:37.0296 0364	Update - ok
13:21:37.0328 0364	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
13:21:37.0406 0364	upnphost - ok
13:21:37.0437 0364	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
13:21:38.0140 0364	UPS - ok
13:21:38.0265 0364	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:21:38.0406 0364	usbccgp - ok
13:21:38.0421 0364	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:21:38.0546 0364	usbehci - ok
13:21:38.0562 0364	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:21:38.0687 0364	usbhub - ok
13:21:38.0734 0364	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:21:38.0843 0364	usbohci - ok
13:21:38.0875 0364	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:21:38.0984 0364	usbprint - ok
13:21:39.0015 0364	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:21:39.0125 0364	usbscan - ok
13:21:39.0140 0364	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:21:39.0265 0364	usbstor - ok
13:21:39.0312 0364	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:21:39.0421 0364	VgaSave - ok
13:21:39.0421 0364	ViaIde - ok
13:21:39.0453 0364	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:21:39.0562 0364	VolSnap - ok
13:21:39.0578 0364	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
13:21:39.0640 0364	VSS - ok
13:21:39.0671 0364	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
13:21:39.0765 0364	W32Time - ok
13:21:39.0796 0364	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:21:39.0921 0364	Wanarp - ok
13:21:39.0984 0364	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
13:21:40.0000 0364	Wdf01000 - ok
13:21:40.0015 0364	WDICA - ok
13:21:40.0062 0364	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:21:40.0171 0364	wdmaud - ok
13:21:40.0187 0364	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
13:21:40.0312 0364	WebClient - ok
13:21:40.0390 0364	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:21:40.0515 0364	winmgmt - ok
13:21:40.0578 0364	WinRM           (f10075c2ec96d2eb118012e78ece2fc2) C:\WINDOWS\system32\WsmSvc.dll
13:21:40.0671 0364	WinRM - ok
13:21:40.0703 0364	WmdmPmSN        (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll
13:21:40.0734 0364	WmdmPmSN - ok
13:21:40.0765 0364	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:21:40.0890 0364	WmiApSrv - ok
13:21:41.0062 0364	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:21:41.0093 0364	WPFFontCache_v0400 - ok
13:21:41.0140 0364	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:21:41.0265 0364	WS2IFSL - ok
13:21:41.0312 0364	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
13:21:41.0453 0364	wscsvc - ok
13:21:41.0500 0364	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
13:21:41.0593 0364	wuauserv - ok
13:21:41.0656 0364	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
13:21:41.0781 0364	WZCSVC - ok
13:21:41.0812 0364	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
13:21:41.0953 0364	xmlprov - ok
13:21:41.0984 0364	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
13:21:43.0421 0364	\Device\Harddisk0\DR0 - ok
13:21:43.0875 0364	MBR (0x1B8)     (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR2
13:21:43.0984 0364	\Device\Harddisk1\DR2 - ok
13:21:44.0015 0364	Boot (0x1200)   (49e7ee72a70ed9c4b334473a31d66032) \Device\Harddisk0\DR0\Partition0
13:21:44.0015 0364	\Device\Harddisk0\DR0\Partition0 - ok
13:21:44.0015 0364	Boot (0x1200)   (7161788a168164ffddbd596a1f6eca23) \Device\Harddisk1\DR2\Partition0
13:21:44.0015 0364	\Device\Harddisk1\DR2\Partition0 - ok
13:21:44.0015 0364	============================================================
13:21:44.0015 0364	Scan finished
13:21:44.0015 0364	============================================================
13:21:44.0140 2516	Detected object count: 3
13:21:44.0140 2516	Actual detected object count: 3
13:24:01.0484 2516	DrvAgent32 ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:01.0484 2516	DrvAgent32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:24:01.0484 2516	MagicTune ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:01.0484 2516	MagicTune ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:24:01.0484 2516	MagicTuneEngine ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:01.0484 2516	MagicTuneEngine ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________

Alt 29.03.2012, 16:16   #4
Chris4You
 
100€ Virus blockiert meinen Rechner (XP) - Standard

100€ Virus blockiert meinen Rechner (XP)



Hi,

sieht eigentlich soweit gut aus. Posete noch das Log von GMER oder erstell eein neues...

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
DRV - (GPU-Z) -- C:\DOKUME~1\Micha\LOKALE~1\Temp\GPU-Z.sys File not found
DRV - (ECSIoDriver_1_1_0_0) -- C:\DOKUME~1\Micha\LOKALE~1\Temp\is-FC7LA.tmp\ECSIoDriver.sys File not found
O32 - AutoRun File - [2010.02.12 11:12:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.02.16 14:58:45 | 000,200,260 | ---- | M] () - D:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010.02.16 14:58:45 | 000,007,316 | ---- | M] () - D:\AUTO.pst -- [ NTFS ]

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = dword:0x00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = dword:0x00

:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 29.03.2012, 18:41   #5
Gorilla
 
100€ Virus blockiert meinen Rechner (XP) - Standard

100€ Virus blockiert meinen Rechner (XP)



hab zunächst den OTL fix laufen lassen:

Code:
ATTFilter
All processes killed
========== OTL ==========
Service GPU-Z stopped successfully!
Service GPU-Z deleted successfully!
File  C:\DOKUME~1\Micha\LOKALE~1\Temp\GPU-Z.sys File not found not found.
Service ECSIoDriver_1_1_0_0 stopped successfully!
Service ECSIoDriver_1_1_0_0 deleted successfully!
File  C:\DOKUME~1\Micha\LOKALE~1\Temp\is-FC7LA.tmp\ECSIoDriver.sys File not found not found.
C:\AUTOEXEC.BAT moved successfully.
D:\AUTO.pat moved successfully.
D:\AUTO.pst moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 180224 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 65721057 bytes
->Flash cache emptied: 57034 bytes
 
User: All Users
 
User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1340149 bytes
->FireFox cache emptied: 3357934 bytes
->Flash cache emptied: 343 bytes
 
User: Micha
->Temp folder emptied: 433883835 bytes
->Temporary Internet Files folder emptied: 39098511 bytes
->Java cache emptied: 379249 bytes
->FireFox cache emptied: 104870658 bytes
->Flash cache emptied: 57749 bytes
 
User: NetworkService
->Temp folder emptied: 458752 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2349610 bytes
%systemroot%\System32 .tmp files removed: 861063 bytes
%systemroot%\System32\dllcache .tmp files removed: 243200 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 345256 bytes
RecycleBin emptied: 304540 bytes
 
Total Files Cleaned = 624,00 mb
 
 
OTL by OldTimer - Version 3.2.39.2 log created on 03292012_171608

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
danach habe ich GMER scan gestartet, leider ohne erfolg.

erster versuch im normalen modus: system fror irgendwann ein, auch war unten kein pfad mer zu sehen, an dem man erkennen konnte, wo grad gescannt wird. nach 15 minuten habe ich gerebootet.

zweiter versuch im normalen modus brachte mir (an derselben stelle, meine ich) einen bluescreen (driver_irql_not_less_or_equal oder so ähnlich)

dritter versuch im abgesicherten modus siehe zweiter versuch

nach reboot sah ich im taskmanager den prozess savedump.exe, welchen ich noch nie zuvor sah. hab ihn beendet.


Alt 29.03.2012, 20:51   #6
Chris4You
 
100€ Virus blockiert meinen Rechner (XP) - Standard

100€ Virus blockiert meinen Rechner (XP)



Hi,

RootkitRevealer scannen lassen

Lade bitte RootkitRevealer runter und entpacke das Archiv in einen eigenen Ordner, z.B. C:\programmer\ootkitrevealer. Starte in diesem Ordner RootkitReavealer.exe. Alle anderen Programme schließen. Starte durch Klick auf "Scan".

Wenn der Scan fertig ist das Logfile mit File -> Save abspeichern, und hier im forum posten.

OSAM
Prüft Programme/Treiber die gestartet werden online.
Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread.

chris
__________________
--> 100€ Virus blockiert meinen Rechner (XP)

Alt 30.03.2012, 00:49   #7
Gorilla
 
100€ Virus blockiert meinen Rechner (XP) - Standard

100€ Virus blockiert meinen Rechner (XP)



Revealer:

Code:
ATTFilter
HKU\S-1-5-21-2025429265-162531612-839522115-1004\Console	18.11.2011 14:34	0 bytes	Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC*	12.02.2010 11:25	0 bytes	Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI*	12.02.2010 11:25	0 bytes	Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG*	14.02.2012 19:29	0 bytes	Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	07.10.2010 08:49	0 bytes	Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\CertMapping	07.10.2010 08:49	0 bytes	Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	07.10.2010 08:49	0 bytes	Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Listener	07.10.2010 08:49	0 bytes	Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin	07.10.2010 08:49	0 bytes	Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Service	07.10.2010 08:49	0 bytes	Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS	07.10.2010 08:49	0 bytes	Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS\CustomRemoteShell	07.10.2010 08:49	0 bytes	Security mismatch.
HKLM\SOFTWARE\Secunia\sua\Check	29.03.2012 23:52	40 bytes	Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Swearware\backup\winsock2	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010	17.11.2011 02:24	0 bytes	Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011	17.11.2011 02:24	0 bytes	Security mismatch.
C:\Programme\IObit\Advanced SystemCare 5\ASCServiceLog\2012-03-30.log	30.03.2012 00
         

OSAM:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:46:22 on 30.03.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 11.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"RTSndMgr.cpl" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\RTSndMgr.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ALSysIO" (ALSysIO) - ? - C:\DOKUME~1\Micha\LOKALE~1\Temp\ALSysIO.sys  (File not found)
"AMDPCI" (AMDPCI) - ? - C:\DOKUME~1\Micha\LOKALE~1\Temp\AMDPCI.sys  (File not found)
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Micha\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DrvAgent32" (DrvAgent32) - "Phoenix Technologies" - C:\WINDOWS\system32\Drivers\DrvAgent32.sys
"gdfg" (gdfg) - ? - C:\WINDOWS\System32\drivers\pqhv.sys  (File not found)
"HWiNFO32/64 Kernel Driver" (HWiNFO32) - "REALiX(tm)" - C:\Programme\HWiNFO32\HWiNFO32.SYS
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"LBeepKE" (LBeepKE) - "Logitech, Inc." - C:\WINDOWS\System32\Drivers\LBeepKE.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MagicTune" (MagicTune) - "Samsung Electronics, Inc. " - C:\WINDOWS\System32\drivers\MTiCtwl.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PSI" (PSI) - "Secunia" - C:\WINDOWS\System32\DRIVERS\psi_mf.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\kbcplext.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\mcplext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? -   (File not found | COM-object registry key not found)
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? -   (File not found | COM-object registry key not found)
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? -   (File not found | COM-object registry key not found)
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? -   (File not found | COM-object registry key not found)
{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{5B043439-4F53-436E-8CFE-28F80934DBE6} "PXCPreviewHandlerXP Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\PXCPrevHost.exe
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Programme\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.7.0_01" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170_01.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.7.0_01" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170_01.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_01" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170_01.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
{74DBCB52-F298-4110-951D-AD2FF67BC8AB} "NVIDIA Smart Scan" - "NVIDIA" - C:\WINDOWS\DOWNLO~1\NVIDIA~1.OCX / hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\ssv.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Micha\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Advanced SystemCare 5" - "IObit" - "C:\Programme\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
"nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nwiz.exe /installquiet
"Razer Naga Driver" - "Razer USA Ltd" - C:\Programme\Razer\Naga Epic\NagaEpicSysTray.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Advanced SystemCare Service 5" (AdvancedSystemCareService5) - "IObit" - C:\Programme\IObit\Advanced SystemCare 5\ASCService.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Java Quick Starter" (JavaQuickStarterService) - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jqs.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
"MagicTuneEngine" (MagicTuneEngine) - ? - C:\Programme\MagicTune Premium\MagicTuneEngine.exe  (File found, but it contains no detailed information)
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NUCVQHGSR" (NUCVQHGSR) - "Sysinternals - www.sysinternals.com" - C:\DOKUME~1\Micha\LOKALE~1\Temp\NUCVQHGSR.exe
"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"PostgreSQL Server 8.4" (postgresql-8.4) - "PostgreSQL Global Development Group" - C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Programme\Secunia\PSI\PSIA.exe
"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Programme\Secunia\PSI\sua.exe
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Alt 30.03.2012, 14:25   #8
Chris4You
 
100€ Virus blockiert meinen Rechner (XP) - Standard

100€ Virus blockiert meinen Rechner (XP)



Hi,

sieht gut aus, den Eintrag:
Code:
ATTFilter
"MVB" - ? - mvfs32.dll  (File not found)
         
mit OSAM deaktivieren (schaue dazu in den OSAM-Link)...

Verhält sich der Rechner normal (oder noch Umleitungen etc.)?

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 31.03.2012, 00:26   #9
Gorilla
 
100€ Virus blockiert meinen Rechner (XP) - Standard

100€ Virus blockiert meinen Rechner (XP)



Zitat:
Zitat von Chris4You Beitrag anzeigen
Hi,

sieht gut aus, den Eintrag:
Code:
ATTFilter
"MVB" - ? - mvfs32.dll  (File not found)
         
mit OSAM deaktivieren (schaue dazu in den OSAM-Link)...
done

Zitat:
Zitat von Chris4You Beitrag anzeigen
Verhält sich der Rechner normal (oder noch Umleitungen etc.)?
seit ich die beiden funde mit Malwarebytes gelöscht habe, zeigt der rechner keinerlei auffälligkeiten.

Alt 31.03.2012, 21:57   #10
Chris4You
 
100€ Virus blockiert meinen Rechner (XP) - Standard

100€ Virus blockiert meinen Rechner (XP)



Hi,

dann wären wir durch...
Rootkitre. und OSAM kannst Du löschen, auch C:\_OTL... MAM würde ich drauf lassen und ab- und an updaten und laufen lassen (Fullscan)...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 01.04.2012, 00:08   #11
Gorilla
 
100€ Virus blockiert meinen Rechner (XP) - Standard

100€ Virus blockiert meinen Rechner (XP)



jut, vielen herzlichen dank :-)

Antwort

Themen zu 100€ Virus blockiert meinen Rechner (XP)
anti-malware, autostart, blockiert, chkdsk, code, desktop, detected, einstellungen, explorer, file, gelöscht, google, malwarebytes, netzwerk, neustart, programme, rechner, registry, service pack 3, starten, system, taskmanager, temp, trojan.agent.ge, trojan.downloader.gen, virus



Ähnliche Themen: 100€ Virus blockiert meinen Rechner (XP)


  1. BKA Trojaner blockiert meinen Computer - Vorgehen?
    Plagegeister aller Art und deren Bekämpfung - 17.02.2014 (3)
  2. Crypt.ULPM.Gen2 Virus auf Vista Rechner mit 4 Benutzern / ein Benutzer blockiert
    Log-Analyse und Auswertung - 13.09.2013 (26)
  3. Massenemails über meinen Account, Trojaner oder Virus auf dem Rechner?
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (13)
  4. Win8 (sonyvaio) "nach" GVU-Virus Rundll-Fehlermeldung - wie bereinige ich meinen Rechner?
    Plagegeister aller Art und deren Bekämpfung - 08.08.2013 (13)
  5. Polizei Trojaner blockiert meinen Computer
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (2)
  6. Polizei Trojaner blockiert meinen Computer
    Plagegeister aller Art und deren Bekämpfung - 21.02.2013 (7)
  7. GVU Trojaner auf Win 7 Rechner. Bin gerade im Ausland unterwegs und brauche meinen Rechner dringend
    Log-Analyse und Auswertung - 29.01.2013 (10)
  8. Trojaner der meinen Rechner blockiert
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (5)
  9. GUV Trojaner 2.07 blockiert meinen Rechner
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (9)
  10. Suisa Virus blockiert meinen Windows 7 Rechner in jedem Modus meines Laptops
    Plagegeister aller Art und deren Bekämpfung - 03.05.2012 (23)
  11. Polizei Screen blockiert meinen Laptop
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (23)
  12. BKA Virus Blockiert Rechner und verlangt freischaltung via 100 Euro U-Kash
    Plagegeister aller Art und deren Bekämpfung - 22.08.2011 (21)
  13. Bundestrojaner blockiert alles an meinen Rechner und verlangt 100 Euro
    Plagegeister aller Art und deren Bekämpfung - 07.08.2011 (26)
  14. XP Security 2012 blockiert meinen Computer
    Log-Analyse und Auswertung - 21.06.2011 (1)
  15. Zugriff auf meinen Rechner?!
    Log-Analyse und Auswertung - 26.03.2010 (8)
  16. qttask.exe blockiert meinen Rechner
    Plagegeister aller Art und deren Bekämpfung - 22.07.2007 (1)
  17. Ich brauche Hilfe! Virus/Worm ist auf meinen Rechner
    Plagegeister aller Art und deren Bekämpfung - 10.05.2006 (7)

Zum Thema 100€ Virus blockiert meinen Rechner (XP) - guten morgen liebe helfer, nun hat es also auch mich erwischt. konnte meinen rechner bis eben nicht im normalen modus starten ohne diese BKA vollbild meldung zu bekommen, die den - 100€ Virus blockiert meinen Rechner (XP)...
Archiv
Du betrachtest: 100€ Virus blockiert meinen Rechner (XP) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.