Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.08.2012, 09:06   #1
kicker
 
Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) - Standard

Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)



Hallo zusammen

Gestern drehte mein avast Antivirus durch und meldete mir im gefühlten Sekundentakt blockierte Trojaner und Malware (Win32:Malware-gen und Win32:Troj-gen). Habe daraufhin avast einmal komplett drüberlaufen lassen und Malware Antbytes aktiviert (kp wann oder warum ich das deaktiviert hatte -.- ), mit dem Ergebnis, dass zwei Viren erkannt wurden, welche ich gelöscht habe. Damit hörte das Problem aber nicht auf, im Gegenteil, Malware meldete mir nun auch noch, dass es Zugriffe auf gefährliche Websites blockiere und nachdem ich mich ein bisschen mit google informiert hatte, habe ich mir von Kaspersky den TDSS (?)-Remover runtergeladen. Habe auch das zweimal laufen lassen mit anschließender Löschung von zwei Infektionen und danach gaben Malware und Avast Ruhe. Habe dann gestern Nacht noch einmal mit Malware den ganzen PC komplett gescannt, der noch drei Bedrohungen fand, die ich auch gelöscht habe.
PC zeigte und zeigt keinerlei Anzeichen für einen Befall, läuft sauber und genauso schnell wie immer. Adware öffnet sich auch nicht.

Will aber trotzdem auf Nummer sicher gehen, und nochmal ordentlich "durchputzen", dafür fehlt mir jedoch das nötige Know-How und hoffe, dass mich hier freundlicherweise jemand an die Hand nimmt und mir hilft



OTL logs:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.08.2012 09:27:11 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Paul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,04% Memory free
3,46 Gb Paging File | 2,52 Gb Available in Paging File | 72,74% Paging File free
Paging file location(s): c:\pagefile.sys 3067 12000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,78 Gb Total Space | 1,49 Gb Free Space | 0,67% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,03 Gb Free Space | 60,33% Space Free | Partition Type: NTFS
 
Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.15 09:26:53 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.15 11:41:33 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2012.05.29 16:55:56 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.05.11 15:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.05.11 05:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2006.11.05 13:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006.11.05 12:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.05.11 05:08:40 | 003,076,096 | ---- | M] () -- c:\Programme\Adobe\Reader 8.0\Reader\RdLang32.DEU
MOD - [2007.05.11 04:55:44 | 000,053,248 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Weblink.DEU
MOD - [2007.05.11 04:54:28 | 000,036,864 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Spelling.DEU
MOD - [2007.05.11 04:54:20 | 000,026,112 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SendMail.deu
MOD - [2007.05.11 04:54:02 | 000,053,248 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU
MOD - [2007.05.11 04:53:52 | 000,974,848 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\PPKLITE.DEU
MOD - [2007.05.11 04:53:32 | 000,028,672 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU
MOD - [2007.05.11 04:53:22 | 000,013,312 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU
MOD - [2007.05.11 04:52:58 | 000,159,744 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU
MOD - [2007.05.11 04:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\makeaccessible.DEU
MOD - [2007.05.11 04:52:02 | 000,098,304 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Escript.deu
MOD - [2007.05.11 04:52:02 | 000,006,656 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU
MOD - [2007.05.11 04:51:42 | 000,221,184 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU
MOD - [2007.05.11 04:51:38 | 001,224,704 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU
MOD - [2007.05.11 04:51:24 | 000,192,512 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU
MOD - [2007.05.11 04:50:30 | 000,811,008 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Acroform.DEU
MOD - [2007.05.11 04:50:04 | 000,077,824 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\accessibility.DEU
MOD - [2007.04.04 15:05:56 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.01.13 05:01:28 | 000,475,136 | R--- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\ccme_base.dll
MOD - [2007.01.13 05:01:28 | 000,397,312 | R--- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\cryptocme2.dll
MOD - [2006.11.05 12:58:44 | 000,516,096 | ---- | M] () -- C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006.11.05 12:28:18 | 004,587,520 | R--- | M] () -- C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006.10.23 03:34:44 | 000,005,120 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\updater.DEU
MOD - [2006.10.23 03:33:38 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU
MOD - [2006.10.23 03:33:02 | 000,008,192 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU
MOD - [2006.10.23 03:32:30 | 000,011,264 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\pddom.DEU
MOD - [2006.10.23 03:31:30 | 000,013,312 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Hls.deu
MOD - [2006.10.23 03:30:32 | 000,028,672 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.05.31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Paul\AppData\Local\Temp\pxldapod.sys -- (pxldapod)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\6537.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Paul\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Paul\AppData\Local\Temp\inyafakj.sys -- (inyafakj)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2007.04.29 10:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.04.04 15:05:54 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.10 15:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool)
DRV - [2006.10.10 08:54:34 | 000,138,240 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006.10.10 08:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006.10.10 08:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006.10.10 08:54:32 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (Nokia USB Generic)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3071221
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1456
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.14.1
FF - prefs.js..extensions.enabledItems: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Paul\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.07.09 21:21:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.15 11:46:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.15 11:45:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.15 11:48:21 | 000,000,000 | ---D | M]
 
[2008.11.08 21:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Extensions
[2012.07.27 10:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions
[2011.06.22 22:30:55 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.11.21 09:31:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.26 23:02:36 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.06.02 00:53:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.16 18:10:28 | 000,002,354 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\searchplugins\aol-web-search.xml
[2011.07.27 20:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.12 01:05:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.09 21:21:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012.08.12 01:05:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.15 11:46:38 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012.06.15 11:42:37 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.01.01 16:58:22 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"hxxp://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp;jsessionid=F9C9205408D9F59EAA745678E7F76607.icc_euro?RT=1337443640288" File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Paul\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6493CB48-7F85-46D7-AE1F-8F60556E23B4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FA9BFC4-8DE8-4444-8520-41FCAFD46533}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{22372fc1-9398-11dd-a7c8-001d097750a6}\Shell\AutoRun\command - "" = gjn2pjlw.exe
O33 - MountPoints2\{22372fc1-9398-11dd-a7c8-001d097750a6}\Shell\explore\Command - "" = gjn2pjlw.exe
O33 - MountPoints2\{22372fc1-9398-11dd-a7c8-001d097750a6}\Shell\open\Command - "" = gjn2pjlw.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.15 09:26:50 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2012.08.15 08:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.08.15 08:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012.08.14 23:11:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.08.12 01:05:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.12 01:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.08.04 17:13:53 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Unis Bewerbungen
[2010.03.26 07:48:53 | 005,115,824 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Paul\mbam-setup.exe
[2010.03.26 00:48:02 | 058,172,520 | ---- | C] (Kaspersky Lab) -- C:\Users\Paul\kav9.0.0.459DE.exe
[2010.03.26 00:38:52 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Paul\HJTInstall.exe
[2010.03.26 00:20:04 | 009,823,176 | ---- | C] (Microsoft Corporation) -- C:\Users\Paul\windows-kb890830-v3.5.exe
[2009.10.15 17:11:07 | 021,128,536 | ---- | C] (DivX, Inc.) -- C:\Users\Paul\DivXInstaller72.exe
[2009.08.27 20:20:30 | 001,875,076 | ---- | C] (Password Recovery Magic Studio Ltd.                         ) -- C:\Users\Paul\RAR-Password-Recovery-Magic.exe
[2009.07.01 14:39:57 | 077,690,152 | ---- | C] (Apple Inc.) -- C:\Users\Paul\iTunesSetup.exe
[2007.12.29 19:21:46 | 044,575,761 | ---- | C] (Phenomedia AG                                               ) -- C:\Program Files\Setup_Moorhuhn_Kart_XL.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.15 09:26:53 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2012.08.15 09:26:16 | 000,000,000 | ---- | M] () -- C:\Users\Paul\defogger_reenable
[2012.08.15 09:08:02 | 000,087,360 | ---- | M] () -- C:\Users\Paul\Desktop\gmer.wmv
[2012.08.15 09:08:02 | 000,061,440 | ---- | M] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.15 08:59:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.15 08:59:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.15 08:59:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.15 08:40:58 | 000,278,161 | ---- | M] () -- C:\Users\Paul\Desktop\gmer1015.zip
[2012.08.15 08:30:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.14 22:36:13 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.13 16:02:58 | 000,308,402 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.13 16:02:58 | 000,210,908 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.13 16:02:58 | 000,061,620 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.13 16:02:58 | 000,038,804 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.12 01:04:15 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.08.09 12:55:36 | 000,002,912 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.15 09:26:16 | 000,000,000 | ---- | C] () -- C:\Users\Paul\defogger_reenable
[2012.08.15 09:08:00 | 000,087,360 | ---- | C] () -- C:\Users\Paul\Desktop\gmer.wmv
[2012.08.15 08:40:58 | 000,278,161 | ---- | C] () -- C:\Users\Paul\Desktop\gmer1015.zip
[2012.08.14 22:36:13 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.12 01:04:15 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.01.18 13:50:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.01.18 13:50:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.01.18 13:49:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.01.02 17:41:30 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.01.02 17:41:26 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2011.01.02 17:41:26 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.01.02 17:41:26 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.01.02 17:41:25 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.01.02 17:32:27 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2010.08.25 11:15:06 | 000,221,584 | ---- | C] () -- C:\Users\Paul\controller.pdf
[2010.08.08 18:49:20 | 077,796,050 | ---- | C] () -- C:\Users\Paul\gameskeebrake.zip
[2010.07.11 10:14:25 | 003,364,153 | ---- | C] () -- C:\Users\Paul\Upside_(feat._Michelle_Breeze).mp3
[2010.06.02 01:34:57 | 057,817,611 | ---- | C] () -- C:\Users\Paul\Kano_-_Kano_Mixtape.rar
[2010.06.02 00:28:59 | 068,414,451 | ---- | C] () -- C:\Users\Paul\Kano_-_Beats_And_Bars__2005___www.beatboxradioshow.blogspot.com_.rar
[2010.06.01 23:48:36 | 056,687,361 | ---- | C] () -- C:\Users\Paul\Kano-Beats_&_Bars_(2005).zip
[2010.05.29 17:19:04 | 010,871,495 | ---- | C] () -- C:\Users\Paul\Usher_-_OMG_(Feat._Will.I.Am).mp3
[2010.05.13 12:46:05 | 006,469,101 | ---- | C] () -- C:\Users\Paul\Justin_Timberlake_-_Rock_Your_Body.mp3
[2010.05.13 12:25:33 | 003,966,046 | ---- | C] () -- C:\Users\Paul\three 6 mafia feat. tiesto, sean kingston & flo rida - feel it.mp3.mp3
[2010.05.13 12:17:21 | 007,670,478 | ---- | C] () -- C:\Users\Paul\10__Dizzee_Rascal_-_Holiday_[Ft._Chrome].mp3
[2010.05.08 19:26:30 | 007,946,244 | ---- | C] () -- C:\Users\Paul\Surkin_-_Radio_Fireworks_(Riot_In_Belgium_Second_Remix).mp3
[2010.05.08 18:56:11 | 004,235,328 | ---- | C] () -- C:\Users\Paul\Bob_Marley_Vs._Funkstar_Deluxe_-_Sun_Is_Shining.mp3
[2010.04.04 21:44:24 | 000,017,089 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\UserTile.png
[2010.03.25 23:55:29 | 004,103,298 | ---- | C] () -- C:\Users\Paul\cleanvirusmsn.zip
[2010.03.19 18:00:00 | 008,655,505 | ---- | C] () -- C:\Users\Paul\11 Pursuit Of Happiness.mp3
[2010.03.19 18:00:00 | 008,035,880 | ---- | C] () -- C:\Users\Paul\08 Back Home.mp3
[2010.03.19 18:00:00 | 005,467,521 | ---- | C] () -- C:\Users\Paul\09 Kinda Like A Big Deal (KA Freestyle).mp3
[2010.03.19 18:00:00 | 005,063,145 | ---- | C] () -- C:\Users\Paul\10 Kano In The House (Pon De Floor).mp3
[2010.03.19 17:59:59 | 007,281,464 | ---- | C] () -- C:\Users\Paul\07 Chip Roll, Sausage In Batter.mp3
[2010.03.19 17:59:58 | 009,437,088 | ---- | C] () -- C:\Users\Paul\05 Game Over.mp3
[2010.03.19 17:59:58 | 008,561,464 | ---- | C] () -- C:\Users\Paul\04 Pass Out (KA Freestyle).mp3
[2010.03.19 17:59:58 | 007,593,888 | ---- | C] () -- C:\Users\Paul\03 Track Burglar.mp3
[2010.03.19 17:59:58 | 006,496,745 | ---- | C] () -- C:\Users\Paul\06 Rude Boy.mp3
[2010.03.19 17:59:57 | 008,962,705 | ---- | C] () -- C:\Users\Paul\02 You Are Young.mp3
[2010.03.19 17:59:57 | 000,806,231 | ---- | C] () -- C:\Users\Paul\01 Intro.mp3
[2010.03.19 17:59:05 | 076,615,102 | ---- | C] () -- C:\Users\Paul\Jack Bauer- The 7 Day Edition (www.kanosworld.com).zip
[2010.02.21 14:42:23 | 001,579,618 | ---- | C] () -- C:\Users\Paul\img004.jpg
[2010.01.07 17:45:56 | 000,953,919 | ---- | C] () -- C:\Users\Paul\Apple Store - Deutschland.mht
[2010.01.07 17:45:34 | 000,190,335 | ---- | C] () -- C:\Users\Paul\Sparkasse Krefeld - Ihr persönliches Finanzportal - Ihr Auftrag.mht
[2010.01.06 02:05:19 | 001,901,794 | ---- | C] () -- C:\Users\Paul\02 chase the sun.mp3
[2010.01.06 02:00:58 | 007,686,773 | ---- | C] () -- C:\Users\Paul\Planet_Funk_-_Chase_the_Sun.mp3
[2010.01.05 17:31:36 | 006,513,216 | ---- | C] () -- C:\Users\Paul\Nikkfurie_-_The_A_La_Menthe_Extended.mp3
[2009.12.26 15:43:05 | 007,989,158 | ---- | C] () -- C:\Users\Paul\-_Akon_ft_David_Guetta_-_Sexy_Bitch.mp3
[2009.10.11 10:59:48 | 005,556,136 | ---- | C] () -- C:\Users\Paul\Plane9.exe
[2009.08.28 15:19:31 | 010,351,542 | ---- | C] () -- C:\Users\Paul\Jay-Z_-_Death_of_Autotune.mp3
[2009.08.27 20:14:21 | 003,449,769 | ---- | C] () -- C:\Users\Paul\-_Planet_Funk_-_Chase_The_Sun.rar
[2009.07.02 19:53:14 | 099,423,964 | ---- | C] () -- C:\Users\Paul\34082008.rar
[2009.07.02 16:27:56 | 006,393,388 | ---- | C] () -- C:\Users\Paul\myGamersCam_Setup.zip
[2009.06.05 13:37:36 | 015,350,784 | ---- | C] () -- C:\Users\Paul\AppleMobileDeviceSupport.msi
[2009.06.03 15:09:15 | 000,041,838 | ---- | C] () -- C:\Users\Paul\John_Brown_-_Suburban_Empire_(Hosted_By_Superstar_Jay)-2009-MIXFIEND.torrent
[2009.05.22 19:27:18 | 004,329,056 | ---- | C] () -- C:\Users\Paul\DJ_Size_feat._J._Lourenzo___Big_Steve_-_Sunglasses.mp3
[2009.05.15 16:06:32 | 005,824,446 | ---- | C] () -- C:\Users\Paul\She's Glowing (Remix).mp3
[2009.03.31 19:22:03 | 000,463,360 | ---- | C] () -- C:\Users\Paul\Magischer+Kater+3.pps
[2008.08.12 15:07:44 | 000,022,328 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\PnkBstrK.sys
[2008.01.05 18:30:08 | 000,222,269 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\NMM-MetaData.db
[2007.12.29 19:21:48 | 003,108,049 | ---- | C] () -- C:\Program Files\The Beatles - Come Together.mp3
[2007.12.29 19:21:48 | 000,086,791 | ---- | C] () -- C:\Program Files\575m_rot_front.zip
[2007.12.29 19:21:48 | 000,062,874 | ---- | C] () -- C:\Program Files\575m_blau_dreiviertelfront.zip
[2007.12.29 19:21:48 | 000,062,613 | ---- | C] () -- C:\Program Files\575m_blau_heck.zip
[2007.12.29 19:21:48 | 000,057,566 | ---- | C] () -- C:\Program Files\575m_blau_top.zip
[2007.12.29 19:21:48 | 000,053,648 | ---- | C] () -- C:\Program Files\575m_rot_seite.zip
[2007.12.29 19:21:46 | 005,316,116 | ---- | C] () -- C:\Program Files\Forsaken_Part2.zip
[2007.12.29 19:21:46 | 003,060,864 | ---- | C] () -- C:\Program Files\Infamous.mp3
[2007.12.29 19:21:46 | 002,927,388 | ---- | C] () -- C:\Program Files\Infamous.zip
[2007.12.28 23:01:19 | 000,002,912 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat
[2007.12.28 21:13:39 | 000,000,552 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d8caps.dat
[2007.12.28 20:59:41 | 000,061,440 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.28 20:49:52 | 000,001,356 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2010.01.13 00:52:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Amazon
[2010.06.02 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.22 18:44:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GetRightToGo
[2008.12.31 15:04:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ
[2008.03.20 17:08:28 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ Toolbar
[2008.03.09 15:58:36 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ6
[2008.05.03 17:46:35 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\LimeWire
[2008.03.05 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MAGIX
[2008.03.01 21:08:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nokia
[2007.12.30 16:33:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PC Suite
[2010.12.10 23:14:51 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PCDr
[2010.04.04 21:44:24 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PeerNetworking
[2009.10.11 11:02:13 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Plane9
[2007.12.28 23:19:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Template
[2012.03.15 01:01:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\TP
[2012.08.15 08:30:12 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\My Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\Battlefield 2 Demo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Paul\Desktop\Installationsdateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Nokia:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Netscape:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Codemasters:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\City Interactive:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Activision:Roxio EMC Stream
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
         
--- --- ---



Extras:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.08.2012 09:27:12 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Paul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,04% Memory free
3,46 Gb Paging File | 2,52 Gb Available in Paging File | 72,74% Paging File free
Paging file location(s): c:\pagefile.sys 3067 12000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,78 Gb Total Space | 1,49 Gb Free Space | 0,67% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,03 Gb Free Space | 60,33% Space Free | Partition Type: NTFS
 
Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02091327-B124-4216-9D71-58C0E24F5392}" = Nokia PC Suite
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DE20748-45A5-6CD9-610E-F881A34E7342}" = Catalyst Control Center Localization Arabic
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{150C58DD-54ED-4697-AAA5-16F037C9F7EF}" = Kane and Lynch Dead Men Demo
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{15CC10AB-4266-210D-E2D2-03089C25A028}" = CCC Help English
"{1603C7DC-358B-97AF-B451-B2DDAC734117}" = Catalyst Control Center Localization French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{214030BC-490D-57D4-2547-D0D4ECC851A5}" = Catalyst Control Center Localization Japanese
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25F28E36-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne Demo
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B98E4C3-AABC-9594-3219-A6EB60006C2C}" = Catalyst Control Center Graphics Full Existing
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2C698DB8-0D99-5A27-DA3D-A3414FC5DBA7}" = Catalyst Control Center Graphics Light
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31DBBB49-CAC2-984A-64CA-A88102056E10}" = CCC Help German
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.2.1
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3BFFC6B8-4EC0-4240-858C-998FD4077983}" = Nokia Connectivity Cable Driver
"{3D26D137-EA12-4D31-8326-226EA0A819A9}" = Moorhuhn Kart XL
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{412FECA2-836F-3DF6-A302-924CEC5B4DE2}" = CCC Help Spanish
"{46ACAEB5-365A-74BB-D405-980EA4FE3545}" = CCC Help Japanese
"{4AAB7E8F-1C71-E364-458F-5A6797670157}" = Catalyst Control Center Graphics Full New
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{501BB464-E875-4E1E-9CF4-8C445DDAE01E}" = Tom Clancy's Splinter Cell Double Agent Demo
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65E6362A-B878-4A7B-86DA-D16F8DBD75C7}" = ccc-core-static
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69EA6470-D4D3-49A3-89C8-0530C416ADB9}" = Need For Speed Hot Pursuit 2 Demo
"{6DD45BD7-DB28-E59F-8239-CF6816AE1FA4}" = Skins
"{70D52D20-82A5-43CC-85C1-C994FA2EC591}" = Tom Clancy's Rainbow Six: Lockdown Demo
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C8DECD-5948-F3DB-6B38-B7AF881647A6}" = ATI Catalyst Install Manager
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C73966-AED3-5ACB-B438-B47E9B1FB2E3}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{794F49F0-2A44-EE74-62FE-22FD68953A25}" = ccc-utility
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7CD5F286-FF0A-E638-8143-0E258E3C17E2}" = CCC Help Thai
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{98698CC8-F4C4-A0A7-F521-8547DDD1BB6B}" = Catalyst Control Center Localization Chinese Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B651AD20-D522-2D6F-3AC7-A5F625FCB283}" = Catalyst Control Center Core Implementation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C3E2D64C-1B8E-D142-A76F-DEAC02AFF4FA}" = CCC Help Polish
"{C5145CD4-4F74-C986-F86B-F57F3995C59B}" = Catalyst Control Center Localization Arabic
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8D524C0-FBD2-C4F0-2446-912EABA681E0}" = CCC Help Portuguese
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CCF7F09E-A1C5-7D81-437D-B2DC347CC52E}" = Catalyst Control Center Localization Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEEE47BB-4AB7-9AEB-2212-ECC6D05DDC74}" = Catalyst Control Center Localization Italian
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D71B45B0-70B5-12BA-4ACF-2CEC94FE8A06}" = CCC Help Korean
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E7744050-4D6F-1280-5331-2EA048B51E94}" = Catalyst Control Center Localization Arabic
"{ECA80341-4BFB-172D-EC5D-64FD8DD41F5A}" = Catalyst Control Center Localization German
"{ECBEB9C6-CC47-70F7-E939-1E20E3BEEC8F}" = Catalyst Control Center Localization Korean
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4FA8AC4-6B6A-CAA6-8E44-FC64227CC4F7}" = CCC Help Italian
"{F6412237-45F7-B34B-0803-4D77E2D39D0C}" = Catalyst Control Center Localization Chinese Traditional
"{FD01FEBF-376F-F125-09F8-E94B04D21E77}" = CCC Help French
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FF001690-A829-9DFD-9EF6-DA285783C49C}" = CCC Help Chinese Traditional
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"ASIO4ALL" = ASIO4ALL
"Aston Martin Screensaver" = Aston Martin Screensaver
"Aston Martin Vanquish V12 S Screensaver" = Aston Martin Vanquish V12 S Screensaver
"ATITool" = ATITool Overclocking Utility
"avast" = avast! Free Antivirus
"Clean Virus MSN_is1" = Clean Virus MSN
"Collab" = Collab
"Counter-Strike: Source" = Counter-Strike: Source
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driving Speed 2_is1" = Driving Speed 2.0
"eMule" = eMule
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FL Studio 7" = FL Studio 7
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Convert to DIVX AVI WMV MP4 MPEG Converter_is1" = Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"InstallShield_{69EA6470-D4D3-49A3-89C8-0530C416ADB9}" = Need For Speed Hot Pursuit 2 Demo
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"MAGIX Music Maker 2008 Producer Edition Trial D" = MAGIX Music Maker 2008 Producer Edition Trial 13.0.1.11 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"myGamersCam" = myGamersCam 1.2
"Need For Speed II SE" = Need For Speed II SE
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"Operation Flashpoint" = Operation Flashpoint (Uninstall via Start Menu shortcut)
"Ots CD Scratch 1200" = Ots CD Scratch 1200 1.00.044
"OtsTurntables Free" = OtsTurntables Free 1.00.027
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.111
"RealPlayer 15.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"StationRipper" = StationRipper 2.87
"SystemRequirementsLab" = System Requirements Lab
"TmNationsForever_is1" = TmNationsForever
"tt2_demo_is1" = Terrorist Takedown 2 DEMO (1.01)
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinRAR archiver" = WinRAR
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Winamp Toolbar" = Winamp Toolbar
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.08.2012 19:26:15 | Computer Name = Paul-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 12.08.2012 05:45:15 | Computer Name = Paul-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 12.08.2012 10:41:27 | Computer Name = Paul-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 13.08.2012 14:52:04 | Computer Name = Paul-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 14.08.2012 06:18:52 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16447, Zeitstempel
 0x4fc9cd53, fehlerhaftes Modul aswWebRepIE.dll, Version 7.0.1456.418, Zeitstempel
 0x4ff31b8b, Ausnahmecode 0xc0000417, Fehleroffset 0x0004d9fb,  Prozess-ID 0x16e4,
 Anwendungsstartzeit 01cd7a063332084f.
 
Error - 14.08.2012 06:25:41 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16447, Zeitstempel
 0x4fc9cd53, fehlerhaftes Modul aswWebRepIE.dll, Version 7.0.1456.418, Zeitstempel
 0x4ff31b8b, Ausnahmecode 0xc0000417, Fehleroffset 0x0004d9fb,  Prozess-ID 0x17bc,
 Anwendungsstartzeit 01cd7a072789ca4f.
 
Error - 14.08.2012 07:33:12 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung InstallFlashPlayer.exe, Version 11.0.1.152, 
Zeitstempel 0x4e7d1453, fehlerhaftes Modul InstallFlashPlayer.exe, Version 11.0.1.152,
 Zeitstempel 0x4e7d1453, Ausnahmecode 0xc0000005, Fehleroffset 0x000071ad,  Prozess-ID
 0x14d0, Anwendungsstartzeit 01cd7a1088e81eb9.
 
Error - 15.08.2012 02:50:01 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gmer.exe, Version 1.0.15.14966, Zeitstempel 
0x49ccf290, fehlerhaftes Modul gmer.exe, Version 1.0.15.14966, Zeitstempel 0x49ccf290,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000c4b1,  Prozess-ID 0xbf0, Anwendungsstartzeit
 01cd7ab1f986aab0.
 
Error - 15.08.2012 03:03:46 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gmer.exe, Version 1.0.15.14966, Zeitstempel 
0x49ccf290, fehlerhaftes Modul gmer.exe, Version 1.0.15.14966, Zeitstempel 0x49ccf290,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000c4b1,  Prozess-ID 0x508, Anwendungsstartzeit
 01cd7ab3ad461c40.
 
Error - 15.08.2012 03:06:50 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung qk4ecqzy.exe, Version 1.0.15.15641, Zeitstempel
 0x4e21f2b1, fehlerhaftes Modul qk4ecqzy.exe, Version 1.0.15.15641, Zeitstempel 
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676,  Prozess-ID 0x1750, 
Anwendungsstartzeit 01cd7ab43f76d2d0.
 
[ System Events ]
Error - 15.08.2012 02:46:55 | Computer Name = Paul-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 15.08.2012 um 08:45:06 unerwartet heruntergefahren.
 
Error - 15.08.2012 02:46:43 | Computer Name = Paul-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 15.08.2012 02:47:07 | Computer Name = Paul-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = 
 
Error - 15.08.2012 02:48:15 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 15.08.2012 02:48:15 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.08.2012 02:58:56 | Computer Name = Paul-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 15.08.2012 02:59:14 | Computer Name = Paul-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 15.08.2012 um 08:57:31 unerwartet heruntergefahren.
 
Error - 15.08.2012 02:59:06 | Computer Name = Paul-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 15.08.2012 03:00:46 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 15.08.2012 03:00:46 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---

Gmer kann ich leider nicht ausführen, der Scan bricht immer ab mit der Begründung, xyz.exe funktioniere nicht mehr.

Der Bericht vom letzten Malware Bytes Scan:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.14.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Paul :: PAUL-PC [Administrator]

Schutz: Aktiviert

14.08.2012 23:36:28
mbam-log-2012-08-14 (23-36-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|J:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 440218
Laufzeit: 2 Stunde(n), 12 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\TDSSKiller_Quarantine\14.08.2012_23.09.55\zasubsys0000\zafs0000\tsk0001.dta (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Paul\AppData\Local\Temp\Low\msimg32.dll (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Paul\AppData\Local\Temp\Low\adfm32.exe (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 18.08.2012, 09:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) - Standard

Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)



Schön und wo sind die Logs von Avast?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         

Code:
ATTFilter
C:\TDSSKiller_Quarantine\14.08.2012_23.09.55\zasubsys0000\zafs0000\tsk0001.dta (
         
Was hast du da schon mit dem TDSS-Killer gemacht?! Das Tool ist kein Spielzeug und es darf nicht jeder Eintrag, der vom TDSS-Killer angekreidet wird pauschal gelöscht werden!
Wo ist das Log dazu?
__________________

__________________

Alt 19.08.2012, 17:40   #3
kicker
 
Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) - Standard

Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)



wo finde ich denn die logs von avast und tdss-killer ?

ha bschon drauf geachtet, dass ich mir nicht das system zerschieße, wenn ich dasd noch richtig in erinnerung habe, hatt tdss ds ding sogar mit namen identifiziert und als hoch riskant eingestuft.

auf gute zusammenarbeit
__________________

Alt 20.08.2012, 20:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) - Standard

Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)



Angeblich sollen die Logs hier sein => C:\ProgramData\AVAST Software\Avast\log
Die vom TDSS-Killer sind direkt auf C:
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.08.2012, 23:13   #5
kicker
 
Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) - Standard

Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)



Code:
ATTFilter
 23:09:55.0643 4160  TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
23:09:55.0799 4160  ============================================================
23:09:55.0799 4160  Current date / time: 2012/08/14 23:09:55.0799
23:09:55.0799 4160  SystemInfo:
23:09:55.0799 4160  
23:09:55.0799 4160  OS Version: 6.0.6002 ServicePack: 2.0
23:09:55.0799 4160  Product type: Workstation
23:09:55.0799 4160  ComputerName: PAUL-PC
23:09:55.0799 4160  UserName: Paul
23:09:55.0799 4160  Windows directory: C:\Windows
23:09:55.0799 4160  System windows directory: C:\Windows
23:09:55.0799 4160  Processor architecture: Intel x86
23:09:55.0799 4160  Number of processors: 2
23:09:55.0799 4160  Page size: 0x1000
23:09:55.0799 4160  Boot type: Normal boot
23:09:55.0799 4160  ============================================================
23:09:57.0109 4160  Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:09:57.0219 4160  ============================================================
23:09:57.0219 4160  \Device\Harddisk0\DR0:
23:09:57.0219 4160  MBR partitions:
23:09:57.0219 4160  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
23:09:57.0219 4160  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x1BD8D000
23:09:57.0219 4160  ============================================================
23:09:57.0250 4160  C: <-> \Device\Harddisk0\DR0\Partition2
23:09:57.0281 4160  D: <-> \Device\Harddisk0\DR0\Partition1
23:09:57.0281 4160  ============================================================
23:09:57.0281 4160  Initialize success
23:09:57.0281 4160  ============================================================
23:10:02.0991 4676  ============================================================
23:10:02.0991 4676  Scan started
23:10:02.0991 4676  Mode: Manual; 
23:10:02.0991 4676  ============================================================
23:10:04.0473 4676  ================ Scan services =============================
23:10:05.0065 4676  [ 82b296ae1892fe3dbee00c9cf92f8ac7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
23:10:05.0143 4676  ACPI - ok
23:10:05.0237 4676  [ 2edc5bbac6c651ece337bde8ed97c9fb ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:10:05.0253 4676  adp94xx - ok
23:10:05.0331 4676  [ b84088ca3cdca97da44a984c6ce1ccad ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:10:05.0346 4676  adpahci - ok
23:10:05.0393 4676  [ 7880c67bccc27c86fd05aa2afb5ea469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
23:10:05.0409 4676  adpu160m - ok
23:10:05.0471 4676  [ 9ae713f8e30efc2abccd84904333df4d ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:10:05.0487 4676  adpu320 - ok
23:10:05.0549 4676  [ 9d1fda9e086ba64e3c93c9de32461bcf ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:10:05.0549 4676  AeLookupSvc - ok
23:10:05.0627 4676  [ 3911b972b55fea0478476b2e777b29fa ] AFD             C:\Windows\system32\drivers\afd.sys
23:10:05.0627 4676  AFD - ok
23:10:05.0705 4676  [ 8b10ce1c1f9f1d47e4deb1a547a00cd4 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:10:05.0705 4676  agp440 - ok
23:10:05.0767 4676  [ ae1fdf7bf7bb6c6a70f67699d880592a ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
23:10:05.0783 4676  aic78xx - ok
23:10:05.0814 4676  [ a1545b731579895d8cc44fc0481c1192 ] ALG             C:\Windows\System32\alg.exe
23:10:05.0814 4676  ALG - ok
23:10:05.0861 4676  [ dc67a153fdb8105b25d05334b5e1d8e2 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:10:05.0877 4676  aliide - ok
23:10:05.0923 4676  [ 848f27e5b27c1c253f6cefdc1a5d8f21 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:10:05.0939 4676  amdagp - ok
23:10:05.0986 4676  [ 835c4c3355088298a5ebd818fa31430f ] amdide          C:\Windows\system32\drivers\amdide.sys
23:10:06.0001 4676  amdide - ok
23:10:06.0064 4676  [ dc487885bcef9f28eece6fac0e5ddfc5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
23:10:06.0079 4676  AmdK7 - ok
23:10:06.0111 4676  [ 0ca0071da4315b00fc1328ca86b425da ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:10:06.0111 4676  AmdK8 - ok
23:10:06.0189 4676  [ c6d704c7f0434dc791aac37cac4b6e14 ] Appinfo         C:\Windows\System32\appinfo.dll
23:10:06.0204 4676  Appinfo - ok
23:10:06.0423 4676  [ 3debbecf665dcdde3a95d9b902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:10:06.0438 4676  Apple Mobile Device - ok
23:10:06.0485 4676  [ 5f673180268bb1fdb69c99b6619fe379 ] arc             C:\Windows\system32\drivers\arc.sys
23:10:06.0501 4676  arc - ok
23:10:06.0594 4676  [ 957f7540b5e7f602e44648c7de5a1c05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:10:06.0625 4676  arcsas - ok
23:10:06.0735 4676  [ 1c1f3d6dddc046c920c493a779649f66 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
23:10:06.0750 4676  aswFsBlk - ok
23:10:06.0891 4676  [ a48d8015af2a0d8b4937613ffbfd28de ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
23:10:06.0906 4676  aswMonFlt - ok
23:10:06.0922 4676  [ 982e275d1c5801042fe94209fb0160fb ] aswRdr          C:\Windows\system32\drivers\aswRdr.sys
23:10:06.0953 4676  aswRdr - ok
23:10:07.0234 4676  [ 73dbcf808e00580f2a47f93dd9b03876 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
23:10:07.0483 4676  aswSnx - ok
23:10:07.0624 4676  [ 6cbd7d3a33f498d09c831cdd732da2e0 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
23:10:07.0858 4676  aswSP - ok
23:10:07.0889 4676  [ 7109a9aa551f37cd168c02368465957e ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
23:10:07.0920 4676  aswTdi - ok
23:10:07.0983 4676  [ 53b202abee6455406254444303e87be1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:10:07.0998 4676  AsyncMac - ok
23:10:08.0076 4676  [ 1f05b78ab91c9075565a9d8a4b880bc4 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:10:08.0076 4676  atapi - ok
23:10:08.0310 4676  [ b488fc27338b83c9fc91d684467eeb7e ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
23:10:08.0388 4676  Ati External Event Utility - ok
23:10:08.0482 4676  [ 0e4bb35c5305099ac82053ac992e3e0e ] ATITool         C:\Windows\system32\DRIVERS\ATITool.sys
23:10:08.0497 4676  ATITool - ok
23:10:08.0685 4676  [ 68e2a1a0407a66cf50da0300852424ab ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:10:08.0887 4676  AudioEndpointBuilder - ok
23:10:09.0012 4676  [ 68e2a1a0407a66cf50da0300852424ab ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:10:09.0012 4676  Audiosrv - ok
23:10:09.0231 4676  [ 2f7c0f3e39c45e0127fb78b2f18a41f3 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
23:10:09.0262 4676  avast! Antivirus - ok
23:10:09.0480 4676  [ cf6a67c90951e3e763d2135dede44b85 ] BCM43XV         C:\Windows\system32\DRIVERS\bcmwl6.sys
23:10:09.0574 4676  BCM43XV - ok
23:10:09.0667 4676  [ 67e506b75bd5326a3ec7b70bd014dfb6 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:10:09.0699 4676  Beep - ok
23:10:09.0823 4676  [ c789af0f724fda5852fb9a7d3a432381 ] BFE             C:\Windows\System32\bfe.dll
23:10:09.0855 4676  BFE - ok
23:10:10.0120 4676  [ 93952506c6d67330367f7e7934b6a02f ] BITS            C:\Windows\System32\qmgr.dll
23:10:10.0541 4676  BITS - ok
23:10:10.0557 4676  blbdrive - ok
23:10:10.0884 4676  [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:10:10.0947 4676  Bonjour Service - ok
23:10:11.0025 4676  [ 35f376253f687bde63976ccb3f2108ca ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:10:11.0056 4676  bowser - ok
23:10:11.0181 4676  [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
23:10:11.0196 4676  BrFiltLo - ok
23:10:11.0227 4676  [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
23:10:11.0227 4676  BrFiltUp - ok
23:10:11.0290 4676  [ a3629a0c4226f9e9c72faaeebc3ad33c ] Browser         C:\Windows\System32\browser.dll
23:10:11.0305 4676  Browser - ok
23:10:11.0399 4676  [ b304e75cff293029eddf094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
23:10:11.0430 4676  Brserid - ok
23:10:11.0477 4676  [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
23:10:11.0477 4676  BrSerWdm - ok
23:10:11.0508 4676  [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
23:10:11.0539 4676  BrUsbMdm - ok
23:10:11.0571 4676  [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
23:10:11.0602 4676  BrUsbSer - ok
23:10:11.0649 4676  [ ad07c1ec6665b8b35741ab91200c6b68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:10:11.0664 4676  BTHMODEM - ok
23:10:11.0820 4676  [ a4c8377fa4a994e07075107dbe2e3dce ] BthServ         C:\Windows\System32\bthserv.dll
23:10:11.0836 4676  BthServ - ok
23:10:11.0898 4676  [ 7add03e75beb9e6dd102c3081d29840a ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:10:11.0914 4676  cdfs - ok
23:10:12.0039 4676  [ 6b4bffb9becd728097024276430db314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:10:12.0039 4676  cdrom - ok
23:10:12.0163 4676  [ 312ec3e37a0a1f2006534913e37b4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:10:12.0179 4676  CertPropSvc - ok
23:10:12.0241 4676  [ da8e0afc7baa226c538ef53ac2f90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:10:12.0257 4676  circlass - ok
23:10:12.0366 4676  [ d7659d3b5b92c31e84e53c1431f35132 ] CLFS            C:\Windows\system32\CLFS.sys
23:10:12.0444 4676  CLFS - ok
23:10:12.0616 4676  [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:10:12.0616 4676  clr_optimization_v2.0.50727_32 - ok
23:10:12.0663 4676  [ e79cbb2195e965f6e3256e2c1b23fd1c ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:10:12.0678 4676  cmdide - ok
23:10:12.0709 4676  [ 82b8c91d327cfecf76cb58716f7d4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:10:12.0725 4676  Compbatt - ok
23:10:12.0741 4676  COMSysApp - ok
23:10:12.0772 4676  [ 2a213ae086bbec5e937553c7d9a2b22c ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:10:12.0787 4676  crcdisk - ok
23:10:12.0834 4676  [ 22a7f883508176489f559ee745b5bf5d ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
23:10:12.0834 4676  Crusoe - ok
23:10:12.0928 4676  [ 75c6a297e364014840b48eccd7525e30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:10:12.0928 4676  CryptSvc - ok
23:10:13.0131 4676  [ 72794d112cbaff3bc0c29bf7350d4741 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:10:13.0255 4676  cvhsvc - ok
23:10:13.0396 4676  [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:10:13.0427 4676  DcomLaunch - ok
23:10:13.0474 4676  [ 622c41a07ca7e6dd91770f50d532cb6c ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:10:13.0474 4676  DfsC - ok
23:10:13.0630 4676  [ 2cc3dcfb533a1035b13dcab6160ab38b ] DFSR            C:\Windows\system32\DFSR.exe
23:10:14.0035 4676  DFSR - ok
23:10:14.0207 4676  [ 9028559c132146fb75eb7acf384b086a ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
23:10:14.0269 4676  Dhcp - ok
23:10:14.0316 4676  [ 5d4aefc3386920236a548271f8f1af6a ] disk            C:\Windows\system32\drivers\disk.sys
23:10:14.0332 4676  disk - ok
23:10:14.0394 4676  [ 57d762f6f5974af0da2be88a3349baaa ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:10:14.0410 4676  Dnscache - ok
23:10:14.0472 4676  [ 324fd74686b1ef5e7c19a8af49e748f6 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:10:14.0488 4676  dot3svc - ok
23:10:14.0519 4676  [ a622e888f8aa2f6b49e9bc466f0e5def ] DPS             C:\Windows\system32\dps.dll
23:10:14.0535 4676  DPS - ok
23:10:14.0597 4676  [ 97fef831ab90bee128c9af390e243f80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:10:14.0628 4676  drmkaud - ok
23:10:14.0722 4676  [ c68ac676b0ef30cfbb1080adce49eb1f ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:10:14.0784 4676  DXGKrnl - ok
23:10:15.0018 4676  [ 04944f4fc4f0477185f5d26ae0ddb90e ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
23:10:15.0049 4676  e1express - ok
23:10:15.0127 4676  [ f88fb26547fd2ce6d0a5af2985892c48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
23:10:15.0159 4676  E1G60 - ok
23:10:15.0221 4676  [ c0b95e40d85cd807d614e264248a45b9 ] EapHost         C:\Windows\System32\eapsvc.dll
23:10:15.0237 4676  EapHost - ok
23:10:15.0361 4676  [ 7f64ea048dcfac7acf8b4d7b4e6fe371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
23:10:15.0361 4676  Ecache - ok
23:10:15.0517 4676  [ 9be3744d295a7701eb425332014f0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:10:15.0533 4676  ehRecvr - ok
23:10:15.0564 4676  [ ad1870c8e5d6dd340c829e6074bf3c3f ] ehSched         C:\Windows\ehome\ehsched.exe
23:10:15.0580 4676  ehSched - ok
23:10:15.0627 4676  [ c27c4ee8926e74aa72efcab24c5242c3 ] ehstart         C:\Windows\ehome\ehstart.dll
23:10:15.0627 4676  ehstart - ok
23:10:15.0658 4676  [ e8f3f21a71720c84bcf423b80028359f ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:10:15.0673 4676  elxstor - ok
23:10:15.0845 4676  [ 4e6b23dfc917ea39306b529b773950f4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
23:10:15.0939 4676  EMDMgmt - ok
23:10:16.0049 4676  [ 67058c46504bc12d821f38cf99b7b28f ] EventSystem     C:\Windows\system32\es.dll
23:10:16.0189 4676  EventSystem - ok
23:10:16.0283 4676  [ 22b408651f9123527bcee54b4f6c5cae ] exfat           C:\Windows\system32\drivers\exfat.sys
23:10:16.0283 4676  exfat - ok
23:10:16.0345 4676  [ 1e9b9a70d332103c52995e957dc09ef8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:10:16.0345 4676  fastfat - ok
23:10:16.0408 4676  [ afe1e8b9782a0dd7fb46bbd88e43f89a ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:10:16.0408 4676  fdc - ok
23:10:16.0439 4676  [ 6629b5f0e98151f4afdd87567ea32ba3 ] fdPHost         C:\Windows\system32\fdPHost.dll
23:10:16.0439 4676  fdPHost - ok
23:10:16.0470 4676  [ 89ed56dce8e47af40892778a5bd31fd2 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:10:16.0486 4676  FDResPub - ok
23:10:16.0517 4676  [ a8c0139a884861e3aae9cfe73b208a9f ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:10:16.0517 4676  FileInfo - ok
23:10:16.0564 4676  [ 0ae429a696aecbc5970e3cf2c62635ae ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:10:16.0564 4676  Filetrace - ok
23:10:16.0954 4676  [ 167d24a045499ebef438f231976158df ] FirebirdServerMAGIXInstance C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
23:10:17.0048 4676  FirebirdServerMAGIXInstance - ok
23:10:17.0111 4676  [ 6603957eff5ec62d25075ea8ac27de68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:10:17.0126 4676  flpydisk - ok
23:10:17.0220 4676  [ 01334f9ea68e6877c4ef05d3ea8abb05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:10:17.0251 4676  FltMgr - ok
23:10:17.0501 4676  [ 452feaab2a8dbb42ed751754cb2594f5 ] FontCache       C:\Windows\system32\FntCache.dll
23:10:17.0750 4676  FontCache - ok
23:10:17.0906 4676  [ c7fbdd1ed42f82bfa35167a5c9803ea3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:10:17.0922 4676  FontCache3.0.0.0 - ok
23:10:17.0953 4676  [ b972a66758577e0bfd1de0f91aaa27b5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:10:17.0969 4676  Fs_Rec - ok
23:10:18.0015 4676  [ 4e1cd0a45c50a8882616cae5bf82f3c5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:10:18.0031 4676  gagp30kx - ok
23:10:18.0093 4676  [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
23:10:18.0093 4676  GEARAspiWDM - ok
23:10:18.0811 4676  [ 1c23ca2beb4fa0a92b87164c35212b11 ] GoogleDesktopManager C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:10:18.0951 4676  GoogleDesktopManager - ok
23:10:19.0217 4676  [ cd5d0aeee35dfd4e986a5aa1500a6e66 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:10:19.0497 4676  gpsvc - ok
23:10:19.0560 4676  [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:10:19.0560 4676  gusvc - ok
23:10:19.0731 4676  [ 3f90e001369a07243763bd5a523d8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:10:19.0747 4676  HdAudAddService - ok
23:10:19.0950 4676  [ 062452b7ffd68c8c042a6261fe8dff4a ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:10:20.0137 4676  HDAudBus - ok
23:10:20.0231 4676  [ 1338520e78d90154ed6be8f84de5fceb ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:10:20.0262 4676  HidBth - ok
23:10:21.0198 4676  [ ff3160c3a2445128c5a6d9b076da519e ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:10:21.0213 4676  HidIr - ok
23:10:21.0245 4676  [ 84067081f3318162797385e11a8f0582 ] hidserv         C:\Windows\system32\hidserv.dll
23:10:21.0276 4676  hidserv - ok
23:10:21.0307 4676  [ cca4b519b17e23a00b826c55716809cc ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:10:21.0323 4676  HidUsb - ok
23:10:21.0369 4676  [ d8ad255b37da92434c26e4876db7d418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:10:21.0369 4676  hkmsvc - ok
23:10:21.0401 4676  [ df353b401001246853763c4b7aaa6f50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
23:10:21.0416 4676  HpCISSs - ok
23:10:21.0463 4676  [ f870aa3e254628ebeafe754108d664de ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:10:21.0463 4676  HTTP - ok
23:10:21.0510 4676  [ 324c2152ff2c61abae92d09f3cca4d63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
23:10:21.0541 4676  i2omp - ok
23:10:21.0635 4676  [ 22d56c8184586b7a1f6fa60be5f5a2bd ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:10:21.0635 4676  i8042prt - ok
23:10:21.0728 4676  [ 997e8f5939f2d12cd9f2e6b395724c16 ] iaStor          C:\Windows\system32\drivers\iastor.sys
23:10:21.0728 4676  iaStor - ok
23:10:21.0837 4676  [ c957bf4b5d80b46c5017bf0101e6c906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
23:10:21.0853 4676  iaStorV - ok
23:10:22.0009 4676  [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:10:22.0009 4676  IDriverT - ok
23:10:22.0149 4676  [ 98477b08e61945f974ed9fdc4cb6bdab ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:10:22.0181 4676  idsvc - ok
23:10:22.0789 4676  [ c134e69ce901422d1f2d7ea8d69098fe ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
23:10:22.0945 4676  igfx - ok
23:10:22.0961 4676  [ 2d077bf86e843f901d8db709c95b49a5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:10:22.0976 4676  iirsp - ok
23:10:23.0148 4676  [ 9908d8a397b76cd8d31d0d383c5773c9 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:10:23.0444 4676  IKEEXT - ok
23:10:24.0115 4676  [ 4eae74c8bcbca309a5d7cbad7e231427 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:10:24.0271 4676  IntcAzAudAddService - ok
23:10:24.0333 4676  [ 0084046c084d68e494f8cf36bcf08186 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
23:10:24.0365 4676  intelide - ok
23:10:24.0427 4676  [ 224191001e78c89dfa78924c3ea595ff ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:10:24.0443 4676  intelppm - ok
23:10:24.0505 4676  [ 9ac218c6e6105477484c6fdbe7d409a4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:10:24.0521 4676  IPBusEnum - ok
23:10:24.0599 4676  [ 62c265c38769b864cb25b4bcf62df6c3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:10:24.0599 4676  IpFilterDriver - ok
23:10:24.0708 4676  [ 1998bd97f950680bb55f55a7244679c2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:10:24.0723 4676  iphlpsvc - ok
23:10:24.0739 4676  IpInIp - ok
23:10:24.0879 4676  [ 40f34f8aba2a015d780e4b09138b6c17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
23:10:24.0911 4676  IPMIDRV - ok
23:10:25.0035 4676  [ 8793643a67b42cec66490b2a0cf92d68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
23:10:25.0067 4676  IPNAT - ok
23:10:25.0613 4676  [ 178fe38b7740f598391eb2f51ae4ccac ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:10:26.0502 4676  iPod Service - ok
23:10:26.0595 4676  [ 109c0dfb82c3632fbd11949b73aeeac9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:10:26.0642 4676  IRENUM - ok
23:10:26.0751 4676  [ 2f8ece2699e7e2070545e9b0960a8ed2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:10:26.0783 4676  isapnp - ok
23:10:26.0923 4676  [ 232fa340531d940aac623b121a595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:10:27.0017 4676  iScsiPrt - ok
23:10:27.0048 4676  [ bced60d16156e428f8df8cf27b0df150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
23:10:27.0063 4676  iteatapi - ok
23:10:27.0141 4676  [ 06fa654504a498c30adca8bec4e87e7e ] iteraid         C:\Windows\system32\drivers\iteraid.sys
23:10:27.0157 4676  iteraid - ok
23:10:27.0251 4676  [ 37605e0a8cf00cbba538e753e4344c6e ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:10:27.0266 4676  kbdclass - ok
23:10:27.0360 4676  [ ede59ec70e25c24581add1fbec7325f7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:10:27.0375 4676  kbdhid - ok
23:10:27.0422 4676  [ a3e186b4b935905b829219502557314e ] KeyIso          C:\Windows\system32\lsass.exe
23:10:27.0422 4676  KeyIso - ok
23:10:27.0547 4676  [ 4a1445efa932a3baf5bdb02d7131ee20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:10:27.0719 4676  KSecDD - ok
23:10:27.0859 4676  [ 8078f8f8f7a79e2e6b494523a828c585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:10:27.0921 4676  KtmRm - ok
23:10:27.0999 4676  [ 1bf5eebfd518dd7298434d8c862f825d ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:10:28.0046 4676  LanmanServer - ok
23:10:28.0155 4676  [ 1db69705b695b987082c8baec0c6b34f ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:10:28.0187 4676  LanmanWorkstation - ok
23:10:28.0265 4676  [ d1c5883087a0c3f1344d9d55a44901f6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:10:28.0280 4676  lltdio - ok
23:10:28.0358 4676  [ 2d5a428872f1442631d0959a34abff63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:10:28.0483 4676  lltdsvc - ok
23:10:28.0592 4676  [ 35d40113e4a5b961b6ce5c5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:10:28.0639 4676  lmhosts - ok
23:10:28.0733 4676  [ a2262fb9f28935e862b4db46438c80d2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:10:28.0748 4676  LSI_FC - ok
23:10:28.0779 4676  [ 30d73327d390f72a62f32c103daf1d6d ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:10:28.0826 4676  LSI_SAS - ok
23:10:28.0873 4676  [ e1e36fefd45849a95f1ab81de0159fe3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:10:29.0045 4676  LSI_SCSI - ok
23:10:29.0232 4676  [ 8f5c7426567798e62a3b3614965d62cc ] luafv           C:\Windows\system32\drivers\luafv.sys
23:10:29.0497 4676  luafv - ok
23:10:30.0059 4676  [ 6dfe7f2e8e8a337263aa5c92a215f161 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
23:10:30.0059 4676  MBAMProtector - ok
23:10:30.0199 4676  [ 43683e970f008c93c9429ef428147a54 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:10:30.0215 4676  MBAMService - ok
23:10:30.0495 4676  [ 0db7527db188c7d967a37bb51bbf3963 ] MBAMSwissArmy   C:\Windows\system32\drivers\mbamswissarmy.sys
23:10:30.0511 4676  MBAMSwissArmy - ok
23:10:30.0558 4676  [ aef9babb8a506bc4ce0451a64aaded46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:10:30.0667 4676  Mcx2Svc - ok
23:10:30.0870 4676  [ d153b14fc6598eae8422a2037553adce ] megasas         C:\Windows\system32\drivers\megasas.sys
23:10:30.0870 4676  megasas - ok
23:10:30.0901 4676  [ 1076ffcffaae8385fd62dfcb25ac4708 ] MMCSS           C:\Windows\system32\mmcss.dll
23:10:30.0901 4676  MMCSS - ok
23:10:31.0182 4676  [ e13b5ea0f51ba5b1512ec671393d09ba ] Modem           C:\Windows\system32\drivers\modem.sys
23:10:31.0229 4676  Modem - ok
23:10:31.0431 4676  [ 0a9bb33b56e294f686abb7c1e4e2d8a8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:10:31.0478 4676  monitor - ok
23:10:31.0541 4676  [ 5bf6a1326a335c5298477754a506d263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:10:31.0556 4676  mouclass - ok
23:10:31.0556 4676  [ 93b8d4869e12cfbe663915502900876f ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:10:31.0572 4676  mouhid - ok
23:10:31.0712 4676  [ bdafc88aa6b92f7842416ea6a48e1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
23:10:31.0728 4676  MountMgr - ok
23:10:32.0040 4676  [ 583a41f26278d9e0ea548163d6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:10:32.0133 4676  mpio - ok
23:10:32.0196 4676  [ 22241feba9b2defa669c8cb0a8dd7d2e ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:10:32.0196 4676  mpsdrv - ok
23:10:32.0383 4676  [ 5de62c6e9108f14f6794060a9bdecaec ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:10:32.0478 4676  MpsSvc - ok
23:10:32.0524 4676  [ 4fbbb70d30fd20ec51f80061703b001e ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
23:10:32.0524 4676  Mraid35x - ok
23:10:32.0774 4676  [ 82cea0395524aacfeb58ba1448e8325c ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:10:32.0805 4676  MRxDAV - ok
23:10:32.0868 4676  [ 1e94971c4b446ab2290deb71d01cf0c2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:10:33.0039 4676  mrxsmb - ok
23:10:33.0242 4676  [ 4fccb34d793b116423209c0f8b7a3b03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:10:33.0304 4676  mrxsmb10 - ok
23:10:33.0382 4676  [ c3cb1b40ad4a0124d617a1199b0b9d7c ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:10:33.0476 4676  mrxsmb20 - ok
23:10:33.0570 4676  [ d420bc42a637ac3cc4f411220549c0dc ] msahci          C:\Windows\system32\drivers\msahci.sys
23:10:33.0585 4676  msahci - ok
23:10:33.0616 4676  [ 3fc82a2ae4cc149165a94699183d3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:10:33.0679 4676  msdsm - ok
23:10:33.0772 4676  [ fd7520cc3a80c5fc8c48852bb24c6ded ] MSDTC           C:\Windows\System32\msdtc.exe
23:10:33.0772 4676  MSDTC - ok
23:10:33.0975 4676  [ a9927f4a46b816c92f461acb90cf8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:10:33.0975 4676  Msfs - ok
23:10:34.0053 4676  [ 0f400e306f385c56317357d6dea56f62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:10:34.0053 4676  msisadrv - ok
23:10:34.0162 4676  [ 85466c0757a23d9a9aecdc0755203cb2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:10:34.0225 4676  MSiSCSI - ok
23:10:34.0256 4676  msiserver - ok
23:10:34.0334 4676  [ d8c63d34d9c9e56c059e24ec7185cc07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:10:34.0396 4676  MSKSSRV - ok
23:10:34.0537 4676  [ 1d373c90d62ddb641d50e55b9e78d65e ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:10:34.0568 4676  MSPCLOCK - ok
23:10:34.0662 4676  [ b572da05bf4e098d4bba3a4734fb505b ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:10:34.0693 4676  MSPQM - ok
23:10:34.0958 4676  [ b49456d70555de905c311bcda6ec6adb ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:10:34.0974 4676  MsRPC - ok
23:10:35.0301 4676  [ e384487cb84be41d09711c30ca79646c ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:10:35.0301 4676  mssmbios - ok
23:10:35.0410 4676  [ 7199c1eec1e4993caf96b8c0a26bd58a ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:10:35.0426 4676  MSTEE - ok
23:10:35.0520 4676  [ 6a57b5733d4cb702c8ea4542e836b96c ] Mup             C:\Windows\system32\Drivers\mup.sys
23:10:35.0551 4676  Mup - ok
23:10:35.0598 4676  [ e4eaf0c5c1b41b5c83386cf212ca9584 ] napagent        C:\Windows\system32\qagentRT.dll
23:10:35.0613 4676  napagent - ok
23:10:35.0691 4676  [ 85c44fdff9cf7e72a40dcb7ec06a4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:10:35.0785 4676  NativeWifiP - ok
23:10:36.0144 4676  [ 1357274d1883f68300aeadd15d7bbb42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:10:36.0300 4676  NDIS - ok
23:10:36.0378 4676  [ 0e186e90404980569fb449ba7519ae61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:10:36.0409 4676  NdisTapi - ok
23:10:36.0499 4676  [ d6973aa34c4d5d76c0430b181c3cd389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:10:36.0557 4676  Ndisuio - ok
23:10:36.0641 4676  [ 818f648618ae34f729fdb47ec68345c3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:10:36.0730 4676  NdisWan - ok
23:10:36.0836 4676  [ 71dab552b41936358f3b541ae5997fb3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:10:36.0839 4676  NDProxy - ok
23:10:36.0955 4676  [ bcd093a5a6777cf626434568dc7dba78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:10:36.0971 4676  NetBIOS - ok
23:10:37.0025 4676  [ ecd64230a59cbd93c85f1cd1cab9f3f6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
23:10:37.0031 4676  netbt - ok
23:10:37.0081 4676  [ a3e186b4b935905b829219502557314e ] Netlogon        C:\Windows\system32\lsass.exe
23:10:37.0099 4676  Netlogon - ok
23:10:37.0315 4676  [ c8052711daecc48b982434c5116ca401 ] Netman          C:\Windows\System32\netman.dll
23:10:37.0418 4676  Netman - ok
23:10:37.0528 4676  [ 2ef3bbe22e5a5acd1428ee387a0d0172 ] netprofm        C:\Windows\System32\netprofm.dll
23:10:37.0528 4676  netprofm - ok
23:10:37.0591 4676  [ d6c4e4a39a36029ac0813d476fbd0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:10:37.0606 4676  NetTcpPortSharing - ok
23:10:37.0669 4676  [ 2e7fb731d4790a1bc6270accefacb36e ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:10:37.0669 4676  nfrd960 - ok
23:10:37.0731 4676  [ 2997b15415f9bbe05b5a4c1c85e0c6a2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:10:37.0731 4676  NlaSvc - ok
23:10:37.0808 4676  [ 1926b4eef80f4a0c8cc8fcbb6b4a7461 ] Nokia USB Generic C:\Windows\system32\drivers\nmwcdc.sys
23:10:37.0813 4676  Nokia USB Generic - ok
23:10:37.0853 4676  [ df4211b6ca609ff11f43261e04ac92f1 ] Nokia USB Modem C:\Windows\system32\drivers\nmwcdcm.sys
23:10:37.0856 4676  Nokia USB Modem - ok
23:10:37.0949 4676  [ ddfe78eeb4afcf91edc52b8f7c7dad15 ] Nokia USB Phone Parent C:\Windows\system32\drivers\nmwcd.sys
23:10:37.0973 4676  Nokia USB Phone Parent - ok
23:10:38.0055 4676  [ df4211b6ca609ff11f43261e04ac92f1 ] Nokia USB Port  C:\Windows\system32\drivers\nmwcdcj.sys
23:10:38.0057 4676  Nokia USB Port - ok
23:10:38.0114 4676  [ d36f239d7cce1931598e8fb90a0dbc26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:10:38.0122 4676  Npfs - ok
23:10:38.0173 4676  [ 8bb86f0c7eea2bded6fe095d0b4ca9bd ] nsi             C:\Windows\system32\nsisvc.dll
23:10:38.0188 4676  nsi - ok
23:10:38.0234 4676  [ 609773e344a97410ce4ebf74a8914fcf ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:10:38.0263 4676  nsiproxy - ok
23:10:38.0513 4676  [ 6a4a98cee84cf9e99564510dda4baa47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:10:38.0641 4676  Ntfs - ok
23:10:38.0683 4676  [ e875c093aec0c978a90f30c9e0dfbb72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
23:10:38.0698 4676  ntrigdigi - ok
23:10:38.0755 4676  [ c5dbbcda07d780bda9b685df333bb41e ] Null            C:\Windows\system32\drivers\Null.sys
23:10:38.0755 4676  Null - ok
23:10:38.0802 4676  [ e69e946f80c1c31c53003bfbf50cbb7c ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:10:38.0802 4676  nvraid - ok
23:10:38.0833 4676  [ 9e0ba19a28c498a6d323d065db76dffc ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:10:38.0833 4676  nvstor - ok
23:10:38.0848 4676  [ 055081fd5076401c1ee1bcab08d81911 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:10:38.0848 4676  nv_agp - ok
23:10:38.0849 4676  NwlnkFlt - ok
23:10:38.0849 4676  NwlnkFwd - ok
23:10:38.0956 4676  [ be32da025a0be1878f0ee8d6d9386cd5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:10:38.0972 4676  ohci1394 - ok
23:10:39.0069 4676  [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:10:39.0194 4676  ose - ok
23:10:39.0890 4676  [ 358a9cca612c68eb2f07ddad4ce1d8d7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:10:41.0008 4676  osppsvc - ok
23:10:41.0237 4676  [ 0c8e8e61ad1eb0b250b846712c917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
23:10:41.0678 4676  p2pimsvc - ok
23:10:41.0895 4676  [ 0c8e8e61ad1eb0b250b846712c917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:10:41.0902 4676  p2psvc - ok
23:10:41.0979 4676  [ 0fa9b5055484649d63c303fe404e5f4d ] Parport         C:\Windows\system32\drivers\parport.sys
23:10:41.0999 4676  Parport - ok
23:10:42.0080 4676  [ b9c2b89f08670e159f7181891e449cd9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:10:42.0101 4676  partmgr - ok
23:10:42.0171 4676  [ 4f9a6a8a31413180d0fcb279ad5d8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
23:10:42.0195 4676  Parvdm - ok
23:10:42.0270 4676  [ c6276ad11f4bb49b58aa1ed88537f14a ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:10:42.0292 4676  PcaSvc - ok
23:10:42.0377 4676  [ 941dc1d19e7e8620f40bbc206981efdb ] pci             C:\Windows\system32\drivers\pci.sys
23:10:42.0403 4676  pci - ok
23:10:42.0489 4676  [ 1636d43f10416aeb483bc6001097b26c ] pciide          C:\Windows\system32\drivers\pciide.sys
23:10:42.0509 4676  pciide - ok
23:10:42.0571 4676  [ e6f3fb1b86aa519e7698ad05e58b04e5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:10:42.0602 4676  pcmcia - ok
23:10:42.0899 4676  [ 6349f6ed9c623b44b52ea3c63c831a92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:10:43.0164 4676  PEAUTH - ok
23:10:43.0601 4676  [ b1689df169143f57053f795390c99db3 ] pla             C:\Windows\system32\pla.dll
23:10:44.0178 4676  pla - ok
23:10:44.0272 4676  [ c5e7f8a996ec0a82d508fd9064a5569e ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:10:44.0303 4676  PlugPlay - ok
23:10:44.0365 4676  [ 0e01d7eebada0b324db0ca1ee73440ba ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
23:10:44.0381 4676  PnkBstrA - ok
23:10:44.0428 4676  [ 1428e6cc1458a36cbfc1f2e304c7c42d ] PnkBstrB        C:\Windows\system32\PnkBstrB.exe
23:10:44.0443 4676  PnkBstrB - ok
23:10:44.0474 4676  [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
23:10:44.0474 4676  PNRPAutoReg - ok
23:10:44.0506 4676  [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
23:10:44.0521 4676  PNRPsvc - ok
23:10:44.0630 4676  [ d0494460421a03cd5225cca0059aa146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:10:44.0755 4676  PolicyAgent - ok
23:10:44.0833 4676  [ ecfffaec0c1ecd8dbc77f39070ea1db1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:10:44.0833 4676  PptpMiniport - ok
23:10:44.0864 4676  [ 0e3cef5d28b40cf273281d620c50700a ] Processor       C:\Windows\system32\drivers\processr.sys
23:10:44.0880 4676  Processor - ok
23:10:44.0927 4676  [ 0508faa222d28835310b7bfca7a77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:10:44.0958 4676  ProfSvc - ok
23:10:44.0974 4676  [ a3e186b4b935905b829219502557314e ] ProtectedStorage C:\Windows\system32\lsass.exe
23:10:44.0989 4676  ProtectedStorage - ok
23:10:45.0020 4676  [ 99514faa8df93d34b5589187db3aa0ba ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
23:10:45.0052 4676  PSched - ok
23:10:45.0098 4676  [ e42e3433dbb4cffe8fdd91eab29aea8e ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
23:10:45.0098 4676  PxHelp20 - ok
23:10:45.0301 4676  [ ccdac889326317792480c0a67156a1ec ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:10:45.0816 4676  ql2300 - ok
23:10:45.0878 4676  [ 81a7e5c076e59995d54bc1ed3a16e60b ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:10:45.0878 4676  ql40xx - ok
23:10:45.0972 4676  [ e9ecae663f47e6cb43962d18ab18890f ] QWAVE           C:\Windows\system32\qwave.dll
23:10:46.0112 4676  QWAVE - ok
23:10:46.0175 4676  [ 9f5e0e1926014d17486901c88eca2db7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:10:46.0190 4676  QWAVEdrv - ok
23:10:46.0861 4676  [ e52b7a5010011c29063684cac1a6bbf0 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
23:10:47.0002 4676  R300 - ok
23:10:47.0189 4676  [ 8f97d374ad1857e1eed85a79f29a1d3d ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
23:10:47.0298 4676  RapiMgr - ok
23:10:47.0345 4676  [ 147d7f9c556d259924351feb0de606c3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:10:47.0360 4676  RasAcd - ok
23:10:47.0392 4676  [ f6a452eb4ceadbb51c9e0ee6b3ecef0f ] RasAuto         C:\Windows\System32\rasauto.dll
23:10:47.0407 4676  RasAuto - ok
23:10:47.0454 4676  [ a214adbaf4cb47dd2728859ef31f26b0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:10:47.0470 4676  Rasl2tp - ok
23:10:47.0641 4676  [ 75d47445d70ca6f9f894b032fbc64fcf ] RasMan          C:\Windows\System32\rasmans.dll
23:10:47.0735 4676  RasMan - ok
23:10:47.0828 4676  [ 509a98dd18af4375e1fc40bc175f1def ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:10:47.0844 4676  RasPppoe - ok
23:10:47.0891 4676  [ 2005f4a1e05fa09389ac85840f0a9e4d ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:10:47.0891 4676  RasSstp - ok
23:10:47.0984 4676  [ b14c9d5b9add2f84f70570bbbfaa7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:10:48.0109 4676  rdbss - ok
23:10:48.0172 4676  [ 89e59be9a564262a3fb6c4f4f1cd9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:10:48.0187 4676  RDPCDD - ok
23:10:48.0281 4676  [ 0245418224cfa77bf4b41c2fe0622258 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
23:10:48.0374 4676  rdpdr - ok
23:10:48.0390 4676  [ 9d91fe5286f748862ecffa05f8a0710c ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:10:48.0390 4676  RDPENCDD - ok
23:10:48.0484 4676  [ c127ebd5afab31524662c48dfceb773a ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:10:48.0562 4676  RDPWD - ok
23:10:48.0655 4676  [ bcdd6b4804d06b1f7ebf29e53a57ece9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:10:48.0671 4676  RemoteAccess - ok
23:10:48.0718 4676  [ 9e6894ea18daff37b63e1005f83ae4ab ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:10:48.0733 4676  RemoteRegistry - ok
23:10:49.0123 4676  [ ebcde8b48fadc6479d96a56d0a432160 ] RoxMediaDB9     C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
23:10:49.0232 4676  RoxMediaDB9 - ok
23:10:49.0357 4676  [ ab2b1de1c8f31efce2384b14b3dc4260 ] RoxWatch9       C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
23:10:49.0466 4676  RoxWatch9 - ok
23:10:49.0529 4676  [ 5123f83cbc4349d065534eeb6bbdc42b ] RpcLocator      C:\Windows\system32\locator.exe
23:10:49.0544 4676  RpcLocator - ok
23:10:49.0576 4676  [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] RpcSs           C:\Windows\system32\rpcss.dll
23:10:49.0591 4676  RpcSs - ok
23:10:49.0638 4676  [ 9c508f4074a39e8b4b31d27198146fad ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:10:49.0654 4676  rspndr - ok
23:10:49.0669 4676  [ a3e186b4b935905b829219502557314e ] SamSs           C:\Windows\system32\lsass.exe
23:10:49.0669 4676  SamSs - ok
23:10:49.0716 4676  [ 3ce8f073a557e172b330109436984e30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:10:49.0732 4676  sbp2port - ok
23:10:49.0778 4676  [ 77b7a11a0c3d78d3386398fbbea1b632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:10:49.0794 4676  SCardSvr - ok
23:10:49.0950 4676  [ 1a58069db21d05eb2ab58ee5753ebe8d ] Schedule        C:\Windows\system32\schedsvc.dll
23:10:50.0059 4676  Schedule - ok
23:10:50.0090 4676  [ 312ec3e37a0a1f2006534913e37b4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:10:50.0090 4676  SCPolicySvc - ok
23:10:50.0168 4676  [ 716313d9f6b0529d03f726d5aaf6f191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:10:50.0184 4676  SDRSVC - ok
23:10:50.0200 4676  [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:10:50.0200 4676  secdrv - ok
23:10:50.0262 4676  [ fd5199d4d8a521005e4b5ee7fe00fa9b ] seclogon        C:\Windows\system32\seclogon.dll
23:10:50.0262 4676  seclogon - ok
23:10:50.0293 4676  [ a9bbab5759771e523f55563d6cbe140f ] SENS            C:\Windows\System32\sens.dll
23:10:50.0293 4676  SENS - ok
23:10:50.0324 4676  [ 68e44e331d46f0fb38f0863a84cd1a31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
23:10:50.0340 4676  Serenum - ok
23:10:50.0371 4676  [ c70d69a918b178d3c3b06339b40c2e1b ] Serial          C:\Windows\system32\drivers\serial.sys
23:10:50.0387 4676  Serial - ok
23:10:50.0449 4676  [ 8af3d28a879bf75db53a0ee7a4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:10:50.0465 4676  sermouse - ok
23:10:50.0496 4676  [ aac24421fc74d612a7169c4d4a61b48c ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
23:10:50.0496 4676  ServiceLayer - ok
23:10:50.0574 4676  [ d2193326f729b163125610dbf3e17d57 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:10:50.0590 4676  SessionEnv - ok
23:10:50.0652 4676  [ 51cf56aa8bcc241f134b420b8f850406 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:10:50.0652 4676  sffdisk - ok
23:10:50.0683 4676  [ 96ded8b20c734ac41641ce275250e55d ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:10:50.0699 4676  sffp_mmc - ok
23:10:50.0699 4676  [ 8b08cab1267b2c377883fc9e56981f90 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:10:50.0714 4676  sffp_sd - ok
23:10:50.0746 4676  [ 46ed8e91793b2e6f848015445a0ac188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:10:50.0746 4676  sfloppy - ok
23:10:50.0964 4676  [ d9b734638dd8dba9d59aad3189cd0fad ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
23:10:51.0354 4676  Sftfs - ok
23:10:51.0604 4676  [ cb73bc422c07fb611f194da18d1e7f36 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
23:10:51.0869 4676  sftlist - ok
23:10:51.0900 4676  [ 2f61bd46c0bff4eb36e1e359ca17bfc5 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:10:51.0900 4676  Sftplay - ok
23:10:51.0931 4676  [ 518bac0179f94304f422696b47c0ec12 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:10:51.0931 4676  Sftredir - ok
23:10:51.0947 4676  [ 747325236d88b3f05ffd27ff9ec711c5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
23:10:51.0962 4676  Sftvol - ok
23:10:51.0978 4676  [ a5812f0281ca5081bf696626f9bf324d ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
23:10:51.0994 4676  sftvsa - ok
23:10:52.0072 4676  [ c7230fbee14437716701c15be02c27b8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:10:52.0087 4676  ShellHWDetection - ok
23:10:52.0150 4676  [ 08072b2fb92477fc813271a84b3a8698 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:10:52.0150 4676  sisagp - ok
23:10:52.0181 4676  [ cedd6f4e7d84e9f98b34b3fe988373aa ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
23:10:52.0181 4676  SiSRaid2 - ok
23:10:52.0212 4676  [ df843c528c4f69d12ce41ce462e973a7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:10:52.0228 4676  SiSRaid4 - ok
23:10:53.0039 4676  [ 862bb4cbc05d80c5b45be430e5ef872f ] slsvc           C:\Windows\system32\SLsvc.exe
23:10:53.0476 4676  slsvc - ok
23:10:53.0538 4676  [ 6edc422215cd78aa8a9cde6b30abbd35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
23:10:53.0554 4676  SLUINotify - ok
23:10:53.0616 4676  [ 7b75299a4d201d6a6533603d6914ab04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:10:53.0616 4676  Smb - ok
23:10:53.0694 4676  [ 2a146a055b4401c16ee62d18b8e2a032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:10:53.0710 4676  SNMPTRAP - ok
23:10:53.0741 4676  [ 7aebdeef071fe28b0eef2cdd69102bff ] spldr           C:\Windows\system32\drivers\spldr.sys
23:10:53.0741 4676  spldr - ok
23:10:53.0803 4676  [ 8554097e5136c3bf9f69fe578a1b35f4 ] Spooler         C:\Windows\System32\spoolsv.exe
23:10:53.0834 4676  Spooler - ok
23:10:54.0240 4676  sprtsvc_dellsupportcenter - ok
23:10:54.0365 4676  [ 41987f9fc0e61adf54f581e15029ad91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:10:54.0536 4676  srv - ok
23:10:54.0646 4676  [ ff33aff99564b1aa534f58868cbe41ef ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:10:54.0661 4676  srv2 - ok
23:10:54.0692 4676  [ 7605c0e1d01a08f3ecd743f38b834a44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:10:54.0708 4676  srvnet - ok
23:10:54.0755 4676  [ 03d50b37234967433a5ea5ba72bc0b62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:10:54.0770 4676  SSDPSRV - ok
23:10:54.0833 4676  [ 6f1a32e7b7b30f004d9a20afadb14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:10:54.0864 4676  SstpSvc - ok
23:10:55.0051 4676  [ 5de7d67e49b88f5f07f3e53c4b92a352 ] stisvc          C:\Windows\System32\wiaservc.dll
23:10:55.0176 4676  stisvc - ok
23:10:55.0316 4676  [ 51778fd315c9882f1cbd932743e62a72 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:10:55.0332 4676  stllssvr - ok
23:10:55.0363 4676  [ 7ba58ecf0c0a9a69d44b3dca62becf56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:10:55.0379 4676  swenum - ok
23:10:55.0472 4676  [ f21fd248040681cca1fb6c9a03aaa93d ] swprv           C:\Windows\System32\swprv.dll
23:10:55.0628 4676  swprv - ok
23:10:55.0691 4676  [ 192aa3ac01df071b541094f251deed10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
23:10:55.0738 4676  Symc8xx - ok
23:10:55.0800 4676  [ 8c8eb8c76736ebaf3b13b633b2e64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
23:10:55.0816 4676  Sym_hi - ok
23:10:55.0847 4676  [ 8072af52b5fd103bbba387a1e49f62cb ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
23:10:55.0847 4676  Sym_u3 - ok
23:10:56.0065 4676  [ 9a51b04e9886aa4ee90093586b0ba88d ] SysMain         C:\Windows\system32\sysmain.dll
23:10:56.0377 4676  SysMain - ok
23:10:56.0440 4676  [ 2dca225eae15f42c0933e998ee0231c3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:10:56.0440 4676  TabletInputService - ok
23:10:56.0549 4676  [ d7673e4b38ce21ee54c59eeeb65e2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:10:56.0736 4676  TapiSrv - ok
23:10:56.0814 4676  [ cb05822cd9cc6c688168e113c603dbe7 ] TBS             C:\Windows\System32\tbssvc.dll
23:10:56.0830 4676  TBS - ok
23:10:57.0157 4676  [ 27d470dabc77bc60d0a3b0e4deb6cb91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:10:57.0703 4676  Tcpip - ok
23:10:58.0000 4676  [ 27d470dabc77bc60d0a3b0e4deb6cb91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
23:10:58.0015 4676  Tcpip6 - ok
23:10:58.0062 4676  [ 608c345a255d82a6289c2d468eb41fd7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:10:58.0078 4676  tcpipreg - ok
23:10:58.0124 4676  [ 5dcf5e267be67a1ae926f2df77fbcc56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:10:58.0140 4676  TDPIPE - ok
23:10:58.0171 4676  [ 389c63e32b3cefed425b61ed92d3f021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:10:58.0171 4676  TDTCP - ok
23:10:58.0249 4676  [ 76b06eb8a01fc8624d699e7045303e54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:10:58.0265 4676  tdx - ok
23:10:58.0280 4676  [ 3cad38910468eab9a6479e2f01db43c7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:10:58.0280 4676  TermDD - ok
23:10:58.0452 4676  [ bb95da09bef6e7a131bff3ba5032090d ] TermService     C:\Windows\System32\termsrv.dll
23:10:58.0483 4676  TermService - ok
23:10:58.0561 4676  [ c7230fbee14437716701c15be02c27b8 ] Themes          C:\Windows\system32\shsvcs.dll
23:10:58.0592 4676  Themes - ok
23:10:58.0624 4676  [ 1076ffcffaae8385fd62dfcb25ac4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
23:10:58.0639 4676  THREADORDER - ok
23:10:58.0655 4676  [ ec74e77d0eb004bd3a809b5f8fb8c2ce ] TrkWks          C:\Windows\System32\trkwks.dll
23:10:58.0670 4676  TrkWks - ok
23:10:58.0748 4676  [ 97d9d6a04e3ad9b6c626b9931db78dba ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:10:58.0764 4676  TrustedInstaller - ok
23:10:58.0780 4676  [ dcf0f056a2e4f52287264f5ab29cf206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:10:58.0795 4676  tssecsrv - ok
23:10:58.0904 4676  [ caecc0120ac49e3d2f758b9169872d38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
23:10:58.0904 4676  tunmp - ok
23:10:58.0951 4676  [ 300db877ac094feab0be7688c3454a9c ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:10:58.0951 4676  tunnel - ok
23:10:59.0029 4676  [ c3ade15414120033a36c0f293d4a4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:10:59.0029 4676  uagp35 - ok
23:10:59.0092 4676  [ d9728af68c4c7693cb100b8441cbdec6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:10:59.0107 4676  udfs - ok
23:10:59.0170 4676  [ ecef404f62863755951e09c802c94ad5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:10:59.0201 4676  UI0Detect - ok
23:10:59.0263 4676  [ 6d72ef05921abdf59fc45c7ebfe7e8dd ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:10:59.0279 4676  uliagpkx - ok
23:10:59.0326 4676  [ 3cd4ea35a6221b85dcc25daa46313f8d ] uliahci         C:\Windows\system32\drivers\uliahci.sys
23:10:59.0341 4676  uliahci - ok
23:10:59.0372 4676  [ 8514d0e5cd0534467c5fc61be94a569f ] UlSata          C:\Windows\system32\drivers\ulsata.sys
23:10:59.0388 4676  UlSata - ok
23:10:59.0419 4676  [ 38c3c6e62b157a6bc46594fada45c62b ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
23:10:59.0435 4676  ulsata2 - ok
23:10:59.0497 4676  [ 32cff9f809ae9aed85464492bf3e32d2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:10:59.0497 4676  umbus - ok
23:10:59.0560 4676  [ 68308183f4ae0be7bf8ecd07cb297999 ] upnphost        C:\Windows\System32\upnphost.dll
23:10:59.0606 4676  upnphost - ok
23:10:59.0684 4676  [ 83cafcb53201bbac04d822f32438e244 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
23:10:59.0700 4676  USBAAPL - ok
23:10:59.0731 4676  [ 32db9517628ff0d070682aab61e688f0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:10:59.0731 4676  usbaudio - ok
23:10:59.0762 4676  [ caf811ae4c147ffcd5b51750c7f09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:10:59.0762 4676  usbccgp - ok
23:10:59.0809 4676  [ e9476e6c486e76bc4898074768fb7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:10:59.0809 4676  usbcir - ok
23:10:59.0856 4676  [ 79e96c23a97ce7b8f14d310da2db0c9b ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:10:59.0856 4676  usbehci - ok
23:10:59.0887 4676  [ 4673bbcb006af60e7abddbe7a130ba42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:10:59.0903 4676  usbhub - ok
23:10:59.0918 4676  [ 38dbc7dd6cc5a72011f187425384388b ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:10:59.0934 4676  usbohci - ok
23:10:59.0981 4676  [ b51e52acf758be00ef3a58ea452fe360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
23:10:59.0996 4676  usbprint - ok
23:11:00.0043 4676  [ be3da31c191bc222d9ad503c5224f2ad ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:11:00.0059 4676  USBSTOR - ok
23:11:00.0106 4676  [ 814d653efc4d48be3b04a307eceff56f ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:11:00.0106 4676  usbuhci - ok
23:11:00.0137 4676  [ e67998e8f14cb0627a769f6530bcb352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:11:00.0168 4676  usbvideo - ok
23:11:00.0215 4676  [ 1509e705f3ac1d474c92454a5c2dd81f ] UxSms           C:\Windows\System32\uxsms.dll
23:11:00.0230 4676  UxSms - ok
23:11:00.0277 4676  [ cd88d1b7776dc17a119049742ec07eb4 ] vds             C:\Windows\System32\vds.exe
23:11:00.0293 4676  vds - ok
23:11:00.0324 4676  [ 87b06e1f30b749a114f74622d013f8d4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:11:00.0355 4676  vga - ok
23:11:00.0402 4676  [ 2e93ac0a1d8c79d019db6c51f036636c ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:11:00.0402 4676  VgaSave - ok
23:11:00.0433 4676  [ d5929a28bdff4367a12caf06af901971 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:11:00.0449 4676  viaagp - ok
23:11:00.0464 4676  [ 56a4de5f02f2e88182b0981119b4dd98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
23:11:00.0496 4676  ViaC7 - ok
23:11:00.0511 4676  [ f3b4762eb85a2aff4999401f14c3262b ] viaide          C:\Windows\system32\drivers\viaide.sys
23:11:00.0527 4676  viaide - ok
23:11:00.0558 4676  [ 69503668ac66c77c6cd7af86fbdf8c43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:11:00.0574 4676  volmgr - ok
23:11:00.0667 4676  [ 23e41b834759917bfd6b9a0d625d0c28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:11:00.0698 4676  volmgrx - ok
23:11:00.0808 4676  [ 147281c01fcb1df9252de2a10d5e7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:11:00.0823 4676  volsnap - ok
23:11:00.0886 4676  [ d984439746d42b30fc65a4c3546c6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:11:00.0932 4676  vsmraid - ok
23:11:01.0120 4676  [ db3d19f850c6eb32bdcb9bc0836acddb ] VSS             C:\Windows\system32\vssvc.exe
23:11:01.0338 4676  VSS - ok
23:11:01.0447 4676  [ 96ea68b9eb310a69c25ebb0282b2b9de ] W32Time         C:\Windows\system32\w32time.dll
23:11:01.0650 4676  W32Time - ok
23:11:01.0681 4676  [ 48dfee8f1af7c8235d4e626f0c4fe031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:11:01.0697 4676  WacomPen - ok
23:11:01.0744 4676  [ 55201897378cca7af8b5efd874374a26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
23:11:01.0759 4676  Wanarp - ok
23:11:01.0790 4676  [ 55201897378cca7af8b5efd874374a26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:11:01.0790 4676  Wanarpv6 - ok
23:11:01.0915 4676  [ 59e19bd13c3bdb857646b9e436ba27f7 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
23:11:02.0118 4676  WcesComm - ok
23:11:02.0305 4676  [ a3cd60fd826381b49f03832590e069af ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:11:02.0336 4676  wcncsvc - ok
23:11:02.0383 4676  [ 11bcb7afcdd7aadacb5746f544d3a9c7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:11:02.0383 4676  WcsPlugInService - ok
23:11:02.0414 4676  [ afc5ad65b991c1e205cf25cfdbf7a6f4 ] Wd              C:\Windows\system32\drivers\wd.sys
23:11:02.0430 4676  Wd - ok
23:11:02.0524 4676  [ b6f0a7ad6d4bd325fbcd8bac96cd8d96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:11:02.0539 4676  Wdf01000 - ok
23:11:02.0570 4676  [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:11:02.0602 4676  WdiServiceHost - ok
23:11:02.0602 4676  [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:11:02.0602 4676  WdiSystemHost - ok
23:11:02.0680 4676  [ 04c37d8107320312fbae09926103d5e2 ] WebClient       C:\Windows\System32\webclnt.dll
23:11:02.0695 4676  WebClient - ok
23:11:02.0742 4676  [ 905214925a88311fce52f66153de7610 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:11:02.0742 4676  Wecsvc - ok
23:11:02.0773 4676  [ 670ff720071ed741206d69bd995ea453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:11:02.0773 4676  wercplsupport - ok
23:11:02.0851 4676  [ 32b88481d3b326da6deb07b1d03481e7 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:11:02.0867 4676  WerSvc - ok
23:11:02.0867 4676  WinHttpAutoProxySvc - ok
23:11:02.0960 4676  [ 6b2a1d0e80110e3d04e6863c6e62fd8a ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:11:02.0960 4676  Winmgmt - ok
23:11:03.0070 4676  [ 01874d4689c212460fbabf0ecd7cb7f7 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:11:03.0101 4676  WinRM - ok
23:11:03.0194 4676  [ c008405e4feeb069e30da1d823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:11:03.0288 4676  Wlansvc - ok
23:11:03.0304 4676  [ 701a9f884a294327e9141d73746ee279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:11:03.0319 4676  WmiAcpi - ok
23:11:03.0366 4676  [ 43be3875207dcb62a85c8c49970b66cc ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:11:03.0366 4676  wmiApSrv - ok
23:11:03.0413 4676  [ 3978704576a121a9204f8cc49a301a9b ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:11:03.0428 4676  WMPNetworkSvc - ok
23:11:03.0491 4676  [ cfc5a04558f5070cee3e3a7809f3ff52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:11:03.0491 4676  WPCSvc - ok
23:11:03.0522 4676  [ 396d406292b0cd26e3504ffe82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:11:03.0538 4676  WPDBusEnum - ok
23:11:03.0600 4676  [ 0cec23084b51b8288099eb710224e955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
23:11:03.0616 4676  WpdUsb - ok
23:11:03.0631 4676  [ e3a3cb253c0ec2494d4a61f5e43a389c ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:11:03.0647 4676  ws2ifsl - ok
23:11:03.0694 4676  [ 1ca6c40261ddc0425987980d0cd2aaab ] wscsvc          C:\Windows\System32\wscsvc.dll
23:11:03.0709 4676  wscsvc - ok
23:11:03.0709 4676  WSearch - ok
23:11:04.0021 4676  [ fc3ec24fce372c89423e015a2ac1a31e ] wuauserv        C:\Windows\system32\wuaueng.dll
23:11:04.0177 4676  wuauserv - ok
23:11:04.0208 4676  [ ac13cb789d93412106b0fb6c7eb2bcb6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:11:04.0224 4676  WUDFRd - ok
23:11:04.0286 4676  [ 575a4190d989f64732119e4114045a4f ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:11:04.0302 4676  wudfsvc - ok
23:11:04.0302 4676  ================ Scan global ===============================
23:11:04.0333 4676  (f31eebc1a1c81fd04005489cc3dcdfe7) C:\Windows\system32\basesrv.dll
23:11:04.0396 4676  (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
23:11:04.0411 4676  (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
23:11:04.0474 4676  (8737764f4fd36d6808ee80578409c843) C:\Windows\system32\services.exe
23:11:04.0489 4676  C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - infected
23:11:04.0489 4676  C:\Windows\system32\services.exe - detected Virus.Win32.ZAccess.m (0)
23:11:04.0489 4676  ================ Scan MBR ==================================
23:11:04.0520 4676  MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:11:05.0144 4676  \Device\Harddisk0\DR0 - ok
23:11:05.0144 4676  ================ Scan VBR ==================================
23:11:05.0160 4676  Boot (0x1200)   (8157b6ff97634fb88e2154b8f74a83ee) \Device\Harddisk0\DR0\Partition1
23:11:05.0191 4676  \Device\Harddisk0\DR0\Partition1 - ok
23:11:05.0207 4676  Boot (0x1200)   (2185a465faa2c1a84d208ab52f7ab9ac) \Device\Harddisk0\DR0\Partition2
23:11:05.0222 4676  \Device\Harddisk0\DR0\Partition2 - ok
23:11:05.0222 4676  ============================================================
23:11:05.0222 4676  Scan finished
23:11:05.0222 4676  ============================================================
23:11:05.0238 5240  Detected object count: 1
23:11:05.0238 5240  Actual detected object count: 1
23:11:27.0546 5240  C:\Windows\system32\services.exe - copied to quarantine
23:11:32.0663 5240  C:\Windows\assembly\GAC\desktop.ini - copied to quarantine
23:11:33.0933 5240  C:\Windows\installer\{8fd73304-7a8a-992e-846b-74f58997d6f1}\@ - copied to quarantine
23:11:33.0971 5240  C:\Windows\installer\{8fd73304-7a8a-992e-846b-74f58997d6f1}\n - copied to quarantine
23:11:34.0174 5240  C:\Windows\installer\{8fd73304-7a8a-992e-846b-74f58997d6f1}\U\00000008.@ - copied to quarantine
23:11:54.0155 5240  Backup copy found, using it..
23:11:58.0399 5240  C:\Windows\assembly\GAC\desktop.ini - will be deleted on reboot
23:11:58.0492 5240  C:\Windows\installer\{8fd73304-7a8a-992e-846b-74f58997d6f1}\@ - will be deleted on reboot
23:11:58.0492 5240  C:\Windows\installer\{8fd73304-7a8a-992e-846b-74f58997d6f1}\n - will be deleted on reboot
23:11:58.0492 5240  C:\Windows\installer\{8fd73304-7a8a-992e-846b-74f58997d6f1}\U\00000008.@ - will be deleted on reboot
23:11:58.0492 5240  C:\Windows\system32\services.exe - will be cured on reboot
23:11:58.0492 5240  C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Cure 
23:12:15.0876 6056  Deinitialize success
         
ok die tdss-logs hätte ich finden müssen, sry -.-
bei avast aber finde ich unter deinem dateipfad nichts, im programmordner von avast auch nicht...


Alt 21.08.2012, 13:24   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) - Standard

Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)



Dann lassen wir das mit den Avast-Logs

Bitte erstmal routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
--> Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)

Alt 22.08.2012, 18:06   #7
kicker
 
Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) - Standard

Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)



malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.22.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Paul :: PAUL-PC [Administrator]

Schutz: Aktiviert

22.08.2012 14:05:24
mbam-log-2012-08-22 (14-05-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|J:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 440438
Laufzeit: 2 Stunde(n), 14 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
eset:

Code:
ATTFilter
 ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b57a498a4b8d434aaa77f3c2d3e20194
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-16 01:42:19
# local_time=2012-08-16 03:42:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 75569012 75569012 0 0
# compatibility_mode=768 16777215 100 0 75567141 75567141 0 0
# compatibility_mode=5892 16776573 100 100 3496 182654938 0 0
# compatibility_mode=8192 67108863 100 0 359 359 0 0
# scanned=60350
# found=0
# cleaned=0
# scan_time=2329
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b57a498a4b8d434aaa77f3c2d3e20194
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-22 04:42:15
# local_time=2012-08-22 06:42:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 76092632 76092632 0 0
# compatibility_mode=768 16777215 100 0 76090761 76090761 0 0
# compatibility_mode=5892 16776573 100 100 68854 183178558 0 0
# compatibility_mode=8192 67108863 100 0 523979 523979 0 0
# scanned=265410
# found=1
# cleaned=0
# scan_time=7904
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\47204bdb-20af3d88	multiple threats (unable to clean)	00000000000000000000000000000000	I
         

Alt 30.08.2012, 13:05   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) - Standard

Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.08.2012, 10:37   #9
kicker
 
Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) - Standard

Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)



adwcleaner:

Code:
ATTFilter
 # AdwCleaner v2.000 - Datei am 08/31/2012 um 11:35:54 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Paul - PAUL-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TXUCCWU\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
Datei Gefunden : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
Datei Gefunden : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
Datei Gefunden : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Datei Gefunden : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\searchplugins\aol-web-search.xml
Ordner Gefunden : C:\Program Files\Common Files\Software Update Utility
Ordner Gefunden : C:\Program Files\Winamp Toolbar
Ordner Gefunden : C:\ProgramData\Winamp Toolbar
Ordner Gefunden : C:\Users\Paul\AppData\Local\Winamp Toolbar
Ordner Gefunden : C:\Users\Paul\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\Conduit
Ordner Gefunden : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\CT2269050
Ordner Gefunden : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Ordner Gefunden : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gefunden : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\WinampToolbarData

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gefunden : HKCU\Software\Winamp Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdate
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2857573
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gefunden : HKLM\Software\Winamp Toolbar
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v3.0.5 (de)

Profilname : default 
Datei : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\prefs.js

Gefunden : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2269050.CTID", "CT2269050");
Gefunden : user_pref("CT2269050.CurrentServerDate", "27-7-2012");
Gefunden : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2269050.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2269050.EMailNotifierPollDate", "Fri Jul 27 2012 10:51:05 GMT+0200");
Gefunden : user_pref("CT2269050.FirstServerDate", "7-8-2010");
Gefunden : user_pref("CT2269050.FirstTime", true);
Gefunden : user_pref("CT2269050.FirstTimeFF3", true);
Gefunden : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gefunden : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2269050.Initialize", true);
Gefunden : user_pref("CT2269050.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gefunden : user_pref("CT2269050.InstalledDate", "Sat Aug 07 2010 18:15:23 GMT+0200");
Gefunden : user_pref("CT2269050.InvalidateCache", false);
Gefunden : user_pref("CT2269050.IsGrouping", false);
Gefunden : user_pref("CT2269050.IsMulticommunity", false);
Gefunden : user_pref("CT2269050.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2269050.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Jul 27 2012 10:46:05 GMT+0200");
Gefunden : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2269050.LastLogin_2.7.0.14", "Fri Jul 27 2012 10:46:05 GMT+0200");
Gefunden : user_pref("CT2269050.LatestVersion", "3.14.1.0");
Gefunden : user_pref("CT2269050.Locale", "en");
Gefunden : user_pref("CT2269050.LoginCache", 4);
Gefunden : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2269050.RadioIsPodcast", false);
Gefunden : user_pref("CT2269050.RadioLastCheckTime", "Fri Jul 27 2012 10:46:05 GMT+0200");
Gefunden : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gefunden : user_pref("CT2269050.RadioMediaID", "12473383");
Gefunden : user_pref("CT2269050.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gefunden : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gefunden : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gefunden : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gefunden : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Jul 27 2012 10:46:04 GMT+0200");
Gefunden : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gefunden : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2269050.SettingsLastCheckTime", "Fri Jul 27 2012 10:46:04 GMT+0200");
Gefunden : user_pref("CT2269050.SettingsLastUpdate", "1341904940");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Fri Jul 27 2012 10:46:03 GMT+0200");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997");
Gefunden : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Gefunden : user_pref("CT2269050.UserID", "UN75293547708824586");
Gefunden : user_pref("CT2269050.ValidationData_Toolbar", 2);
Gefunden : user_pref("CT2269050.WeatherNetwork", "");
Gefunden : user_pref("CT2269050.WeatherPollDate", "Fri Jul 27 2012 10:46:05 GMT+0200");
Gefunden : user_pref("CT2269050.WeatherUnit", "C");
Gefunden : user_pref("CT2269050.alertChannelId", "666138");
Gefunden : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "2423");
Gefunden : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6F7273746D6E7272");
Gefunden : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737578797A73747878242F4B4947[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Gefunden : user_pref("CT2269050.backendstorage./9b-0?3g>d", "6F6A3F72427071707A4279717620497D784E25207B4E252A21[...]
Gefunden : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Gefunden : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Gefunden : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Gefunden : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6E6A68707374757677");
Gefunden : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]
Gefunden : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "686E3B3E407171447A4373747B73474C4D794D7E4D");
Gefunden : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F7273746D6E7278727979");
Gefunden : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Gefunden : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Gefunden : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Gefunden : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gefunden : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Gefunden : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gefunden : user_pref("CT2269050.clientLogIsEnabled", false);
Gefunden : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2269050.myStuffEnabled", true);
Gefunden : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jul 27 2012 10:46:03 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jul 27 2012 10:46:03 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "{edbce42a-7b3d-4ed2-83a2-af4ce181bf83}");
Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Feb 15 2011 11:35:49 GMT+0100");
Gefunden : user_pref("aol_toolbar.surf.date", "8");
Gefunden : user_pref("aol_toolbar.surf.lastDate", "27");
Gefunden : user_pref("aol_toolbar.surf.lastMonth", "6");
Gefunden : user_pref("aol_toolbar.surf.lastYear", "2012");
Gefunden : user_pref("aol_toolbar.surf.month", "8");
Gefunden : user_pref("aol_toolbar.surf.prevMonth", "5");
Gefunden : user_pref("aol_toolbar.surf.total", "426");
Gefunden : user_pref("aol_toolbar.surf.week", "8");
Gefunden : user_pref("aol_toolbar.surf.year", "36");
Gefunden : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_335[...]
Gefunden : user_pref("winamp_toolbar.firsttime.showwindow", false);
Gefunden : user_pref("winamp_toolbar.guid", "{225AFBE5-921B-D3FA-E1E3-D9533A55DAA9}");
Gefunden : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.14.1");
Gefunden : user_pref("winamp_toolbar.metrics.activestampdate", "27");
Gefunden : user_pref("winamp_toolbar.metrics.activestampmonth", "6");
Gefunden : user_pref("winamp_toolbar.metrics.activestampyear", "2012");
Gefunden : user_pref("winamp_toolbar.metrics.originalDate", "15");
Gefunden : user_pref("winamp_toolbar.metrics.originalHours", "15");
Gefunden : user_pref("winamp_toolbar.metrics.originalMinutes", "35");
Gefunden : user_pref("winamp_toolbar.metrics.originalMonth", "2");
Gefunden : user_pref("winamp_toolbar.metrics.originalSeconds", "52");
Gefunden : user_pref("winamp_toolbar.metrics.originalYear", "2011");
Gefunden : user_pref("winamp_toolbar.remote.publish.xml", "1343378766257");
Gefunden : user_pref("winamp_toolbar.search.cid", "22-06-2011");
Gefunden : user_pref("winamp_toolbar.search.instd", "20110622203055990");
Gefunden : user_pref("winamp_toolbar.search.oid", "15-02-2011");
Gefunden : user_pref("winamp_toolbar.search.populateoncomplete", false);
Gefunden : user_pref("winamp_toolbar.search.searchtype", "web");
Gefunden : user_pref("winamp_toolbar.search.source", "tb50-ff-winamp");
Gefunden : user_pref("winamp_toolbar.skin.custom", true);
Gefunden : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Gefunden : user_pref("winamp_toolbar.upgrade.showwindow", false);
Gefunden : user_pref("winamp_toolbar.winamp.appversion", "1");
Gefunden : user_pref("winamp_toolbar.winamp.artist", "");
Gefunden : user_pref("winamp_toolbar.winamp.button.focus", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.forward", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.open", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.pause", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.play", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.rewind", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.stop", false);
Gefunden : user_pref("winamp_toolbar.winamp.button.volume", true);
Gefunden : user_pref("winamp_toolbar.winamp.info.url", "hxxp://music.aol.com/artist/{artist}");
Gefunden : user_pref("winamp_toolbar.winamp.ticker.show", true);
Gefunden : user_pref("winamp_toolbar.winamp.title", "-999999");
Gefunden : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Gefunden : user_pref("winamp_toolbar.winamp.tracktime", "-999999");

*************************

AdwCleaner[R1].txt - [22832 octets] - [31/08/2012 11:35:55]

########## EOF - C:\AdwCleaner[R1].txt - [22893 octets] ##########
         

Alt 31.08.2012, 11:09   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) - Standard

Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.09.2012, 17:56   #11
kicker
 
Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) - Standard

Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)



Code:
ATTFilter
 # AdwCleaner v2.000 - Datei am 09/02/2012 um 18:50:07 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Paul - PAUL-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LZD2VRN\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
Datei Gelöscht : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
Datei Gelöscht : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
Datei Gelöscht : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Datei Gelöscht : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\searchplugins\aol-web-search.xml
Ordner Gelöscht : C:\Program Files\Common Files\Software Update Utility
Ordner Gelöscht : C:\Program Files\Winamp Toolbar
Ordner Gelöscht : C:\ProgramData\Winamp Toolbar
Ordner Gelöscht : C:\Users\Paul\AppData\Local\Winamp Toolbar
Ordner Gelöscht : C:\Users\Paul\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\Conduit
Ordner Gelöscht : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\CT2269050
Ordner Gelöscht : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Ordner Gelöscht : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\WinampToolbarData

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2857573
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\Software\Winamp Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v3.0.5 (de)

Profilname : default 
Datei : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\prefs.js

Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "27-7-2012");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Fri Jul 27 2012 10:51:05 GMT+0200");
Gelöscht : user_pref("CT2269050.FirstServerDate", "7-8-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Sat Aug 07 2010 18:15:23 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Jul 27 2012 10:46:05 GMT+0200");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.0.14", "Fri Jul 27 2012 10:46:05 GMT+0200");
Gelöscht : user_pref("CT2269050.LatestVersion", "3.14.1.0");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Fri Jul 27 2012 10:46:05 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Jul 27 2012 10:46:04 GMT+0200");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Fri Jul 27 2012 10:46:04 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1341904940");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Fri Jul 27 2012 10:46:03 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Gelöscht : user_pref("CT2269050.UserID", "UN75293547708824586");
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Fri Jul 27 2012 10:46:05 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "2423");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6F7273746D6E7272");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737578797A73747878242F4B4947[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g>d", "6F6A3F72427071707A4279717620497D784E25207B4E252A21[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Gelöscht : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6E6A68707374757677");
Gelöscht : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "686E3B3E407171447A4373747B73474C4D794D7E4D");
Gelöscht : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F7273746D6E7278727979");
Gelöscht : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Gelöscht : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Gelöscht : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Gelöscht : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Gelöscht : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jul 27 2012 10:46:03 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jul 27 2012 10:46:03 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{edbce42a-7b3d-4ed2-83a2-af4ce181bf83}");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Feb 15 2011 11:35:49 GMT+0100");
Gelöscht : user_pref("aol_toolbar.surf.date", "8");
Gelöscht : user_pref("aol_toolbar.surf.lastDate", "27");
Gelöscht : user_pref("aol_toolbar.surf.lastMonth", "6");
Gelöscht : user_pref("aol_toolbar.surf.lastYear", "2012");
Gelöscht : user_pref("aol_toolbar.surf.month", "8");
Gelöscht : user_pref("aol_toolbar.surf.prevMonth", "5");
Gelöscht : user_pref("aol_toolbar.surf.total", "426");
Gelöscht : user_pref("aol_toolbar.surf.week", "8");
Gelöscht : user_pref("aol_toolbar.surf.year", "36");
Gelöscht : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_335[...]
Gelöscht : user_pref("winamp_toolbar.firsttime.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.guid", "{225AFBE5-921B-D3FA-E1E3-D9533A55DAA9}");
Gelöscht : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.14.1");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampdate", "27");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampmonth", "6");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampyear", "2012");
Gelöscht : user_pref("winamp_toolbar.metrics.originalDate", "15");
Gelöscht : user_pref("winamp_toolbar.metrics.originalHours", "15");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMinutes", "35");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMonth", "2");
Gelöscht : user_pref("winamp_toolbar.metrics.originalSeconds", "52");
Gelöscht : user_pref("winamp_toolbar.metrics.originalYear", "2011");
Gelöscht : user_pref("winamp_toolbar.remote.publish.xml", "1343378766257");
Gelöscht : user_pref("winamp_toolbar.search.cid", "22-06-2011");
Gelöscht : user_pref("winamp_toolbar.search.instd", "20110622203055990");
Gelöscht : user_pref("winamp_toolbar.search.oid", "15-02-2011");
Gelöscht : user_pref("winamp_toolbar.search.populateoncomplete", false);
Gelöscht : user_pref("winamp_toolbar.search.searchtype", "web");
Gelöscht : user_pref("winamp_toolbar.search.source", "tb50-ff-winamp");
Gelöscht : user_pref("winamp_toolbar.skin.custom", true);
Gelöscht : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Gelöscht : user_pref("winamp_toolbar.upgrade.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.winamp.appversion", "1");
Gelöscht : user_pref("winamp_toolbar.winamp.artist", "");
Gelöscht : user_pref("winamp_toolbar.winamp.button.focus", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.forward", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.open", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.pause", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.play", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.rewind", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.stop", false);
Gelöscht : user_pref("winamp_toolbar.winamp.button.volume", true);
Gelöscht : user_pref("winamp_toolbar.winamp.info.url", "hxxp://music.aol.com/artist/{artist}");
Gelöscht : user_pref("winamp_toolbar.winamp.ticker.show", true);
Gelöscht : user_pref("winamp_toolbar.winamp.title", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracktime", "-999999");

*************************

AdwCleaner[R1].txt - [22963 octets] - [31/08/2012 11:35:55]
AdwCleaner[S1].txt - [23338 octets] - [02/09/2012 18:50:07]

########## EOF - C:\AdwCleaner[S1].txt - [23399 octets] ##########
         

Alt 03.09.2012, 19:30   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) - Standard

Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.09.2012, 23:01   #13
kicker
 
Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) - Standard

Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.09.2012 23:24:41 - Run 1
OTL by OldTimer - Version 3.2.60.0     Folder = C:\Users\Paul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,58% Memory free
4,94 Gb Paging File | 4,09 Gb Available in Paging File | 82,87% Paging File free
Paging file location(s): c:\pagefile.sys 3067 12000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,78 Gb Total Space | 5,79 Gb Free Space | 2,60% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,03 Gb Free Space | 60,30% Space Free | Partition Type: NTFS
 
Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{194D1F7D-D3C6-4E1B-B7C1-84624B59EFB8}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{31BF0651-1F24-43AB-A5DB-FABC6B267A47}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{A5F0A65B-B9AB-4350-A55D-EBFC9A91847C}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"UDP Query User{8E5E79BA-3867-4D70-854D-103C2AAF3401}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{D2283D54-46A5-46CB-A32E-7C2F9A5685D1}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"UDP Query User{E93636B0-BD1C-4068-A410-AA48E2234F1A}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02091327-B124-4216-9D71-58C0E24F5392}" = Nokia PC Suite
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DE20748-45A5-6CD9-610E-F881A34E7342}" = Catalyst Control Center Localization Arabic
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{150C58DD-54ED-4697-AAA5-16F037C9F7EF}" = Kane and Lynch Dead Men Demo
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{15CC10AB-4266-210D-E2D2-03089C25A028}" = CCC Help English
"{1603C7DC-358B-97AF-B451-B2DDAC734117}" = Catalyst Control Center Localization French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{214030BC-490D-57D4-2547-D0D4ECC851A5}" = Catalyst Control Center Localization Japanese
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25F28E36-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne Demo
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B98E4C3-AABC-9594-3219-A6EB60006C2C}" = Catalyst Control Center Graphics Full Existing
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2C698DB8-0D99-5A27-DA3D-A3414FC5DBA7}" = Catalyst Control Center Graphics Light
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31DBBB49-CAC2-984A-64CA-A88102056E10}" = CCC Help German
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.2.1
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3BFFC6B8-4EC0-4240-858C-998FD4077983}" = Nokia Connectivity Cable Driver
"{3D26D137-EA12-4D31-8326-226EA0A819A9}" = Moorhuhn Kart XL
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{412FECA2-836F-3DF6-A302-924CEC5B4DE2}" = CCC Help Spanish
"{46ACAEB5-365A-74BB-D405-980EA4FE3545}" = CCC Help Japanese
"{4AAB7E8F-1C71-E364-458F-5A6797670157}" = Catalyst Control Center Graphics Full New
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{501BB464-E875-4E1E-9CF4-8C445DDAE01E}" = Tom Clancy's Splinter Cell Double Agent Demo
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65E6362A-B878-4A7B-86DA-D16F8DBD75C7}" = ccc-core-static
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69EA6470-D4D3-49A3-89C8-0530C416ADB9}" = Need For Speed Hot Pursuit 2 Demo
"{6DD45BD7-DB28-E59F-8239-CF6816AE1FA4}" = Skins
"{70D52D20-82A5-43CC-85C1-C994FA2EC591}" = Tom Clancy's Rainbow Six: Lockdown Demo
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C8DECD-5948-F3DB-6B38-B7AF881647A6}" = ATI Catalyst Install Manager
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C73966-AED3-5ACB-B438-B47E9B1FB2E3}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{794F49F0-2A44-EE74-62FE-22FD68953A25}" = ccc-utility
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7CD5F286-FF0A-E638-8143-0E258E3C17E2}" = CCC Help Thai
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{98698CC8-F4C4-A0A7-F521-8547DDD1BB6B}" = Catalyst Control Center Localization Chinese Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B651AD20-D522-2D6F-3AC7-A5F625FCB283}" = Catalyst Control Center Core Implementation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C3E2D64C-1B8E-D142-A76F-DEAC02AFF4FA}" = CCC Help Polish
"{C5145CD4-4F74-C986-F86B-F57F3995C59B}" = Catalyst Control Center Localization Arabic
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8D524C0-FBD2-C4F0-2446-912EABA681E0}" = CCC Help Portuguese
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CCF7F09E-A1C5-7D81-437D-B2DC347CC52E}" = Catalyst Control Center Localization Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEEE47BB-4AB7-9AEB-2212-ECC6D05DDC74}" = Catalyst Control Center Localization Italian
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D71B45B0-70B5-12BA-4ACF-2CEC94FE8A06}" = CCC Help Korean
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E7744050-4D6F-1280-5331-2EA048B51E94}" = Catalyst Control Center Localization Arabic
"{ECA80341-4BFB-172D-EC5D-64FD8DD41F5A}" = Catalyst Control Center Localization German
"{ECBEB9C6-CC47-70F7-E939-1E20E3BEEC8F}" = Catalyst Control Center Localization Korean
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4FA8AC4-6B6A-CAA6-8E44-FC64227CC4F7}" = CCC Help Italian
"{F6412237-45F7-B34B-0803-4D77E2D39D0C}" = Catalyst Control Center Localization Chinese Traditional
"{FD01FEBF-376F-F125-09F8-E94B04D21E77}" = CCC Help French
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FF001690-A829-9DFD-9EF6-DA285783C49C}" = CCC Help Chinese Traditional
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"ASIO4ALL" = ASIO4ALL
"Aston Martin Screensaver" = Aston Martin Screensaver
"Aston Martin Vanquish V12 S Screensaver" = Aston Martin Vanquish V12 S Screensaver
"ATITool" = ATITool Overclocking Utility
"avast" = avast! Free Antivirus
"Clean Virus MSN_is1" = Clean Virus MSN
"Collab" = Collab
"Counter-Strike: Source" = Counter-Strike: Source
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driving Speed 2_is1" = Driving Speed 2.0
"eMule" = eMule
"ESET Online Scanner" = ESET Online Scanner v3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FL Studio 7" = FL Studio 7
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Convert to DIVX AVI WMV MP4 MPEG Converter_is1" = Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"InstallShield_{69EA6470-D4D3-49A3-89C8-0530C416ADB9}" = Need For Speed Hot Pursuit 2 Demo
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"MAGIX Music Maker 2008 Producer Edition Trial D" = MAGIX Music Maker 2008 Producer Edition Trial 13.0.1.11 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"myGamersCam" = myGamersCam 1.2
"Need For Speed II SE" = Need For Speed II SE
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"Operation Flashpoint" = Operation Flashpoint (Uninstall via Start Menu shortcut)
"Ots CD Scratch 1200" = Ots CD Scratch 1200 1.00.044
"OtsTurntables Free" = OtsTurntables Free 1.00.027
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.111
"RealPlayer 15.0" = RealPlayer
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"StationRipper" = StationRipper 2.87
"SystemRequirementsLab" = System Requirements Lab
"TmNationsForever_is1" = TmNationsForever
"tt2_demo_is1" = Terrorist Takedown 2 DEMO (1.01)
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2215733643-3358093249-3991178509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.08.2012 05:32:35 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
 0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xb00, Anwendungsstartzeit
 01cd875b8596f639.
 
Error - 01.09.2012 03:50:10 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
 0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xef0, Anwendungsstartzeit
 01cd881658bb8eb3.
 
Error - 01.09.2012 03:51:55 | Computer Name = Paul-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16448 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 5e8  Anfangszeit: 01cd88167e55a7f3  Zeitpunkt
 der Beendigung: 0
 
Error - 02.09.2012 12:41:18 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
 0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xd40, Anwendungsstartzeit
 01cd8929a67b2557.
 
Error - 02.09.2012 12:52:15 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
 0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xf08, Anwendungsstartzeit
 01cd892b496610e5.
 
Error - 02.09.2012 16:45:50 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
 0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x435c6465,  Prozess-ID 0x20c, Anwendungsstartzeit
 01cd894b83cdcba5.
 
Error - 03.09.2012 04:39:34 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
 0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xf9c, Anwendungsstartzeit
 01cd89af659d2211.
 
Error - 03.09.2012 10:34:55 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
 0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xe64, Anwendungsstartzeit
 01cd89e1319ffa67.
 
Error - 03.09.2012 11:27:26 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
 0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x01ad6200,  Prozess-ID 0xe98, Anwendungsstartzeit
 01cd89e89a9f62cb.
 
Error - 03.09.2012 17:14:48 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
 0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xe44, Anwendungsstartzeit
 01cd8a1920867f3e.
 
[ System Events ]
Error - 30.08.2012 18:39:44 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.08.2012 05:33:30 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.09.2012 03:50:47 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.09.2012 12:41:41 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.09.2012 12:53:18 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.09.2012 16:30:14 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.09.2012 04:38:56 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.09.2012 10:35:30 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.09.2012 11:28:24 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.09.2012 17:15:40 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---

Alt 04.09.2012, 13:36   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) - Standard

Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)



Wieso nur die Extras? Das andere Log ist viel wichtiger
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.09.2012, 21:54   #15
kicker
 
Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) - Standard

Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)



sry, hatte mich verguckt...

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.09.2012 23:24:41 - Run 1
OTL by OldTimer - Version 3.2.60.0     Folder = C:\Users\Paul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,58% Memory free
4,94 Gb Paging File | 4,09 Gb Available in Paging File | 82,87% Paging File free
Paging file location(s): c:\pagefile.sys 3067 12000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,78 Gb Total Space | 5,79 Gb Free Space | 2,60% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,03 Gb Free Space | 60,30% Space Free | Partition Type: NTFS
 
Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.03 23:23:37 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.15 11:41:33 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2012.05.29 16:55:56 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.05.11 15:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.04.04 15:05:56 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.05.31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\562B.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2007.04.29 10:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.04.04 15:05:54 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.10.10 08:54:34 | 000,138,240 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006.10.10 08:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006.10.10 08:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006.10.10 08:54:32 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (Nokia USB Generic)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3071221
IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - No CLSID value found
IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1456
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.14.1
FF - prefs.js..extensions.enabledItems: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Paul\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.15 20:28:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.08.21 21:15:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.15 11:45:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.02 18:50:13 | 000,000,000 | ---D | M]
 
[2008.11.08 21:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Extensions
[2012.09.02 18:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions
[2009.11.21 09:31:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.02 00:53:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.27 20:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.12 01:05:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.21 21:15:56 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012.08.12 01:05:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.15 20:28:57 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\PAUL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V13IL3TT.DEFAULT\EXTENSIONS\{0B38152B-1B20-484D-A11F-5E04A9B0661F}
File not found (No name found) -- C:\USERS\PAUL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V13IL3TT.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
[2012.06.15 11:42:37 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.01.01 16:58:22 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"hxxp://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp;jsessionid=F9C9205408D9F59EAA745678E7F76607.icc_euro?RT=1337443640288" File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Paul\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6493CB48-7F85-46D7-AE1F-8F60556E23B4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FA9BFC4-8DE8-4444-8520-41FCAFD46533}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{22372fc1-9398-11dd-a7c8-001d097750a6}\Shell\AutoRun\command - "" = gjn2pjlw.exe
O33 - MountPoints2\{22372fc1-9398-11dd-a7c8-001d097750a6}\Shell\explore\Command - "" = gjn2pjlw.exe
O33 - MountPoints2\{22372fc1-9398-11dd-a7c8-001d097750a6}\Shell\open\Command - "" = gjn2pjlw.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: 24085153.sys - Driver
SafeBootMin: 48571756.sys - Driver
SafeBootMin: 65557285.sys - Driver
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: 24085153.sys - Driver
SafeBootNet: 48571756.sys - Driver
SafeBootNet: 65557285.sys - Driver
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: ccc-core-static - msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.03 23:23:32 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2012.08.19 18:34:44 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012.08.16 14:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.16 13:27:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012.08.16 12:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.08.15 21:44:22 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Winamp
[2012.08.15 19:03:48 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Dateien Umzug
[2012.08.15 10:19:35 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\AV
[2012.08.15 08:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012.08.14 23:11:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.08.12 01:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2010.03.26 07:48:53 | 005,115,824 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Paul\mbam-setup.exe
[2010.03.26 00:48:02 | 058,172,520 | ---- | C] (Kaspersky Lab) -- C:\Users\Paul\kav9.0.0.459DE.exe
[2010.03.26 00:38:52 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Paul\HJTInstall.exe
[2010.03.26 00:20:04 | 009,823,176 | ---- | C] (Microsoft Corporation) -- C:\Users\Paul\windows-kb890830-v3.5.exe
[2009.10.15 17:11:07 | 021,128,536 | ---- | C] (DivX, Inc.) -- C:\Users\Paul\DivXInstaller72.exe
[2009.08.27 20:20:30 | 001,875,076 | ---- | C] (Password Recovery Magic Studio Ltd.                         ) -- C:\Users\Paul\RAR-Password-Recovery-Magic.exe
[2009.07.01 14:39:57 | 077,690,152 | ---- | C] (Apple Inc.) -- C:\Users\Paul\iTunesSetup.exe
[2007.12.29 19:21:46 | 044,575,761 | ---- | C] (Phenomedia AG                                               ) -- C:\Program Files\Setup_Moorhuhn_Kart_XL.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.03 23:23:37 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2012.09.03 23:14:00 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.03 23:14:00 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.03 23:13:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.03 19:06:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.26 14:34:23 | 000,308,402 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.26 14:34:23 | 000,210,908 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.26 14:34:23 | 000,061,620 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.26 14:34:23 | 000,038,804 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.21 21:23:06 | 000,000,005 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mbam.context.scan
[2012.08.21 21:15:57 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.08.15 21:44:59 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012.08.15 20:55:18 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.15 20:51:17 | 000,338,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.15 20:32:16 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.08.15 09:26:16 | 000,000,000 | ---- | M] () -- C:\Users\Paul\defogger_reenable
[2012.08.12 01:04:15 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.08.09 12:55:36 | 000,002,912 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.21 21:23:06 | 000,000,005 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\mbam.context.scan
[2012.08.15 21:44:59 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012.08.15 20:32:16 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.08.15 09:26:16 | 000,000,000 | ---- | C] () -- C:\Users\Paul\defogger_reenable
[2012.08.14 22:36:13 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.12 01:04:15 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.01.18 13:50:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.01.18 13:50:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.01.18 13:49:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.01.02 17:41:30 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.01.02 17:41:26 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2011.01.02 17:41:26 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.01.02 17:41:26 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.01.02 17:41:25 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.01.02 17:32:27 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2010.08.25 11:15:06 | 000,221,584 | ---- | C] () -- C:\Users\Paul\controller.pdf
[2010.08.08 18:49:20 | 077,796,050 | ---- | C] () -- C:\Users\Paul\gameskeebrake.zip
[2010.07.11 10:14:25 | 003,364,153 | ---- | C] () -- C:\Users\Paul\Upside_(feat._Michelle_Breeze).mp3
[2010.06.02 01:34:57 | 057,817,611 | ---- | C] () -- C:\Users\Paul\Kano_-_Kano_Mixtape.rar
[2010.06.02 00:28:59 | 068,414,451 | ---- | C] () -- C:\Users\Paul\Kano_-_Beats_And_Bars__2005___www.beatboxradioshow.blogspot.com_.rar
[2010.06.01 23:48:36 | 056,687,361 | ---- | C] () -- C:\Users\Paul\Kano-Beats_&_Bars_(2005).zip
[2010.05.29 17:19:04 | 010,871,495 | ---- | C] () -- C:\Users\Paul\Usher_-_OMG_(Feat._Will.I.Am).mp3
[2010.05.13 12:46:05 | 006,469,101 | ---- | C] () -- C:\Users\Paul\Justin_Timberlake_-_Rock_Your_Body.mp3
[2010.05.13 12:25:33 | 003,966,046 | ---- | C] () -- C:\Users\Paul\three 6 mafia feat. tiesto, sean kingston & flo rida - feel it.mp3.mp3
[2010.05.13 12:17:21 | 007,670,478 | ---- | C] () -- C:\Users\Paul\10__Dizzee_Rascal_-_Holiday_[Ft._Chrome].mp3
[2010.05.08 19:26:30 | 007,946,244 | ---- | C] () -- C:\Users\Paul\Surkin_-_Radio_Fireworks_(Riot_In_Belgium_Second_Remix).mp3
[2010.05.08 18:56:11 | 004,235,328 | ---- | C] () -- C:\Users\Paul\Bob_Marley_Vs._Funkstar_Deluxe_-_Sun_Is_Shining.mp3
[2010.04.04 21:44:24 | 000,017,089 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\UserTile.png
[2010.03.25 23:55:29 | 004,103,298 | ---- | C] () -- C:\Users\Paul\cleanvirusmsn.zip
[2010.03.19 18:00:00 | 008,655,505 | ---- | C] () -- C:\Users\Paul\11 Pursuit Of Happiness.mp3
[2010.03.19 18:00:00 | 008,035,880 | ---- | C] () -- C:\Users\Paul\08 Back Home.mp3
[2010.03.19 18:00:00 | 005,467,521 | ---- | C] () -- C:\Users\Paul\09 Kinda Like A Big Deal (KA Freestyle).mp3
[2010.03.19 18:00:00 | 005,063,145 | ---- | C] () -- C:\Users\Paul\10 Kano In The House (Pon De Floor).mp3
[2010.03.19 17:59:59 | 007,281,464 | ---- | C] () -- C:\Users\Paul\07 Chip Roll, Sausage In Batter.mp3
[2010.03.19 17:59:58 | 009,437,088 | ---- | C] () -- C:\Users\Paul\05 Game Over.mp3
[2010.03.19 17:59:58 | 008,561,464 | ---- | C] () -- C:\Users\Paul\04 Pass Out (KA Freestyle).mp3
[2010.03.19 17:59:58 | 007,593,888 | ---- | C] () -- C:\Users\Paul\03 Track Burglar.mp3
[2010.03.19 17:59:58 | 006,496,745 | ---- | C] () -- C:\Users\Paul\06 Rude Boy.mp3
[2010.03.19 17:59:57 | 008,962,705 | ---- | C] () -- C:\Users\Paul\02 You Are Young.mp3
[2010.03.19 17:59:57 | 000,806,231 | ---- | C] () -- C:\Users\Paul\01 Intro.mp3
[2010.03.19 17:59:05 | 076,615,102 | ---- | C] () -- C:\Users\Paul\Jack Bauer- The 7 Day Edition (www.kanosworld.com).zip
[2010.02.21 14:42:23 | 001,579,618 | ---- | C] () -- C:\Users\Paul\img004.jpg
[2010.01.07 17:45:56 | 000,953,919 | ---- | C] () -- C:\Users\Paul\Apple Store - Deutschland.mht
[2010.01.07 17:45:34 | 000,190,335 | ---- | C] () -- C:\Users\Paul\Sparkasse Krefeld - Ihr persönliches Finanzportal - Ihr Auftrag.mht
[2010.01.06 02:05:19 | 001,901,794 | ---- | C] () -- C:\Users\Paul\02 chase the sun.mp3
[2010.01.06 02:00:58 | 007,686,773 | ---- | C] () -- C:\Users\Paul\Planet_Funk_-_Chase_the_Sun.mp3
[2010.01.05 17:31:36 | 006,513,216 | ---- | C] () -- C:\Users\Paul\Nikkfurie_-_The_A_La_Menthe_Extended.mp3
[2009.12.26 15:43:05 | 007,989,158 | ---- | C] () -- C:\Users\Paul\-_Akon_ft_David_Guetta_-_Sexy_Bitch.mp3
[2009.10.11 10:59:48 | 005,556,136 | ---- | C] () -- C:\Users\Paul\Plane9.exe
[2009.08.28 15:19:31 | 010,351,542 | ---- | C] () -- C:\Users\Paul\Jay-Z_-_Death_of_Autotune.mp3
[2009.08.27 20:14:21 | 003,449,769 | ---- | C] () -- C:\Users\Paul\-_Planet_Funk_-_Chase_The_Sun.rar
[2009.07.02 19:53:14 | 099,423,964 | ---- | C] () -- C:\Users\Paul\34082008.rar
[2009.07.02 16:27:56 | 006,393,388 | ---- | C] () -- C:\Users\Paul\myGamersCam_Setup.zip
[2009.06.05 13:37:36 | 015,350,784 | ---- | C] () -- C:\Users\Paul\AppleMobileDeviceSupport.msi
[2009.06.03 15:09:15 | 000,041,838 | ---- | C] () -- C:\Users\Paul\John_Brown_-_Suburban_Empire_(Hosted_By_Superstar_Jay)-2009-MIXFIEND.torrent
[2009.05.22 19:27:18 | 004,329,056 | ---- | C] () -- C:\Users\Paul\DJ_Size_feat._J._Lourenzo___Big_Steve_-_Sunglasses.mp3
[2009.05.15 16:06:32 | 005,824,446 | ---- | C] () -- C:\Users\Paul\She's Glowing (Remix).mp3
[2009.03.31 19:22:03 | 000,463,360 | ---- | C] () -- C:\Users\Paul\Magischer+Kater+3.pps
[2008.08.12 15:07:44 | 000,022,328 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\PnkBstrK.sys
[2008.01.05 18:30:08 | 000,222,269 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\NMM-MetaData.db
[2007.12.29 19:21:48 | 003,108,049 | ---- | C] () -- C:\Program Files\The Beatles - Come Together.mp3
[2007.12.29 19:21:48 | 000,086,791 | ---- | C] () -- C:\Program Files\575m_rot_front.zip
[2007.12.29 19:21:48 | 000,062,874 | ---- | C] () -- C:\Program Files\575m_blau_dreiviertelfront.zip
[2007.12.29 19:21:48 | 000,062,613 | ---- | C] () -- C:\Program Files\575m_blau_heck.zip
[2007.12.29 19:21:48 | 000,057,566 | ---- | C] () -- C:\Program Files\575m_blau_top.zip
[2007.12.29 19:21:48 | 000,053,648 | ---- | C] () -- C:\Program Files\575m_rot_seite.zip
[2007.12.29 19:21:46 | 005,316,116 | ---- | C] () -- C:\Program Files\Forsaken_Part2.zip
[2007.12.29 19:21:46 | 003,060,864 | ---- | C] () -- C:\Program Files\Infamous.mp3
[2007.12.29 19:21:46 | 002,927,388 | ---- | C] () -- C:\Program Files\Infamous.zip
[2007.12.28 23:01:19 | 000,002,912 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat
[2007.12.28 21:13:39 | 000,000,552 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d8caps.dat
[2007.12.28 20:59:41 | 000,061,440 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.28 20:49:52 | 000,001,356 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2010.01.13 00:52:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Amazon
[2010.06.02 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.22 18:44:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GetRightToGo
[2008.12.31 15:04:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ
[2008.03.20 17:08:28 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ Toolbar
[2008.03.09 15:58:36 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ6
[2008.05.03 17:46:35 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\LimeWire
[2008.03.05 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MAGIX
[2008.03.01 21:08:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nokia
[2007.12.30 16:33:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PC Suite
[2010.12.10 23:14:51 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PCDr
[2010.04.04 21:44:24 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PeerNetworking
[2009.10.11 11:02:13 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Plane9
[2007.12.28 23:19:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Template
[2012.03.15 01:01:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\TP
[2012.09.03 19:06:57 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2008.12.23 16:18:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Ubisoft
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.11.08 21:13:34 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Adobe
[2010.01.13 00:52:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Amazon
[2010.10.29 21:19:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Apple Computer
[2007.12.28 20:52:54 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ATI
[2008.03.12 15:51:00 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\CyberLink
[2009.10.18 01:15:01 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DivX
[2010.06.02 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.22 18:44:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GetRightToGo
[2007.12.28 23:06:48 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Google
[2008.12.31 15:04:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ
[2008.03.20 17:08:28 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ Toolbar
[2008.03.09 15:58:36 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ6
[2007.12.28 20:51:14 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Identities
[2008.01.02 15:25:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\InstallShield
[2008.05.03 17:46:35 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\LimeWire
[2007.12.29 17:36:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Macromedia
[2008.03.05 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MAGIX
[2010.03.26 07:50:53 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Media Center Programs
[2011.01.02 17:43:26 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Media Player Classic
[2010.12.10 23:33:31 | 000,000,000 | --SD | M] -- C:\Users\Paul\AppData\Roaming\Microsoft
[2008.11.08 21:06:30 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mozilla
[2008.03.01 21:08:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nokia
[2007.12.30 16:33:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PC Suite
[2010.12.10 23:14:51 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PCDr
[2010.04.04 21:44:24 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PeerNetworking
[2009.10.11 11:02:13 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Plane9
[2012.06.15 11:49:21 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Real
[2009.07.31 13:05:56 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Roxio
[2008.12.23 16:18:08 | 000,000,000 | RH-D | M] -- C:\Users\Paul\AppData\Roaming\SecuROM
[2012.08.12 16:20:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Skype
[2007.12.28 23:19:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Template
[2012.03.15 01:01:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\TP
[2012.08.15 21:56:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Winamp
[2008.02.29 15:05:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2008.02.29 15:15:07 | 004,506,256 | ---- | M] (Lime Wire LLC) -- C:\Users\Paul\AppData\Roaming\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
[2009.07.29 13:42:18 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Paul\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2008.12.23 16:17:03 | 000,010,134 | R--- | M] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe
[2011.05.26 01:05:01 | 051,021,472 | ---- | M] (Dell Inc) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5830_10_32_01.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\09f4528d-d7f8-4941-a47b-59fdf84eb12d\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\0ca64426-db4d-432a-bd67-aff9107d64cf\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\1594939f-1d82-48a1-a923-1fdd5cf0022f\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\2910aba0-f040-4b76-9f5d-c6345edbcdb3\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\41e3569a-0811-4773-baae-cc43e0a96dbe\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\49317d67-e09e-4ece-8a85-4c6f3e247dd9\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\537f2034-8d80-4ce9-80aa-b8e413fb2c36\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\79ec2210-4aa0-43d5-ad9c-bdd97e016ca7\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\83e38759-ce3b-446d-bc03-c79a822f3bad\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\cc3cd55a-fe6b-4f2f-b318-debd0e98f771\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\e5c5ca82-8ed7-49ce-8a72-974316b62bdc\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\fee9f468-4bd6-4640-90ec-d068b0fecf22\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.02.28 15:20:53 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Paul\AppData\Roaming\Real\Update\setup3.09\setup.exe
[2010.06.01 22:19:01 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Paul\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2010.09.20 22:34:25 | 000,456,200 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Paul\AppData\Roaming\Real\Update\setup3.12\setup.exe
[2011.01.27 01:34:02 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Paul\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2012.06.07 19:05:34 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Paul\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\rnupgagent.exe
[2012.05.28 00:01:22 | 028,087,744 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Paul\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_data\RealPlayer_de.exe
[2012.05.28 00:00:32 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Paul\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_exe\RealPlayer_de.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.12.21 05:40:56 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007.12.21 05:40:56 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007.12.21 05:40:56 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007.12.21 05:40:56 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2007.12.19 23:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\ATI\SUPPORT\8-4_vista32_dd_ccc_wdm_enu_61008\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2006.12.29 01:51:56 | 000,110,592 | ---- | M] (ATI Technologies Inc.) MD5=67740F91B47434CC6173A35667A4BA66 -- C:\ATI\SUPPORT\8-4_vista32_dd_ccc_wdm_enu_61008\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.12.21 05:41:22 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007.12.21 05:50:28 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2007.12.21 05:50:28 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2007.12.21 05:50:28 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2007.12.21 05:50:28 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2007.12.21 05:40:53 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007.12.21 05:40:53 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007.12.21 05:41:22 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007.12.21 05:41:22 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.04.26 12:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R154092\iastor.sys
[2007.04.26 12:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007.04.26 12:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007.04.26 12:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.12.21 05:46:36 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.12.21 05:46:37 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\My Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\Battlefield 2 Demo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Paul\Desktop\Installationsdateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Nokia:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Netscape:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Codemasters:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\City Interactive:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Activision:Roxio EMC Stream
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
         
--- --- ---

Antwort

Themen zu Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)
adobe, adobe flash player, adware, antivirus, avast, avast antivirus, befall, bytes, ergebnis, erkannt, flash player, gelöscht, gen, google, intranet, kaspersky, malware, malware bytes, problem, schnell, sekunden, tables, tdss, trojaner, viren, warum, websites, win, win32, öffnet



Ähnliche Themen: Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)


  1. Adobe Flash Player
    Log-Analyse und Auswertung - 21.11.2015 (28)
  2. Adobe Flash-Player funktioniert nicht
    Alles rund um Windows - 26.10.2015 (0)
  3. Bei Installation Adobe Flash Player Virus eingefangen...
    Log-Analyse und Auswertung - 12.04.2015 (34)
  4. Adobe Flash Player Aktualisierung Virus
    Plagegeister aller Art und deren Bekämpfung - 08.12.2014 (2)
  5. Problem mit dem Update von Adobe Flash Player
    Log-Analyse und Auswertung - 27.01.2014 (1)
  6. Trojaner nach Adobe Flash Player Update
    Log-Analyse und Auswertung - 24.01.2014 (11)
  7. Adobe Flash Player, Clickjacking
    Diskussionsforum - 13.09.2013 (8)
  8. Windows 7: Adobe Flash Player - ZeroAccess
    Log-Analyse und Auswertung - 08.09.2013 (21)
  9. Das runterladen von Adobe flash player und alles was mit adobe zu tun hat , geht nicht runterzuladen. installation bricht immer ab. vielleic
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (11)
  10. Adobe dichtet Flash Player, Shockwave und ColdFusion ab
    Nachrichten - 10.07.2013 (0)
  11. große probleme mit adobe flash player
    Plagegeister aller Art und deren Bekämpfung - 16.03.2013 (2)
  12. Virus Benutzerkontensteurung Adobe Flash Player
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (1)
  13. adobe flash player update Trojaner, FP_AX_CAB_INSTALLER.DMP
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (13)
  14. Sicherheitswarnung von Adobe Flash Player
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (24)
  15. Adobe Flash Player funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (33)
  16. Avast meldet Trojaner nach Adobe Flash Player Update
    Plagegeister aller Art und deren Bekämpfung - 15.05.2012 (4)
  17. Updates für Flash Player und Adobe Reader
    Nachrichten - 22.03.2011 (0)

Zum Thema Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) - Hallo zusammen Gestern drehte mein avast Antivirus durch und meldete mir im gefühlten Sekundentakt blockierte Trojaner und Malware (Win32:Malware-gen und Win32:Troj-gen). Habe daraufhin avast einmal komplett drüberlaufen lassen und Malware - Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)...
Archiv
Du betrachtest: Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.