Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PC hängt sich ständig auf bzw. startet neu

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.05.2012, 07:26   #1
Mia2501
 
PC hängt sich ständig auf bzw. startet neu - Standard

PC hängt sich ständig auf bzw. startet neu



Hallo,

ich hoffe sehr das sich hier jmd findet der mir helfen kann. Falls ich ins falsche Subforum poste, tut mir das leid!

Wie schon im Titel geschrieben, ist mein Problem, dass sich mein PC seit etwa 1,5 Wochen ständig aufhängt. Ich kann dann nichts anderes mehr tun, als den An/Aus Knopf zu drücken und neu zu starten. Bzw. wenn ich den Computer einfach in dem Zustand lasse, startet er irgendwann von alleine neu.
Ich habe bei einem PC Reperaturdienst angerufen, der mir geraten hat Combofix durchlaufen zu lassen. Danach wollte er sich von seinem PC aus bei mir einloggen und das Problem beheben, damit hab ich mich aber nicht so wohl gefühlt. Combofix habe ich aber trotzdem mal laufen lassen, hier ist das logfile:


Combofix Logfile:
Code:
ATTFilter
ComboFix 12-05-16.02 - Kim 16.05.2012  21:44:07.4.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2047.1065 [GMT 2:00]
ausgeführt von:: h:\users\Kim\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
h:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-16 bis 2012-05-16  ))))))))))))))))))))))))))))))
.
.
2012-05-16 19:53 . 2012-05-16 19:55	--------	d-----w-	h:\users\Kim\AppData\Local\temp
2012-05-16 19:53 . 2012-05-16 19:53	--------	d-----w-	h:\users\Default\AppData\Local\temp
2012-05-16 18:46 . 2012-05-16 19:40	--------	d-----w-	h:\programdata\Spybot - Search & Destroy
2012-05-16 18:46 . 2012-05-16 18:46	--------	d-----w-	h:\program files\Spybot - Search & Destroy
2012-05-15 17:48 . 2012-05-15 17:48	97961	----a-w-	h:\windows\system32\drivers\klick.dat
2012-05-15 17:48 . 2012-05-15 17:48	115369	----a-w-	h:\windows\system32\drivers\klin.dat
2012-05-15 17:46 . 2012-05-16 19:54	--------	d-----w-	h:\programdata\Kaspersky Lab
2012-05-15 17:46 . 2012-05-15 17:46	--------	d-----w-	h:\program files\Kaspersky Lab
2012-05-15 14:39 . 2012-05-16 05:28	56200	----a-w-	h:\programdata\Microsoft\Windows Defender\Definition Updates\{659F96C5-6DCE-4C3B-8F6B-FAD60676C421}\offreg.dll
2012-05-15 14:24 . 2012-05-15 14:24	226	----a-w-	H:\user.js
2012-05-15 14:15 . 2012-05-15 14:15	49528	----a-w-	h:\windows\system32\drivers\PktIcpt.sys
2012-05-15 14:06 . 2012-05-15 14:06	50040	----a-w-	h:\windows\system32\drivers\HookCentre.sys
2012-05-15 14:06 . 2012-05-15 14:06	90744	----a-w-	h:\windows\system32\drivers\MiniIcpt.sys
2012-05-15 14:06 . 2012-05-15 14:06	41848	----a-w-	h:\windows\system32\drivers\GDBehave.sys
2012-05-15 14:06 . 2012-05-15 14:06	54648	----a-w-	h:\windows\system32\drivers\gdwfpcd32.sys
2012-05-15 14:05 . 2012-05-15 17:46	--------	d-----w-	h:\programdata\G DATA
2012-05-15 14:05 . 2012-05-15 17:46	--------	d-----w-	h:\program files\Common Files\G Data
2012-05-15 14:05 . 2012-05-15 14:05	--------	d-----w-	h:\program files\G Data
2012-05-15 14:04 . 2012-05-15 14:04	--------	d-----w-	h:\users\Kim\AppData\Local\Downloaded Installations
2012-05-15 10:56 . 2012-04-13 07:36	6734704	----a-w-	h:\programdata\Microsoft\Windows Defender\Definition Updates\{659F96C5-6DCE-4C3B-8F6B-FAD60676C421}\mpengine.dll
2012-05-09 19:21 . 2012-03-31 04:29	936960	----a-w-	h:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 19:21 . 2012-03-31 04:30	1221632	----a-w-	h:\program files\Windows Journal\NBDoc.DLL
2012-05-09 19:20 . 2012-03-31 04:29	989184	----a-w-	h:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 19:20 . 2012-03-31 04:29	969216	----a-w-	h:\program files\Windows Journal\JNWDRV.dll
2012-05-09 19:20 . 2012-03-30 10:23	1291632	----a-w-	h:\windows\system32\drivers\tcpip.sys
2012-05-09 19:20 . 2012-03-31 04:39	3968368	----a-w-	h:\windows\system32\ntkrnlpa.exe
2012-05-09 19:20 . 2012-03-31 04:39	3913072	----a-w-	h:\windows\system32\ntoskrnl.exe
2012-05-09 19:20 . 2012-03-31 02:36	2343424	----a-w-	h:\windows\system32\win32k.sys
2012-05-09 19:20 . 2012-03-17 07:27	56176	----a-w-	h:\windows\system32\drivers\partmgr.sys
2012-05-09 19:20 . 2012-03-03 05:31	1077248	----a-w-	h:\windows\system32\DWrite.dll
2012-05-05 22:21 . 2012-05-05 22:21	--------	d-----w-	h:\program files\ProtectDisc Driver Installer
2012-05-05 22:21 . 2012-05-05 22:21	--------	d-----w-	h:\users\Kim\AppData\Roaming\ProtectDisc
2012-05-05 22:12 . 2012-05-05 22:16	--------	d-----w-	h:\program files\15 Days
2012-04-24 12:20 . 2012-05-15 13:30	--------	d-----w-	h:\programdata\AVAST Software
2012-04-24 12:20 . 2012-05-02 12:40	--------	d-----w-	h:\program files\AVAST Software
2012-04-18 19:11 . 2012-05-09 21:20	--------	d-----w-	h:\users\Kim\AppData\Local\Spotify
2012-04-18 19:08 . 2012-05-16 18:19	--------	d-----w-	h:\users\Kim\AppData\Roaming\Spotify
2012-04-18 17:43 . 2012-04-18 17:43	--------	d-----w-	h:\program files\Microsoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 20:21 . 2012-03-31 07:03	419488	----a-w-	h:\windows\system32\FlashPlayerApp.exe
2012-05-10 20:21 . 2011-09-06 11:57	70304	----a-w-	h:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-12 14:13 . 2009-10-29 04:48	499712	----a-w-	h:\windows\system32\msvcp71.dll
2012-04-12 14:13 . 2009-10-29 04:48	348160	----a-w-	h:\windows\system32\msvcr71.dll
2012-03-01 05:46 . 2012-04-11 17:57	19824	----a-w-	h:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-11 17:57	172544	----a-w-	h:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-11 17:57	159232	----a-w-	h:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 17:57	5120	----a-w-	h:\windows\system32\wmi.dll
2012-02-28 05:38 . 2012-04-11 01:00	981504	----a-w-	h:\windows\system32\wininet.dll
2012-02-28 03:52 . 2012-04-11 01:00	1638912	----a-w-	h:\windows\system32\mshtml.tlb
2012-02-23 08:18 . 2009-11-20 19:43	237072	------w-	h:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-14 00:33	826880	----a-w-	h:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 00:33	183808	----a-w-	h:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 00:33	24576	----a-w-	h:\windows\system32\drivers\tdtcp.sys
2012-04-21 01:18 . 2012-05-15 13:08	97208	----a-w-	h:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	h:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	h:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	h:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="h:\users\Kim\AppData\Roaming\Spotify\Spotify.exe" [2012-04-18 4011184]
"Sidebar"="h:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SpybotSD TeaTimer"="h:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="h:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"B2C_AGENT"="h:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"Adobe ARM"="h:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"CanonSolutionMenu"="h:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="h:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"SunJavaUpdateSched"="h:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"DivXUpdate"="h:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"TkBellExe"="h:\program files\Real\RealPlayer\Update\realsched.exe" [2012-04-12 296056]
"AVP"="h:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
h:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - h:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-25 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\H:^Users^Kim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=h:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=h:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\H:^Users^Kim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=h:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=h:\windows\pss\ZooskMessenger.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16	357696	----a-w-	h:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36	2793304	----a-w-	h:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-04-28 07:59	220552	----a-w-	h:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08	417792	----a-w-	h:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;h:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca6a2ec3046730;Google Update Service (gupdate1ca6a2ec3046730);h:\program files\Google\Update\GoogleUpdate.exe [2009-11-20 133104]
R2 SkypeUpdate;Skype Updater;h:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;h:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 257696]
R3 androidusb;ADB Interface Driver;h:\windows\system32\Drivers\androidusb.sys [2010-04-29 26112]
R3 ewusbnet;HUAWEI USB-NDIS miniport;h:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 201168]
R3 GDPkIcpt;GDPkIcpt;h:\windows\system32\drivers\PktIcpt.sys [2012-05-15 49528]
R3 gupdatem;Google Update-Dienst (gupdatem);h:\program files\Google\Update\GoogleUpdate.exe [2009-11-20 133104]
R3 hwusbdev;Huawei DataCard USB PNP Device;h:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 MozillaMaintenance;Mozilla Maintenance Service;h:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 TsUsbFlt;TsUsbFlt;h:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;h:\windows\system32\Wat\WatAdminSvc.exe [2010-09-13 1343400]
S0 GDBehave;GDBehave;h:\windows\system32\drivers\GDBehave.sys [2012-05-15 41848]
S0 sptd;sptd;h:\windows\System32\Drivers\sptd.sys [2010-11-22 691696]
S1 GDMnIcpt;GDMnIcpt;h:\windows\system32\drivers\MiniIcpt.sys [2012-05-15 90744]
S1 gdwfpcd;G Data WFP CD;h:\windows\system32\drivers\gdwfpcd32.sys [2012-05-15 54648]
S1 HookCentre;HookCentre;h:\windows\system32\drivers\HookCentre.sys [2012-05-15 50040]
S1 kl2;kl2;h:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;h:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 acedrv11;acedrv11;h:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 AdobeARMservice;Adobe Acrobat Update Service;h:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 SBSDWSCService;SBSD Security Center Service;h:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;h:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 klmouflt;Kaspersky Lab KLMOUFLT;h:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-16 h:\windows\Tasks\Adobe Flash Player Updater.job
- h:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 20:21]
.
2012-05-16 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-11-20 22:13]
.
2012-05-16 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-11-20 22:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Hinzufügen zu Anti-Banner - h:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - h:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{14ED8FDB-1A29-4EF7-98F7-579FCD1ADA4D}: NameServer = 212.23.115.148 212.23.97.3
TCP: Interfaces\{697A8CBB-599D-4462-A392-754B18E307B5}: NameServer = 212.23.115.148 212.23.97.3
TCP: Interfaces\{EF44B8B0-61D3-4614-B5CF-95B8CFA6D121}: NameServer = 212.23.115.148 212.23.97.3
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5764)
h:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
h:\windows\system32\nvvsvc.exe
h:\program files\NVIDIA Corporation\Display\NvXDSync.exe
h:\windows\system32\nvvsvc.exe
h:\program files\Canon\IJPLM\IJPLMSVC.EXE
h:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
h:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
h:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
h:\windows\system32\WUDFHost.exe
h:\windows\system32\taskhost.exe
h:\windows\system32\conhost.exe
h:\windows\system32\sppsvc.exe
h:\program files\Windows Media Player\wmpnetwk.exe
h:\\?\h:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-16  21:59:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-16 19:59
ComboFix2.txt  2012-05-16 05:42
ComboFix3.txt  2012-05-15 16:52
.
Vor Suchlauf: 20 Verzeichnis(se), 86.683.181.056 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 86.627.614.720 Bytes frei
.
- - End Of File - - DFC066B4A6FBA304EAD2651326BA563A
         
--- --- ---



Es wäre wirklich toll wenn mir jmd helfen könnte!

Habe gerade in der Anleitung gelesen dass ihr noch mehr Infos braucht. Also:



DDS
.DDS Logfile:
DDS Logfile:
Code:
ATTFilter
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.2.1
Run by Kim at 9:01:02 on 2012-05-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2047.1108 [GMT 2:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
H:\Windows\system32\wininit.exe
H:\Windows\system32\lsm.exe
H:\Windows\system32\svchost.exe -k DcomLaunch
H:\Windows\system32\nvvsvc.exe
H:\Windows\system32\svchost.exe -k RPCSS
H:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
H:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
H:\Windows\system32\svchost.exe -k netsvcs
H:\Windows\system32\svchost.exe -k LocalService
H:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
H:\Windows\system32\nvvsvc.exe
H:\Windows\system32\svchost.exe -k NetworkService
H:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
H:\Windows\System32\spoolsv.exe
H:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
H:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
H:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
H:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
H:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
H:\Windows\system32\svchost.exe -k imgsvc
H:\Windows\System32\svchost.exe -k secsvcs
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
H:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
H:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
H:\Windows\system32\taskhost.exe
H:\Windows\system32\taskeng.exe
H:\Windows\system32\WUDFHost.exe
H:\Windows\system32\Dwm.exe
H:\Windows\Explorer.EXE
H:\Windows\system32\taskeng.exe
H:\Program Files\Microsoft IntelliPoint\ipoint.exe
H:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
H:\Program Files\Common Files\Java\Java Update\jusched.exe
H:\Program Files\DivX\DivX Update\DivXUpdate.exe
H:\Program Files\Real\RealPlayer\Update\realsched.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Windows\system32\SearchIndexer.exe
H:\Windows\system32\SearchProtocolHost.exe
H:\Windows\system32\SearchFilterHost.exe
H:\Program Files\Windows Media Player\wmpnetwk.exe
H:\Windows\System32\svchost.exe -k LocalServicePeerNet
H:\Windows\system32\taskhost.exe
H:\Windows\system32\sppsvc.exe
H:\Windows\system32\conhost.exe
H:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - h:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - h:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - h:\program files\spybot - search & destroy\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - h:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - h:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - h:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
uRun: [Spotify] "h:\users\kim\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
uRun: [SpybotSD TeaTimer] h:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Sidebar] h:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [IntelliPoint] "h:\program files\microsoft intellipoint\ipoint.exe"
mRun: [B2C_AGENT] h:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe
mRun: [Adobe ARM] "h:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CanonSolutionMenu] h:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] h:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SunJavaUpdateSched] "h:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "h:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "h:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AVP] "h:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
StartupFolder: h:\progra~3\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - h:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Hinzufügen zu Anti-Banner - h:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - h:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - h:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - h:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - h:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{14ED8FDB-1A29-4EF7-98F7-579FCD1ADA4D} : NameServer = 212.23.115.148 212.23.97.3
TCP: Interfaces\{34B85B4A-5399-4815-8722-3E180644F2E5} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{697A8CBB-599D-4462-A392-754B18E307B5} : NameServer = 212.23.115.148 212.23.97.3
TCP: Interfaces\{BA1392CB-05F0-44A0-9DC1-F7B817291529} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E898F43E-F623-410F-90D3-5D6EBCBE3DF7} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{EF44B8B0-61D3-4614-B5CF-95B8CFA6D121} : NameServer = 212.23.115.148 212.23.97.3
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - h:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - h:\progra~2\common~1\skype\SKYPE4~1.DLL
Notify: klogon - h:\windows\system32\klogon.dll
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;h:\windows\system32\drivers\GDBehave.sys [2012-5-15 41848]
R1 GDMnIcpt;GDMnIcpt;h:\windows\system32\drivers\MiniIcpt.sys [2012-5-15 90744]
R1 gdwfpcd;G Data WFP CD;h:\windows\system32\drivers\gdwfpcd32.sys [2012-5-15 54648]
R1 HookCentre;HookCentre;h:\windows\system32\drivers\HookCentre.sys [2012-5-15 50040]
R1 kl2;kl2;h:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;h:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
R2 acedrv11;acedrv11;h:\windows\system32\drivers\acedrv11.sys [2009-1-19 277544]
R2 AdobeARMservice;Adobe Acrobat Update Service;h:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVP;Kaspersky Anti-Virus Service;h:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296]
R2 SBSDWSCService;SBSD Security Center Service;h:\program files\spybot - search & destroy\SDWinSec.exe [2012-5-16 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;h:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 klmouflt;Kaspersky Lab KLMOUFLT;h:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;h:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca6a2ec3046730;Google Update Service (gupdate1ca6a2ec3046730);h:\program files\google\update\GoogleUpdate.exe [2009-11-21 133104]
S2 SkypeUpdate;Skype Updater;h:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;h:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 257696]
S3 androidusb;ADB Interface Driver;h:\windows\system32\drivers\androidusb.sys [2010-4-29 26112]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;h:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ewusbnet;HUAWEI USB-NDIS miniport;h:\windows\system32\drivers\ewusbnet.sys [2012-3-29 201168]
S3 GDPkIcpt;GDPkIcpt;h:\windows\system32\drivers\PktIcpt.sys [2012-5-15 49528]
S3 gupdatem;Google Update-Dienst (gupdatem);h:\program files\google\update\GoogleUpdate.exe [2009-11-21 133104]
S3 hwusbdev;Huawei DataCard USB PNP Device;h:\windows\system32\drivers\ewusbdev.sys [2012-3-29 101120]
S3 MozillaMaintenance;Mozilla Maintenance Service;h:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-15 129976]
S3 TsUsbFlt;TsUsbFlt;h:\windows\system32\drivers\TsUsbFlt.sys [2011-4-14 52224]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;h:\windows\system32\wat\WatAdminSvc.exe [2010-9-13 1343400]
.
=============== Created Last 30 ================
.
2012-05-16 19:59:16	--------	d-sh--w-	H:\$RECYCLE.BIN
2012-05-16 19:53:45	--------	d-----w-	h:\users\kim\appdata\local\temp
2012-05-16 19:42:36	--------	d-----w-	H:\ComboFix
2012-05-16 18:46:31	--------	d-----w-	h:\programdata\Spybot - Search & Destroy
2012-05-16 18:46:31	--------	d-----w-	h:\program files\Spybot - Search & Destroy
2012-05-15 17:48:05	97961	----a-w-	h:\windows\system32\drivers\klick.dat
2012-05-15 17:48:05	115369	----a-w-	h:\windows\system32\drivers\klin.dat
2012-05-15 17:46:45	--------	d-----w-	h:\programdata\Kaspersky Lab
2012-05-15 17:46:45	--------	d-----w-	h:\program files\Kaspersky Lab
2012-05-15 14:39:58	56200	----a-w-	h:\programdata\microsoft\windows defender\definition updates\{659f96c5-6dce-4c3b-8f6b-fad60676c421}\offreg.dll
2012-05-15 14:35:35	98816	----a-w-	h:\windows\sed.exe
2012-05-15 14:35:35	518144	----a-w-	h:\windows\SWREG.exe
2012-05-15 14:35:35	256000	----a-w-	h:\windows\PEV.exe
2012-05-15 14:35:35	208896	----a-w-	h:\windows\MBR.exe
2012-05-15 14:15:56	49528	----a-w-	h:\windows\system32\drivers\PktIcpt.sys
2012-05-15 14:06:04	50040	----a-w-	h:\windows\system32\drivers\HookCentre.sys
2012-05-15 14:06:03	90744	----a-w-	h:\windows\system32\drivers\MiniIcpt.sys
2012-05-15 14:06:02	41848	----a-w-	h:\windows\system32\drivers\GDBehave.sys
2012-05-15 14:06:00	54648	----a-w-	h:\windows\system32\drivers\gdwfpcd32.sys
2012-05-15 14:05:23	--------	d-----w-	h:\programdata\G DATA
2012-05-15 14:05:23	--------	d-----w-	h:\program files\G Data
2012-05-15 14:05:23	--------	d-----w-	h:\program files\common files\G Data
2012-05-15 14:04:33	--------	d-----w-	h:\users\kim\appdata\local\Downloaded Installations
2012-05-15 10:56:13	6734704	----a-w-	h:\programdata\microsoft\windows defender\definition updates\{659f96c5-6dce-4c3b-8f6b-fad60676c421}\mpengine.dll
2012-05-09 19:21:03	936960	----a-w-	h:\program files\common files\microsoft shared\ink\journal.dll
2012-05-09 19:21:00	1221632	----a-w-	h:\program files\windows journal\NBDoc.DLL
2012-05-09 19:20:58	989184	----a-w-	h:\program files\windows journal\JNTFiltr.dll
2012-05-09 19:20:58	969216	----a-w-	h:\program files\windows journal\JNWDRV.dll
2012-05-09 19:20:53	1291632	----a-w-	h:\windows\system32\drivers\tcpip.sys
2012-05-09 19:20:23	3968368	----a-w-	h:\windows\system32\ntkrnlpa.exe
2012-05-09 19:20:21	3913072	----a-w-	h:\windows\system32\ntoskrnl.exe
2012-05-09 19:20:21	2343424	----a-w-	h:\windows\system32\win32k.sys
2012-05-09 19:20:19	56176	----a-w-	h:\windows\system32\drivers\partmgr.sys
2012-05-09 19:20:10	1077248	----a-w-	h:\windows\system32\DWrite.dll
2012-05-05 22:21:49	--------	d-----w-	h:\program files\ProtectDisc Driver Installer
2012-05-05 22:21:45	--------	d-----w-	h:\users\kim\appdata\roaming\ProtectDisc
2012-05-05 22:12:29	--------	d-----w-	h:\program files\15 Days
2012-04-24 12:20:41	--------	d-----w-	h:\programdata\AVAST Software
2012-04-24 12:20:41	--------	d-----w-	h:\program files\AVAST Software
2012-04-18 19:11:27	--------	d-----w-	h:\users\kim\appdata\local\Spotify
2012-04-18 19:08:24	--------	d-----w-	h:\users\kim\appdata\roaming\Spotify
2012-04-18 17:43:32	--------	d-----w-	h:\program files\Microsoft
.
==================== Find3M  ====================
.
2012-05-10 20:21:06	70304	----a-w-	h:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-10 20:21:06	419488	----a-w-	h:\windows\system32\FlashPlayerApp.exe
2012-04-12 14:13:09	499712	----a-w-	h:\windows\system32\msvcp71.dll
2012-04-12 14:13:09	348160	----a-w-	h:\windows\system32\msvcr71.dll
2012-03-01 05:46:57	19824	----a-w-	h:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37:41	172544	----a-w-	h:\windows\system32\wintrust.dll
2012-03-01 05:33:23	159232	----a-w-	h:\windows\system32\imagehlp.dll
2012-03-01 05:29:16	5120	----a-w-	h:\windows\system32\wmi.dll
2012-02-28 05:38:52	981504	----a-w-	h:\windows\system32\wininet.dll
2012-02-28 03:52:27	1638912	----a-w-	h:\windows\system32\mshtml.tlb
2012-02-23 08:18:36	237072	------w-	h:\windows\system32\MpSigStub.exe
.
============= FINISH:  9:03:08,98 ===============
         
[/CODE]
--- --- ---
--- --- ---



ATTACH:



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20.11.2009 20:29:14
System Uptime: 17.05.2012 08:58:08 (1 hours ago)
.
Motherboard: BIOSTAR Group | | GF7025-M2 TE
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/200mhz
.
==== Disk Partitions =========================
.
D: is CDROM ()
F: is Removable
G: is Removable
H: is FIXED (NTFS) - 149 GiB total, 80,819 GiB free.
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
Description: ECP-Druckeranschluss
Device ID: ACPI\PNP0401\1
Manufacturer: (Standardanschlusstypen)
Name: ECP-Druckeranschluss (LPT1)
PNP Device ID: ACPI\PNP0401\1
Service: Parport
.
Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
Description: Kommunikationsanschluss
Device ID: ACPI\PNP0501\1
Manufacturer: (Standardanschlusstypen)
Name: Kommunikationsanschluss (COM5)
PNP Device ID: ACPI\PNP0501\1
Service: Serial
.
Class GUID: {4d36e969-e325-11ce-bfc1-08002be10318}
Description: Standard-Diskettenlaufwerkcontroller
Device ID: ACPI\PNP0700\4&36BE2ADB&0
Manufacturer: (Standard-Diskettenlaufwerkcontroller)
Name: Standard-Diskettenlaufwerkcontroller
PNP Device ID: ACPI\PNP0700\4&36BE2ADB&0
Service: fdc
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Parvdm
Device ID: ROOT\LEGACY_PARVDM\0000
Manufacturer:
Name: Parvdm
PNP Device ID: ROOT\LEGACY_PARVDM\0000
Service: Parvdm
.
==== System Restore Points ===================
.
RP379: 06.05.2012 00:17:28 - DirectX wurde installiert
RP380: 09.05.2012 02:12:02 - Windows Update
RP381: 09.05.2012 23:24:05 - Windows Update
RP382: 15.05.2012 12:55:37 - Windows Update
RP383: 15.05.2012 14:56:06 - Wiederherstellungsvorgang
RP384: 15.05.2012 15:28:03 - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
15 Days
AC3Filter (remove only)
AC3Filter 1.63b
Ace DivX Player
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Deutsch
Adobe Shockwave Player 11.6
Amazon MP3-Downloader 1.0.9
Android SDK Tools
Apple Application Support
Apple Software Update
Canon iP3600 series Benutzerregistrierung
Canon iP3600 series Printer Driver
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CanoScan Toolbox Ver4.5
CCleaner
ContentSAFER for Wizmax
D3DX10
DivX-Setup
DivX Plus DirectShow Filters
Dropbox
Facebook Plug-In
Google Chrome
Google Update Helper
Inkjet Printer/Scanner Extended Survey Program
IsoBuster 2.8
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 2
Java(TM) SE Development Kit 7 Update 2
JavaFX 2.0.2
JavaFX 2.0.2 SDK
JDownloader
Kaspersky Internet Security 2012
Lame ACM MP3 Codec
LG SP USB Driver
LG USB Modem Driver
Logitech Vid HD
Logitech Webcam Software
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mobile Partner
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Treiber 260.99
NVIDIA Grafiktreiber 260.99
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 260.99
OpenEtna WinFlasher
PDF24 Creator 3.0.0
Power MP3 WMA Converter 2006, (ver 3.42)
ProtectDisc Driver, Version 11
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
SamsungMediaStudio
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Click to Call
Skype™ 5.8
Spotify
Spybot - Search & Destroy
Sweet Home 3D version 3.4
swMSM
TubeBox!
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR
XviD MPEG-4 Video Codec
Yahoo! Detect
Yontoo Layers Runtime 1.10.01
.
==== End Of File ===========================




GMER:


GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-17 08:53:56
Windows 6.1.7601 Service Pack 1 
Running: ruptkvow.exe; Driver: H:\Users\Kim\AppData\Local\Temp\uwldqpow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwAdjustPrivilegesToken [0x8F03F28A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwAlpcConnectPort [0x8F059342]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwAlpcCreatePort [0x8F059678]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwAlpcSendWaitReceivePort [0x8F0599EE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwClose [0x8F03FD04]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwConnectPort [0x8F05902A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwCreateEvent [0x8F040276]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwCreateMutant [0x8F040164]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwCreatePort [0x8F0594E8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwCreateSection [0x8F03F046]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwCreateSemaphore [0x8F04038E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwCreateThread [0x8F03F8BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwCreateThreadEx [0x8F03FA2A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwCreateUserProcess [0x8F0404A6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwCreateWaitablePort [0x8F0595B0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwDebugActiveProcess [0x8F04074E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwDeviceIoControlFile [0x8F03FD46]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwDuplicateObject [0x8F041750]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwLoadDriver [0x8F040840]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwMapViewOfSection [0x8F040DAC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwNotifyChangeKey [0x8F057840]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwOpenEvent [0x8F040308]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwOpenMutant [0x8F0401F0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwOpenProcess [0x8F03F4C4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwOpenSection [0x8F040B90]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwOpenSemaphore [0x8F040420]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwOpenThread [0x8F03F3B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwQueryDirectoryObject [0x8F04055C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwQueryObject [0x8F057A38]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwQuerySection [0x8F0410D2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwQueueApcThread [0x8F0409E0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwReplyPort [0x8F0597DC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwReplyWaitReceivePort [0x8F05972A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwRequestWaitReplyPort [0x8F059848]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwResumeThread [0x8F0415F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwSecureConnectPort [0x8F0591B2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwSetContextThread [0x8F03FBA4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwSetInformationToken [0x8F0405FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwSetSystemInformation [0x8F041222]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwSuspendProcess [0x8F041316]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwSuspendThread [0x8F041450]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwSystemDebugControl [0x8F040670]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwTerminateProcess [0x8F03F664]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwTerminateThread [0x8F03F5BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwUnmapViewOfSection [0x8F040F8A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                ZwWriteVirtualMemory [0x8F03F750]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                            82C473C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82C80D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                                                 82C87D8C 4 Bytes  [8A, F2, 03, 8F]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                                 82C87DB4 8 Bytes  [42, 93, 05, 8F, 78, 96, 05, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                                                 82C87DF8 4 Bytes  [EE, 99, 05, 8F]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                                                 82C87E24 4 Bytes  [04, FD, 03, 8F]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                                                 82C87E48 4 Bytes  [2A, 90, 05, 8F]
.text           ...                                                                                                                 
?               System32\Drivers\spms.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                               8F739DB9 5 Bytes  JMP 866F61D8 
.text           aosr2g5w.SYS                                                                                                        91301000 12 Bytes  [44, 08, 02, 83, EE, 06, 02, ...] {INC ESP; OR [EDX], AL; SUB ESI, 0x6; ADD AL, [EBX-0x7cfe1860]}
.text           aosr2g5w.SYS                                                                                                        9130100D 9 Bytes  [E7, 01, 83, 48, 0B, 02, 83, ...] {OUT 0x1, EAX; OR DWORD [EAX+0xb], 0x2; ADD DWORD [EAX], 0x0}
.text           aosr2g5w.SYS                                                                                                        91301017 170 Bytes  [00, DE, 27, F3, 83, E6, 25, ...]
.text           aosr2g5w.SYS                                                                                                        913010C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text           aosr2g5w.SYS                                                                                                        913010CE 4 Bytes  [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                 
.reloc          H:\Windows\system32\drivers\acedrv11.sys                                                                            section is executable [0x9C094300, 0x25D4C, 0xE0000060]
.text           H:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0x9C0BB300, 0x3B6D8, 0xE8000020]
.text           H:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0x9C0FE300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

?               H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1808] H:\Windows\SYSTEM32\ntdll.dll         time/date stamp mismatch; 
.text           H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1808] ntdll.dll!NtProtectVirtualMemory      77BF5F18 5 Bytes  JMP 6AC91765 H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?               H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1808] H:\Windows\system32\kernel32.dll      time/date stamp mismatch; unknown module: KERNELBASE.dll
.text           H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1808] USER32.dll!NotifyWinEvent + 6AE       779BD66C 4 Bytes  [E0, 13, 54, 67]
?               H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1952] H:\Windows\SYSTEM32\ntdll.dll         time/date stamp mismatch; 
.text           H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1952] ntdll.dll!NtProtectVirtualMemory      77BF5F18 5 Bytes  JMP 6AC91765 H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?               H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1952] H:\Windows\system32\kernel32.dll      time/date stamp mismatch; unknown module: KERNELBASE.dll
.text           H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1952] USER32.dll!NotifyWinEvent + 6AE       779BD66C 4 Bytes  [E0, 13, 54, 67]
.text           H:\Program Files\Mozilla Firefox\firefox.exe[3736] ntdll.dll!LdrLoadDll                                             77C1223E 5 Bytes  JMP 66A2C930 H:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           H:\Program Files\Mozilla Firefox\firefox.exe[3736] kernel32.dll!MapViewOfFile                                       765993DB 5 Bytes  JMP 66C5E083 H:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           H:\Program Files\Mozilla Firefox\firefox.exe[3736] kernel32.dll!VirtualAlloc                                        7659C43A 5 Bytes  JMP 66C5E0AA H:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           H:\Program Files\Mozilla Firefox\firefox.exe[3736] USER32.dll!SetWindowLongA                                        779A8BA3 5 Bytes  JMP 66DB5C85 H:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           H:\Program Files\Mozilla Firefox\firefox.exe[3736] USER32.dll!SetWindowLongW                                        779B4449 5 Bytes  JMP 66DB5C25 H:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           H:\Program Files\Mozilla Firefox\firefox.exe[3736] GDI32.dll!CreateDIBSection                                       767E8850 5 Bytes  JMP 66C5E00D H:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           H:\Program Files\Real\RealPlayer\Update\realsched.exe[4040] kernel32.dll!SetUnhandledExceptionFilter                7659F4FB 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              861281F8
Device          \Driver\usbohci \Device\USBPDO-0                                                                                    8670B500
Device          \Driver\usbehci \Device\USBPDO-1                                                                                    866431F8
Device          \Driver\usbohci \Device\USBPDO-2                                                                                    8670B500
Device          \Driver\usbehci \Device\USBPDO-3                                                                                    866431F8

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                             kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device          \Driver\USBSTOR \Device\00000070                                                                                    8655D1F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              861241F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000071                                                                                    8655D1F8
Device          \Driver\PCI_PNP1264 \Device\00000058                                                                                spms.sys
Device          \Driver\USBSTOR \Device\00000072                                                                                    8655D1F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              861241F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                        865553E0
Device          \Driver\sptd \Device\1148035264                                                                                     spms.sys
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3                                                                         861261F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  861261F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  861261F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  861261F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  861261F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-7                                                                         861261F8
Device          \Driver\USBSTOR \Device\00000073                                                                                    8655D1F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                              861241F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume4                                                                              861241F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume5                                                                              861241F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             8670C1F8
Device          \Driver\ACPI_HAL \Device\0000004e                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                                             kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                           kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device          \Driver\usbohci \Device\USBFDO-0                                                                                    8670B500
Device          \Driver\usbehci \Device\USBFDO-1                                                                                    866431F8
Device          \Driver\usbohci \Device\USBFDO-2                                                                                    8670B500
Device          \Driver\USBSTOR \Device\0000006f                                                                                    8655D1F8
Device          \Driver\usbehci \Device\USBFDO-3                                                                                    866431F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{BA1392CB-05F0-44A0-9DC1-F7B817291529}                                            8670C1F8
Device          \Driver\aosr2g5w \Device\Scsi\aosr2g5w1                                                                             86889500

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 H:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x56 0x1D 0x62 0x76 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x41 0xDA 0x93 0xFD ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xB8 0x8F 0x90 0x82 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0xC3 0x0E 0x7B 0x22 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                0x8E 0x01 0xA9 0xB1 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12                0xE4 0x92 0x50 0xD4 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     H:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x56 0x1D 0x62 0x76 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x41 0xDA 0x93 0xFD ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xB8 0x8F 0x90 0x82 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0xC3 0x0E 0x7B 0x22 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                    0x8E 0x01 0xA9 0xB1 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12                    0xE4 0x92 0x50 0xD4 ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Keiner da der helfen kann??

Geändert von Mia2501 (17.05.2012 um 08:10 Uhr)

Alt 17.05.2012, 19:52   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC hängt sich ständig auf bzw. startet neu - Standard

PC hängt sich ständig auf bzw. startet neu



Combofix ist eigentlich kein Spielzeug, das setzt man nur gezielt nur Malwarebekämpfung ein und nicht einfach so weil der Rechner hin und wieder abstürzt. Da hat dir der tolle Reparaturdienst einen ziemlichen unsinnigen Tipp gegeben

Zitat:
Wie schon im Titel geschrieben, ist mein Problem, dass sich mein PC seit etwa 1,5 Wochen ständig aufhängt.
Da stellt sich auf jeden Fall die Frage was du denn vor 1,5 Wochen verändert hast am System
__________________

__________________

Alt 17.05.2012, 19:59   #3
Mia2501
 
PC hängt sich ständig auf bzw. startet neu - Standard

PC hängt sich ständig auf bzw. startet neu



Hm, eigentlich hab ich gar nichts verändert. Das einzige was mir einfällt ist, ich hatte vorher Avira drauf, dass mich aber genervt hat, weil ständig diese Werbefenster aufgegangen sind. Also habe ich Avira deinstalliert und stattdessen Avast installiert. Eine andere Veränderung gabs nicht.
__________________

Alt 17.05.2012, 21:47   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC hängt sich ständig auf bzw. startet neu - Standard

PC hängt sich ständig auf bzw. startet neu



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.05.2012, 11:41   #5
Mia2501
 
PC hängt sich ständig auf bzw. startet neu - Standard

PC hängt sich ständig auf bzw. startet neu



Ok, habe Malwarebytes durchlaufen lassen, hier das Ergebniss:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.18.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Kim :: KIM-PC [Administrator]

18.05.2012 08:32:23
mbam-log-2012-05-18 (08-32-23).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 392022
Laufzeit: 2 Stunde(n), 48 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)



(Ende)
         

werde dann jetzt eset ausführen

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d532c0e386097d448ccd9c3b5d7fbcb3
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-18 10:48:16
# local_time=2012-05-18 12:48:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 234050 234050 0 0
# compatibility_mode=1797 16774142 0 1 2071948 2071948 0 0
# compatibility_mode=4096 16777215 100 0 247332 247332 0 0
# compatibility_mode=5893 16776573 100 94 15847 88969246 0 0
# compatibility_mode=8192 67108863 100 0 124 124 0 0
# scanned=2449
# found=0
# cleaned=0
# scan_time=41
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d532c0e386097d448ccd9c3b5d7fbcb3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-18 01:36:06
# local_time=2012-05-18 03:36:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT 
# compatibility_mode=1280 16777215 100 0 234215 234215 0 0
# compatibility_mode=1797 16774142 0 1 2072113 2072113 0 0
# compatibility_mode=4096 16777215 100 0 247497 247497 0 0
# compatibility_mode=5893 16776573 100 94 16012 88969411 0 0
# compatibility_mode=8192 67108863 100 0 289 289 0 0
# scanned=217818
# found=7
# cleaned=0
# scan_time=9945
H:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
H:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll	a variant of Win32/Adware.Yontoo.A application (unable to clean)	00000000000000000000000000000000	I
H:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application (unable to clean)	00000000000000000000000000000000	I
H:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application (unable to clean)	00000000000000000000000000000000	I
H:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application (unable to clean)	00000000000000000000000000000000	I
H:\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application (unable to clean)	00000000000000000000000000000000	I
H:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\3f5641c8-478e2589	a variant of Java/TrojanDownloader.Agent.NBK trojan (unable to clean)	00000000000000000000000000000000	I
         


Alt 19.05.2012, 12:04   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC hängt sich ständig auf bzw. startet neu - Standard

PC hängt sich ständig auf bzw. startet neu



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> PC hängt sich ständig auf bzw. startet neu

Alt 20.05.2012, 07:30   #7
Mia2501
 
PC hängt sich ständig auf bzw. startet neu - Standard

PC hängt sich ständig auf bzw. startet neu



So, hier nun das log von OTL

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.05.2012 00:42:32 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = H:\Users\Kim\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,54% Memory free
4,00 Gb Paging File | 2,44 Gb Available in Paging File | 61,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files
Drive H: | 149,04 Gb Total Space | 78,32 Gb Free Space | 52,55% Space Free | Partition Type: NTFS
 
Computer Name: KIM-PC | User Name: Kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.19 13:09:12 | 000,595,456 | ---- | M] (OldTimer Tools) -- H:\Users\Kim\Desktop\OTL.exe
PRC - [2012.04.12 16:13:10 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- H:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- H:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- H:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\taskhost.exe
PRC - [2010.10.16 13:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- H:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- H:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- H:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.07.07 03:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- H:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- H:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.01.22 19:35:52 | 000,103,808 | ---- | M] () -- H:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2006.11.03 10:56:28 | 000,920,576 | ---- | M] (Microsoft Corporation) -- H:\Programme\Windows Media Player\wmpnetwk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- H:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- H:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.05.10 22:21:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- H:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- H:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- H:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- H:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- H:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.09.13 03:00:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- H:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.01.22 19:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- H:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2006.11.03 10:56:28 | 000,920,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\Users\Kim\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.05.15 19:46:05 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- H:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.05.15 16:15:56 | 000,049,528 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- H:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2012.05.15 16:06:04 | 000,050,040 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- H:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2012.05.15 16:06:03 | 000,090,744 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- H:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2012.05.15 16:06:02 | 000,041,848 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- H:\Windows\System32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2012.05.15 16:06:00 | 000,054,648 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- H:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- H:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- H:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- H:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.11.22 21:59:13 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- H:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010.10.22 08:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- H:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.23 04:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- H:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010.04.29 06:58:18 | 000,026,112 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- H:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- H:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.01.21 02:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- H:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010.01.21 02:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- H:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010.01.21 02:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- H:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- H:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.12.07 19:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- H:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.11.21 15:32:19 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- H:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.11.21 15:32:17 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- H:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- H:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- H:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.10.07 09:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- H:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Communicate Deluxe(UVC)
DRV - [2009.10.07 09:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- H:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.10.07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- H:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- H:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- H:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2133463132-3504074589-1982563124-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2133463132-3504074589-1982563124-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2133463132-3504074589-1982563124-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 D0 F6 45 5B E3 CC 01  [binary data]
IE - HKU\S-1-5-21-2133463132-3504074589-1982563124-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2133463132-3504074589-1982563124-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2133463132-3504074589-1982563124-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&mntrId=0000000000000000000000e04d90463e
IE - HKU\S-1-5-21-2133463132-3504074589-1982563124-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
IE - HKU\S-1-5-21-2133463132-3504074589-1982563124-1001\..\SearchScopes\{BD533A92-0047-4F5B-923B-BA254078338C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-2133463132-3504074589-1982563124-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..network.proxy.http: "190.144.13.66"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: H:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: H:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: H:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: H:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: H:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: h:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: H:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: H:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: H:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: H:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: H:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: H:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: H:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: H:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: H:\Users\Kim\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: H:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.10 14:11:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: H:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.04.12 16:13:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: H:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.05.15 20:16:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.05.15 20:16:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.05.15 20:16:42 | 000,000,000 | ---D | M]
 
[2009.11.20 23:36:32 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Kim\AppData\Roaming\mozilla\Extensions
[2012.05.16 21:13:01 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\z8qnyrk8.default\extensions
[2012.02.23 00:06:35 | 000,000,000 | ---D | M] (Default Manager) -- H:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\z8qnyrk8.default\extensions\DefaultManager@Microsoft
[2012.03.16 08:28:53 | 000,000,000 | ---D | M] (Ghostery) -- H:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\z8qnyrk8.default\extensions\firefox@ghostery.com
[2011.11.08 19:00:50 | 000,000,933 | ---- | M] () -- H:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\z8qnyrk8.default\searchplugins\11-suche.xml
[2011.11.08 19:00:51 | 000,002,419 | ---- | M] () -- H:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\z8qnyrk8.default\searchplugins\englische-ergebnisse.xml
[2011.11.08 19:00:50 | 000,010,525 | ---- | M] () -- H:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\z8qnyrk8.default\searchplugins\gmx-suche.xml
[2011.11.08 19:00:50 | 000,002,457 | ---- | M] () -- H:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\z8qnyrk8.default\searchplugins\lastminute.xml
[2011.11.08 19:00:50 | 000,005,508 | ---- | M] () -- H:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\z8qnyrk8.default\searchplugins\webde-suche.xml
[2012.05.15 15:08:14 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions
[2012.04.15 09:17:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- H:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.12 16:13:26 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- H:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012.01.06 18:42:17 | 000,634,964 | ---- | M] () (No name found) -- H:\USERS\KIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8QNYRK8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.04 17:44:19 | 000,006,850 | ---- | M] () (No name found) -- H:\USERS\KIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8QNYRK8.DEFAULT\EXTENSIONS\JL@LEIMBACH-IT.DE.XPI
[2012.05.10 22:21:11 | 000,181,880 | ---- | M] () (No name found) -- H:\USERS\KIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8QNYRK8.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.04.19 11:08:26 | 000,576,958 | ---- | M] () (No name found) -- H:\USERS\KIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8QNYRK8.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- H:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = H:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = H:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = H:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = H:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = H:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = H:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = H:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = H:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = H:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = H:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = H:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = H:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = H:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = H:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = H:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = H:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = H:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = H:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = H:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = H:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = H:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = H:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = H:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = H:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = H:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = H:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = H:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = H:\Windows\system32\npDeployJava1.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = H:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Plugin (Enabled) = H:\Users\Kim\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = H:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = h:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = H:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = H:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = H:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012.05.16 21:55:18 | 000,000,027 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - H:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [B2C_AGENT] H:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [CanonMyPrinter] H:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] H:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] H:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [TkBellExe] H:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2133463132-3504074589-1982563124-1001..\Run: [Spotify] H:\Users\Kim\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2133463132-3504074589-1982563124-1001..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: WizmaxBackup_NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2133463132-3504074589-1982563124-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2133463132-3504074589-1982563124-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: WizmaxBackup_NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-2133463132-3504074589-1982563124-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-2133463132-3504074589-1982563124-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://H:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14ED8FDB-1A29-4EF7-98F7-579FCD1ADA4D}: NameServer = 212.23.115.148 212.23.97.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B85B4A-5399-4815-8722-3E180644F2E5}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{697A8CBB-599D-4462-A392-754B18E307B5}: NameServer = 212.23.115.148 212.23.97.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA1392CB-05F0-44A0-9DC1-F7B817291529}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E898F43E-F623-410F-90D3-5D6EBCBE3DF7}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF44B8B0-61D3-4614-B5CF-95B8CFA6D121}: NameServer = 212.23.115.148 212.23.97.3
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - H:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\Windows\system32\userinit.exe) - H:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - (H:\Windows\system32\klogon.dll) - H:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - H:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - H:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: H:^Users^Kim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - H:\Users\Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpFolder: H:^Users^Kim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk -  - File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - H:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - H:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig - StartUpReg: PDFPrint - hkey= - key= - H:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - H:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - H:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - H:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - H:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - H:\Windows\system32\Rundll32.exe H:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - H:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "H:\Windows\System32\rundll32.exe" "H:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3filter - H:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - H:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - H:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: MSVideo - H:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - H:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - H:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - H:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - H:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.VP60 - H:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - H:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - H:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - H:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.19 13:09:06 | 000,595,456 | ---- | C] (OldTimer Tools) -- H:\Users\Kim\Desktop\OTL.exe
[2012.05.18 12:45:31 | 000,000,000 | ---D | C] -- H:\Program Files\ESET
[2012.05.18 12:44:57 | 002,322,184 | ---- | C] (ESET) -- H:\Users\Kim\Desktop\esetsmartinstaller_enu.exe
[2012.05.18 08:30:54 | 000,000,000 | ---D | C] -- H:\Users\Kim\AppData\Roaming\Malwarebytes
[2012.05.18 08:30:47 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.18 08:30:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- H:\Windows\System32\drivers\mbam.sys
[2012.05.18 08:29:49 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- H:\Users\Kim\Desktop\mbam-setup-1.61.0.1400.exe
[2012.05.17 09:00:15 | 000,607,260 | R--- | C] (Swearware) -- H:\Users\Kim\Desktop\dds.com
[2012.05.16 21:59:16 | 000,000,000 | -HSD | C] -- H:\$RECYCLE.BIN
[2012.05.16 21:53:45 | 000,000,000 | ---D | C] -- H:\Users\Kim\AppData\Local\temp
[2012.05.16 21:42:36 | 000,000,000 | ---D | C] -- H:\ComboFix
[2012.05.16 20:46:34 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.05.16 20:46:31 | 000,000,000 | ---D | C] -- H:\ProgramData\Spybot - Search & Destroy
[2012.05.16 20:46:31 | 000,000,000 | ---D | C] -- H:\Program Files\Spybot - Search & Destroy
[2012.05.15 19:47:59 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012.05.15 19:46:45 | 000,000,000 | ---D | C] -- H:\ProgramData\Kaspersky Lab
[2012.05.15 19:46:45 | 000,000,000 | ---D | C] -- H:\Program Files\Kaspersky Lab
[2012.05.15 19:46:05 | 000,570,160 | ---- | C] (Kaspersky Lab) -- H:\Windows\System32\drivers\klif.sys
[2012.05.15 16:35:35 | 000,518,144 | ---- | C] (SteelWerX) -- H:\Windows\SWREG.exe
[2012.05.15 16:35:35 | 000,406,528 | ---- | C] (SteelWerX) -- H:\Windows\SWSC.exe
[2012.05.15 16:35:35 | 000,060,416 | ---- | C] (NirSoft) -- H:\Windows\NIRCMD.exe
[2012.05.15 16:35:29 | 000,000,000 | ---D | C] -- H:\Windows\ERDNT
[2012.05.15 16:35:25 | 000,000,000 | ---D | C] -- H:\Qoobox
[2012.05.15 16:34:44 | 004,495,010 | R--- | C] (Swearware) -- H:\Users\Kim\Desktop\ComboFix.exe
[2012.05.15 16:15:56 | 000,049,528 | ---- | C] (G Data Software AG) -- H:\Windows\System32\drivers\PktIcpt.sys
[2012.05.15 16:06:04 | 000,050,040 | ---- | C] (G Data Software AG) -- H:\Windows\System32\drivers\HookCentre.sys
[2012.05.15 16:06:03 | 000,090,744 | ---- | C] (G Data Software AG) -- H:\Windows\System32\drivers\MiniIcpt.sys
[2012.05.15 16:06:02 | 000,041,848 | ---- | C] (G Data Software AG) -- H:\Windows\System32\drivers\GDBehave.sys
[2012.05.15 16:06:00 | 000,054,648 | ---- | C] (G Data Software AG) -- H:\Windows\System32\drivers\gdwfpcd32.sys
[2012.05.15 16:05:23 | 000,000,000 | ---D | C] -- H:\ProgramData\G DATA
[2012.05.15 16:05:23 | 000,000,000 | ---D | C] -- H:\Program Files\G Data
[2012.05.15 16:05:23 | 000,000,000 | ---D | C] -- H:\Program Files\Common Files\G Data
[2012.05.15 16:04:33 | 000,000,000 | ---D | C] -- H:\Users\Kim\AppData\Local\Downloaded Installations
[2012.05.15 15:48:54 | 370,866,960 | ---- | C] (G Data Software AG) -- H:\Users\Kim\Desktop\GER_R_FUL_2013_IS.exe
[2012.05.15 15:08:19 | 000,000,000 | ---D | C] -- H:\Program Files\Mozilla Maintenance Service
[2012.05.06 00:21:54 | 000,000,000 | ---D | C] -- H:\Users\Kim\Documents\15 Days Savegames
[2012.05.06 00:21:49 | 000,000,000 | ---D | C] -- H:\Program Files\ProtectDisc Driver Installer
[2012.05.06 00:21:45 | 000,000,000 | ---D | C] -- H:\Users\Kim\AppData\Roaming\ProtectDisc
[2012.05.06 00:16:40 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\15 Days
[2012.05.06 00:12:29 | 000,000,000 | ---D | C] -- H:\Program Files\15 Days
[2012.05.02 13:56:32 | 000,000,000 | ---D | C] -- H:\ProgramData\Mozilla
[2012.04.24 14:20:41 | 000,000,000 | ---D | C] -- H:\ProgramData\AVAST Software
[2012.04.24 14:20:41 | 000,000,000 | ---D | C] -- H:\Program Files\AVAST Software
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.20 00:21:01 | 000,001,098 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.20 00:04:00 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.19 13:09:12 | 000,595,456 | ---- | M] (OldTimer Tools) -- H:\Users\Kim\Desktop\OTL.exe
[2012.05.19 08:09:51 | 000,013,440 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.19 08:09:51 | 000,013,440 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.19 08:08:20 | 000,653,928 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2012.05.19 08:08:20 | 000,615,810 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2012.05.19 08:08:20 | 000,129,800 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2012.05.19 08:08:20 | 000,106,190 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2012.05.19 08:03:09 | 000,001,094 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.19 08:02:41 | 000,000,000 | ---- | M] () -- H:\Windows\System32\drivers\lvuvc.hs
[2012.05.19 08:02:39 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2012.05.19 08:02:32 | 1609,474,048 | -HS- | M] () -- H:\hiberfil.sys
[2012.05.18 12:45:08 | 002,322,184 | ---- | M] (ESET) -- H:\Users\Kim\Desktop\esetsmartinstaller_enu.exe
[2012.05.18 08:30:47 | 000,001,071 | ---- | M] () -- H:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.18 08:29:52 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- H:\Users\Kim\Desktop\mbam-setup-1.61.0.1400.exe
[2012.05.17 09:00:19 | 000,607,260 | R--- | M] (Swearware) -- H:\Users\Kim\Desktop\dds.com
[2012.05.17 08:57:05 | 000,000,020 | ---- | M] () -- H:\Users\Kim\defogger_reenable
[2012.05.17 08:55:24 | 000,050,477 | ---- | M] () -- H:\Users\Kim\Desktop\Defogger.exe
[2012.05.17 08:44:35 | 000,302,592 | ---- | M] () -- H:\Users\Kim\Desktop\ruptkvow.exe
[2012.05.16 21:55:18 | 000,000,027 | ---- | M] () -- H:\Windows\System32\drivers\etc\hosts
[2012.05.16 21:42:14 | 004,495,010 | R--- | M] (Swearware) -- H:\Users\Kim\Desktop\ComboFix.exe
[2012.05.16 21:11:43 | 000,006,904 | ---- | M] () -- H:\Users\Kim\Documents\cc_20120516_211140.reg
[2012.05.16 20:46:34 | 000,001,220 | ---- | M] () -- H:\Users\Kim\Desktop\Spybot - Search & Destroy.lnk
[2012.05.15 19:49:45 | 000,017,408 | ---- | M] () -- H:\Users\Kim\AppData\Local\WebpageIcons.db
[2012.05.15 19:48:05 | 000,115,369 | ---- | M] () -- H:\Windows\System32\drivers\klin.dat
[2012.05.15 19:48:05 | 000,097,961 | ---- | M] () -- H:\Windows\System32\drivers\klick.dat
[2012.05.15 19:46:05 | 000,570,160 | ---- | M] (Kaspersky Lab) -- H:\Windows\System32\drivers\klif.sys
[2012.05.15 17:22:44 | 000,010,348 | ---- | M] () -- H:\Users\Kim\Documents\cc_20120515_172240.reg
[2012.05.15 16:24:49 | 000,000,226 | ---- | M] () -- H:\user.js
[2012.05.15 16:15:56 | 000,049,528 | ---- | M] (G Data Software AG) -- H:\Windows\System32\drivers\PktIcpt.sys
[2012.05.15 16:06:04 | 000,050,040 | ---- | M] (G Data Software AG) -- H:\Windows\System32\drivers\HookCentre.sys
[2012.05.15 16:06:03 | 000,090,744 | ---- | M] (G Data Software AG) -- H:\Windows\System32\drivers\MiniIcpt.sys
[2012.05.15 16:06:02 | 000,041,848 | ---- | M] (G Data Software AG) -- H:\Windows\System32\drivers\GDBehave.sys
[2012.05.15 16:06:00 | 000,054,648 | ---- | M] (G Data Software AG) -- H:\Windows\System32\drivers\gdwfpcd32.sys
[2012.05.15 15:59:02 | 367,859,712 | ---- | M] () -- H:\Users\Kim\Desktop\GER_R_FUL_2013_BootCD.iso
[2012.05.15 15:54:23 | 000,088,042 | ---- | M] () -- H:\Users\Kim\Documents\cc_20120515_155413.reg
[2012.05.15 15:52:36 | 370,866,960 | ---- | M] (G Data Software AG) -- H:\Users\Kim\Desktop\GER_R_FUL_2013_IS.exe
[2012.05.15 15:26:07 | 000,002,577 | ---- | M] () -- H:\Windows\System32\config.nt
[2012.05.15 15:08:27 | 000,001,088 | ---- | M] () -- H:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.10 08:37:18 | 000,300,904 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2012.05.06 20:16:52 | 000,004,096 | ---- | M] () -- H:\Users\Public\Documents\00001101.LCS
[2012.05.06 00:16:43 | 000,000,962 | ---- | M] () -- H:\Users\Public\Desktop\15 Days starten.lnk
 
========== Files Created - No Company Name ==========
 
[2012.05.18 08:30:47 | 000,001,071 | ---- | C] () -- H:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.17 08:56:51 | 000,000,020 | ---- | C] () -- H:\Users\Kim\defogger_reenable
[2012.05.17 08:55:23 | 000,050,477 | ---- | C] () -- H:\Users\Kim\Desktop\Defogger.exe
[2012.05.17 08:44:32 | 000,302,592 | ---- | C] () -- H:\Users\Kim\Desktop\ruptkvow.exe
[2012.05.16 21:11:41 | 000,006,904 | ---- | C] () -- H:\Users\Kim\Documents\cc_20120516_211140.reg
[2012.05.16 20:46:34 | 000,001,220 | ---- | C] () -- H:\Users\Kim\Desktop\Spybot - Search & Destroy.lnk
[2012.05.15 19:49:43 | 000,017,408 | ---- | C] () -- H:\Users\Kim\AppData\Local\WebpageIcons.db
[2012.05.15 19:48:05 | 000,115,369 | ---- | C] () -- H:\Windows\System32\drivers\klin.dat
[2012.05.15 19:48:05 | 000,097,961 | ---- | C] () -- H:\Windows\System32\drivers\klick.dat
[2012.05.15 17:22:42 | 000,010,348 | ---- | C] () -- H:\Users\Kim\Documents\cc_20120515_172240.reg
[2012.05.15 16:35:35 | 000,256,000 | ---- | C] () -- H:\Windows\PEV.exe
[2012.05.15 16:35:35 | 000,208,896 | ---- | C] () -- H:\Windows\MBR.exe
[2012.05.15 16:35:35 | 000,098,816 | ---- | C] () -- H:\Windows\sed.exe
[2012.05.15 16:35:35 | 000,080,412 | ---- | C] () -- H:\Windows\grep.exe
[2012.05.15 16:35:35 | 000,068,096 | ---- | C] () -- H:\Windows\zip.exe
[2012.05.15 16:24:49 | 000,000,226 | ---- | C] () -- H:\user.js
[2012.05.15 15:55:24 | 367,859,712 | ---- | C] () -- H:\Users\Kim\Desktop\GER_R_FUL_2013_BootCD.iso
[2012.05.15 15:54:18 | 000,088,042 | ---- | C] () -- H:\Users\Kim\Documents\cc_20120515_155413.reg
[2012.05.15 15:08:27 | 000,001,100 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.05.15 15:08:27 | 000,001,088 | ---- | C] () -- H:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.06 00:21:45 | 000,004,096 | ---- | C] () -- H:\Users\Public\Documents\00001101.LCS
[2012.05.06 00:16:43 | 000,000,962 | ---- | C] () -- H:\Users\Public\Desktop\15 Days starten.lnk
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- H:\Windows\System32\drivers\klopp.dat
[2011.02.21 08:45:05 | 000,053,248 | ---- | C] () -- H:\Windows\System32\CommonDL.dll
[2011.02.21 08:45:05 | 000,002,413 | ---- | C] () -- H:\Windows\System32\lgAxconfig.ini
[2010.12.17 08:19:52 | 000,000,572 | ---- | C] () -- H:\Users\Kim\AppData\Roaming\com.zoosk.Desktop_state.xml
 
========== LOP Check ==========
 
[2010.06.02 14:59:19 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Amazon
[2010.11.22 22:35:21 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Astroburn Lite
[2012.04.02 19:14:02 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Canon
[2010.09.30 23:59:25 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.08.22 20:51:14 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\CupidChat
[2010.11.22 22:06:21 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\DAEMON Tools Lite
[2011.07.30 09:26:36 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Dropbox
[2011.09.02 08:16:41 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\DVDVideoSoft
[2011.04.30 08:11:12 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.10 16:47:27 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\EurekaLog
[2010.06.21 20:26:23 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Facebook
[2011.09.02 08:18:58 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Jens Lorek
[2009.11.20 21:52:04 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Leadertech
[2012.01.09 18:01:34 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\LG Electronics
[2012.05.06 00:21:45 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\ProtectDisc
[2012.05.19 08:06:29 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Spotify
[2012.05.10 08:37:06 | 000,032,632 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.10 13:42:21 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Adobe
[2010.06.02 14:59:19 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Amazon
[2010.11.22 22:35:21 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Astroburn Lite
[2012.04.02 19:14:02 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Canon
[2010.09.30 23:59:25 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.08.22 20:51:14 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\CupidChat
[2010.11.22 22:06:21 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\DAEMON Tools Lite
[2010.06.21 11:07:17 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\DivX
[2011.07.30 09:26:36 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Dropbox
[2011.09.02 08:16:41 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\DVDVideoSoft
[2011.04.30 08:11:12 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.10 16:47:27 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\EurekaLog
[2010.06.21 20:26:23 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Facebook
[2009.11.20 21:29:44 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Identities
[2011.09.02 08:18:58 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Jens Lorek
[2009.11.20 21:52:04 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Leadertech
[2012.01.09 18:01:34 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\LG Electronics
[2009.11.20 23:14:57 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Macromedia
[2012.05.18 08:30:54 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Media Center Programs
[2011.10.28 16:12:21 | 000,000,000 | --SD | M] -- H:\Users\Kim\AppData\Roaming\Microsoft
[2009.11.20 23:36:32 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Mozilla
[2012.05.06 00:21:45 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\ProtectDisc
[2012.04.12 16:15:57 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Real
[2012.04.12 16:15:59 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\RealNetworks
[2012.04.22 19:31:32 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Skype
[2011.08.07 08:03:56 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\skypePM
[2012.05.19 08:06:29 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\Spotify
[2009.11.28 17:32:15 | 000,000,000 | ---D | M] -- H:\Users\Kim\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.05.25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- H:\Users\Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.05.25 22:07:42 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- H:\Users\Kim\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010.06.21 20:26:23 | 000,050,354 | ---- | M] (Facebook, Inc.) -- H:\Users\Kim\AppData\Roaming\Facebook\uninstall.exe
[2010.11.07 09:59:36 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- H:\Users\Kim\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.06.29 19:51:07 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- H:\Users\Kim\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
[2011.09.02 08:18:47 | 000,034,494 | R--- | M] () -- H:\Users\Kim\AppData\Roaming\Microsoft\Installer\{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}\_6FEFF9B68218417F98F549.exe
[2012.04.08 14:33:07 | 000,010,134 | R--- | M] () -- H:\Users\Kim\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_7F7458BFD582C00FF78826.exe
[2012.04.08 14:33:07 | 000,034,494 | R--- | M] () -- H:\Users\Kim\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_853F67D554F05449430E7E.exe
[2012.04.08 14:33:07 | 000,355,574 | R--- | M] () -- H:\Users\Kim\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_E460DD8AE65E9AE8A7F8F8.exe
[2012.04.08 14:33:07 | 000,355,574 | R--- | M] () -- H:\Users\Kim\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_EF47F7F6FC8D853BE6A60C.exe
[2012.04.08 14:33:07 | 000,080,992 | R--- | M] () -- H:\Users\Kim\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_FEB897155D11C908CCA7A9.exe
[2008.12.02 08:40:14 | 000,028,672 | R--- | M] () -- H:\Users\Kim\AppData\Roaming\Microsoft\Windows\Templates\I\UnInstallMSI.exe
[2008.12.01 13:29:00 | 000,014,336 | R--- | M] () -- H:\Users\Kim\AppData\Roaming\Microsoft\Windows\Templates\I\UnInstallMSI32.exe
[2008.12.01 13:29:00 | 000,016,896 | R--- | M] () -- H:\Users\Kim\AppData\Roaming\Microsoft\Windows\Templates\I\UnInstallMSI64.exe
[2008.11.26 06:57:44 | 000,737,280 | R--- | M] () -- H:\Users\Kim\AppData\Roaming\Microsoft\Windows\Templates\I\USBAutoRun.exe
[2008.11.26 13:59:32 | 006,450,574 | R--- | M] (Macrovision Corporation) -- H:\Users\Kim\AppData\Roaming\Microsoft\Windows\Templates\I\tools\LGInternetKit_V3.0.0.24_Setup.exe
[2008.12.02 08:40:14 | 000,028,672 | R--- | M] () -- H:\Users\Kim\AppData\Roaming\Microsoft\Windows\Templates\K\UnInstallMSI.exe
[2008.12.01 13:29:00 | 000,014,336 | R--- | M] () -- H:\Users\Kim\AppData\Roaming\Microsoft\Windows\Templates\K\UnInstallMSI32.exe
[2008.12.01 13:29:00 | 000,016,896 | R--- | M] () -- H:\Users\Kim\AppData\Roaming\Microsoft\Windows\Templates\K\UnInstallMSI64.exe
[2008.11.26 06:57:44 | 000,737,280 | R--- | M] () -- H:\Users\Kim\AppData\Roaming\Microsoft\Windows\Templates\K\USBAutoRun.exe
[2008.11.26 13:59:32 | 006,450,574 | R--- | M] (Macrovision Corporation) -- H:\Users\Kim\AppData\Roaming\Microsoft\Windows\Templates\K\tools\LGInternetKit_V3.0.0.24_Setup.exe
[2012.04.18 21:11:25 | 004,011,184 | ---- | M] (Spotify Ltd) -- H:\Users\Kim\AppData\Roaming\Spotify\spotify.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- H:\Windows.old\Windows\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.12.03 22:27:07 | 023,898,261 | ---- | M] () .cab file -- H:\Windows.old\Windows\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.12.03 22:27:07 | 023,898,261 | ---- | M] () .cab file -- H:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\Windows.old\Windows\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\Windows.old\Windows\system32\dllcache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\Windows.old\Windows\system32\drivers\agp440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- H:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- H:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- H:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- H:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- H:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- H:\Windows.old\Windows\Driver Cache\i386\sp2.cab:atapi.sys
[2008.12.03 22:27:07 | 023,898,261 | ---- | M] () .cab file -- H:\Windows.old\Windows\Driver Cache\i386\sp3.cab:atapi.sys
[2008.12.03 22:27:07 | 023,898,261 | ---- | M] () .cab file -- H:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- H:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- H:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- H:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- H:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- H:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\Windows.old\Windows\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\Windows.old\Windows\system32\dllcache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\Windows.old\Windows\system32\drivers\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- H:\Windows.old\Windows\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- H:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- H:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- H:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- H:\Windows.old\Windows\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- H:\Windows.old\Windows\system32\dllcache\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- H:\Windows.old\Windows\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- H:\Windows.old\Windows\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- H:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- H:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- H:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- H:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- H:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- H:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- H:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- H:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- H:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- H:\Windows.old\Windows\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- H:\Windows.old\Windows\system32\dllcache\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- H:\Windows.old\Windows\system32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- H:\Windows\ERDNT\cache\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- H:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- H:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- H:\Windows.old\Windows\$NtServicePackUninstall$\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- H:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- H:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- H:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- H:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- H:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- H:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- H:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- H:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- H:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- H:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- H:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- H:\Windows.old\Windows\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- H:\Windows.old\Windows\system32\dllcache\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- H:\Windows.old\Windows\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- H:\Windows.old\Windows\$NtServicePackUninstall$\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- H:\Windows\ERDNT\cache\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- H:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- H:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- H:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- H:\Windows.old\Windows\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- H:\Windows.old\Windows\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- H:\Windows.old\Windows\system32\dllcache\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- H:\Windows.old\Windows\system32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- H:\Windows\ERDNT\cache\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- H:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- H:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- H:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- H:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- H:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- H:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\Windows.old\Windows\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\Windows.old\Windows\system32\dllcache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\Windows.old\Windows\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- H:\Windows.old\Windows\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- H:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- H:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- H:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- H:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- H:\Windows.old\Windows\$NtServicePackUninstall$\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- H:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- H:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- H:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- H:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- H:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- H:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\Windows.old\Windows\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\Windows.old\Windows\system32\dllcache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\Windows.old\Windows\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- H:\Windows.old\Windows\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- H:\Windows.old\Windows\system32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- H:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- H:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- H:\Windows\system32\drivers\kl1.sys
[2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- H:\Windows\system32\drivers\kl2.sys
[2012.05.15 19:46:05 | 000,570,160 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- H:\Windows\system32\drivers\klif.sys
[2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- H:\Windows\system32\drivers\klim6.sys
[2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- H:\Windows\system32\drivers\klmouflt.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.04.24 23:13:10 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- H:\Windows\system32\klogon.dll
 
<           >

< End of report >
         
--- --- ---

Alt 20.05.2012, 20:30   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC hängt sich ständig auf bzw. startet neu - Standard

PC hängt sich ständig auf bzw. startet neu



Zitat:
DRV - [2012.05.15 16:06:00 | 000,054,648 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- H:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- H:\Windows\System32\drivers\klim6.sys -- (KLIM6)
Willst du dein System in die Knie zwingen? Zwei solcher Virenscanner installiert man niemals parallel! Deinstalliere einen der beiden!

Max. Malwarebytes kann man zu einem installierten Virenscanner benutzen.
(die anderen Scanner die ich hier in der Bereinigung/Analyse verwende kommen den anderen auch nichts ins Gehege)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.05.2012, 20:41   #9
Mia2501
 
PC hängt sich ständig auf bzw. startet neu - Standard

PC hängt sich ständig auf bzw. startet neu



Das Problem dabei ist, GData habe ich vor Kaspersky installiert. Bzw. ich habe versucht es zu installieren, dabei ist der PC dann wieder abgestürzt. Danach habe ich wieder neu gestartet und GData lag auch mit Verknüpfung auf dem Desktop, es kam aber immer die Fehlermeldung, nicht alle Komponenten seien installiert worden. Also habe ich versucht es zu deinstallieren um danach eine korrekte Installation zu machen. Aber unter der Systemsteuerung war GData nicht aufgeführt. Auch über CCleaner konnte ich das Programm nicht deinstallieren, auch dort war es nicht aufgeführt. Also dachte ich, es läuft gar nicht und habe Kaspersky installiert.
Wie bekomme ich GData denn deinstalliert, wenn ich es nirgendwo finde?

Alt 20.05.2012, 20:52   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC hängt sich ständig auf bzw. startet neu - Standard

PC hängt sich ständig auf bzw. startet neu



Versuch hiermit die GDATA Einträge zu entfernen => http://www.chip.de/downloads/G-Data-..._49861263.html
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.05.2012, 21:20   #11
Mia2501
 
PC hängt sich ständig auf bzw. startet neu - Standard

PC hängt sich ständig auf bzw. startet neu



Ich habe es jetzt umgekehrt gemacht und Kaspersky deinstalliert. War ja nur die Testversion. GData habe ich als Vollversion gekauft, da macht es ja mehr Sinn das zu behalten. Habe es jetzt einfach nochmal installiert und bis jetzt funktioniert alles. Allerdings ist der PC sowieso seit zwei Tagen nicht mehr hängen geblieben...wo liegt denn jetzt das eigentliche Problem?
Was ist mit den Funden von eset? Sollten die nicht entfernt werden?

Alt 21.05.2012, 08:10   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC hängt sich ständig auf bzw. startet neu - Standard

PC hängt sich ständig auf bzw. startet neu



Soweit waren wir noch garnicht. Ich hätte weiter mit OTL gemacht wären mir da nicht die zwei Virenscanner aufgefallen

Mach bitte wieder wie o.g. ein neues OTL-Log
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu PC hängt sich ständig auf bzw. startet neu
acrobat update, adobe, antivirus se, avast, avp, avp.exe, combofix, computer, defender, desktop, explorer, firefox, flash player, google, home, hängt, internet, kaspersky, locker, logfile, mozilla, ntdll.dll, nvidia, office 2007, problem, prozesse, security, system, temp, updates, usbport.sys, windows, windows 7 home



Ähnliche Themen: PC hängt sich ständig auf bzw. startet neu


  1. Windows7 64Bit: Computer startet nicht mehr, hängt sich bei "Windows wird gestartet" auf und startet neu.
    Log-Analyse und Auswertung - 17.08.2014 (3)
  2. Firefox hängt sich ständig auf
    Log-Analyse und Auswertung - 26.07.2013 (1)
  3. System hängt sich ständig auf
    Alles rund um Windows - 25.05.2013 (8)
  4. Computer startet ständig von selbst neu bzw. hängt
    Plagegeister aller Art und deren Bekämpfung - 25.04.2013 (10)
  5. PC hängt sich ständig auf
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (25)
  6. PC hängt sich ständig auf...Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 20.09.2010 (7)
  7. Rechner hängt sich ständig auf.....
    Log-Analyse und Auswertung - 20.08.2010 (6)
  8. Laptop hängt sich ständig auf...
    Alles rund um Windows - 10.08.2010 (7)
  9. PC hängt sich ständig auf
    Log-Analyse und Auswertung - 02.07.2010 (9)
  10. PC hängt sich ständig auf, bzw. Monitor schaltet sich an und aus
    Netzwerk und Hardware - 12.04.2010 (4)
  11. PC hängt sich ständig auf
    Log-Analyse und Auswertung - 10.11.2009 (0)
  12. Pc hängt sich ständig auf :-(
    Log-Analyse und Auswertung - 14.10.2009 (11)
  13. PC hängt sich ständig auf bzw. friert ein
    Log-Analyse und Auswertung - 19.05.2009 (0)
  14. Firefox hängt sich ständig auf
    Plagegeister aller Art und deren Bekämpfung - 23.04.2009 (1)
  15. internetseiten bauen sich langsam auf/laptop hängt sich ständig auf
    Plagegeister aller Art und deren Bekämpfung - 14.01.2009 (0)
  16. Firefox hängt sich ständig auf
    Log-Analyse und Auswertung - 19.10.2007 (0)
  17. Explorer hängt sich ständig auf
    Log-Analyse und Auswertung - 13.02.2006 (1)

Zum Thema PC hängt sich ständig auf bzw. startet neu - Hallo, ich hoffe sehr das sich hier jmd findet der mir helfen kann. Falls ich ins falsche Subforum poste, tut mir das leid! Wie schon im Titel geschrieben, ist mein - PC hängt sich ständig auf bzw. startet neu...
Archiv
Du betrachtest: PC hängt sich ständig auf bzw. startet neu auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.