Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Live Security Platinum 3.6.1

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.09.2012, 08:55   #1
Boludo
 
Live Security Platinum 3.6.1 - Standard

Live Security Platinum 3.6.1



Moin,

gestern Abend hat sich auf meinem Rechner Live Security Platinum 3.6.1 gemeldet und erst einmal alles lahmgelegt. (Übrigens kurz nachdem sich Adobe Flash Player als Update gemeldet hatte und ich die Installation durchführen lies...). Nachdem ich den Inhalt des Ordners, auf den die Verknüpfung von LSP auf meinem Desktop verwiesen hatte, gelöscht und die *.exe umbenannt hatte, funktionierte das System scheinbar wieder.

Habe dann als Admin Scans mit Malwarebytes, OTL und GMER durchgeführt. Hier nun die Logfiles:

Malwarebytes

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.01.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Boludo :: BOLUDO-PC [Administrator]

01.09.2012 22:22:04
mbam-log-2012-09-01 (22-22-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 369910
Laufzeit: 1 Stunde(n), 29 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-18\$30ad3e590ec1993ed8708247cc2bc33a\n.) Gut: (fastprox.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-2555909198-2805718332-2460936450-1000\$30ad3e590ec1993ed8708247cc2bc33a\n.) Gut: (shell32.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 8
C:\$RECYCLE.BIN\S-1-5-18\$30ad3e590ec1993ed8708247cc2bc33a\n (Trojan.Siredef) -> Löschen bei Neustart.
C:\$RECYCLE.BIN\S-1-5-18\$30ad3e590ec1993ed8708247cc2bc33a\U\00000001.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-18\$30ad3e590ec1993ed8708247cc2bc33a\U\80000000.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-18\$30ad3e590ec1993ed8708247cc2bc33a\U\800000cb.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-21-2555909198-2805718332-2460936450-1000\$30ad3e590ec1993ed8708247cc2bc33a\n (Trojan.Siredef) -> Löschen bei Neustart.
C:\Program Files\pdfsam\pdfsam-starter.exe (Trojan.Agent.VGENX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Boludo\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
OTL

Code:
ATTFilter
OTL logfile created on: 02.09.2012 08:23:34 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Boludo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,91% Memory free
6,19 Gb Paging File | 5,19 Gb Available in Paging File | 83,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 8,26 Gb Free Space | 7,41% Space Free | Partition Type: NTFS
Drive D: | 107,90 Gb Total Space | 3,42 Gb Free Space | 3,17% Space Free | Partition Type: NTFS
 
Computer Name: BOLUDO-PC | User Name: Boludo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.02 07:57:11 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe
PRC - [2012.08.09 08:43:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.11 16:48:56 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Boludo\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.22 10:05:38 | 000,474,168 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012.04.22 09:58:48 | 000,724,536 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.03.11 20:30:28 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.03.11 11:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.07 04:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007.10.11 08:46:14 | 000,121,344 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2007.10.11 08:45:52 | 000,031,232 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 06:57:02 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012.06.14 06:47:10 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 06:46:52 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.24 18:06:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.24 17:57:36 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.24 17:57:21 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.09.23 15:58:24 | 000,008,960 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2008.03.29 04:48:02 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3005.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008.03.29 04:48:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3005.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008.03.29 04:48:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3005.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008.03.11 10:14:34 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.30 11:24:26 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.22 10:05:38 | 000,474,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009.11.20 23:23:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.11.01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.11.01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.08 20:42:26 | 000,100,376 | ---- | M] (VisionWorks Solutions, Inc) [File_System | System | Running] -- C:\Windows\System32\drivers\FAMv4.sys -- (FAMv4)
DRV - [2009.08.05 07:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.11.17 08:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.03.13 10:23:06 | 000,080,912 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.07 19:55:00 | 007,480,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.15 10:09:46 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.01.08 21:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.12.18 18:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.7
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_10.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_10.0
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 11:24:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.15 07:13:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.11 21:59:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Boludo\AppData\Roaming\12011
 
[2009.11.20 12:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boludo\AppData\Roaming\mozilla\Extensions
[2012.08.27 08:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boludo\AppData\Roaming\mozilla\Firefox\Profiles\lb90ov9f.default\extensions
[2012.08.27 08:37:16 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Boludo\AppData\Roaming\mozilla\Firefox\Profiles\lb90ov9f.default\extensions\maps@ovi.com
[2012.06.14 20:25:50 | 000,000,925 | ---- | M] () -- C:\Users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\searchplugins\conduit.xml
[2011.07.31 18:52:02 | 000,005,310 | ---- | M] () -- C:\Users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\searchplugins\footiefox.xml
[2012.06.17 07:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.15 07:13:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.06.15 07:13:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.05.26 19:21:38 | 000,222,562 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
[2012.05.23 19:03:31 | 000,355,956 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\{9FB7D178-155A-4318-9173-1A8EAAEA7FE4}.XPI
[2012.02.07 18:29:57 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2009.11.20 12:27:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.08.30 11:24:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 11:24:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.10 21:44:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8621F01D-1B82-4981-BC90-637664DB07CE}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.02 07:57:08 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe
[2012.08.04 19:20:25 | 000,000,000 | ---D | C] -- C:\Users\Boludo\Desktop\Barthstraße 23
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.02 07:57:11 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe
[2012.09.02 07:52:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.09.02 07:52:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.02 07:52:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.02 07:51:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.02 07:51:45 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.02 07:50:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.01 21:52:08 | 000,018,432 | ---- | M] () -- C:\Users\Boludo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.01 19:29:47 | 000,010,276 | ---- | M] () -- C:\Users\Boludo\Desktop\Ausgaben September.ods
[2012.08.31 20:56:55 | 000,014,887 | ---- | M] () -- C:\Users\Boludo\Desktop\Ausgaben August.ods
[2012.08.31 11:13:46 | 000,017,101 | ---- | M] () -- C:\Users\Boludo\Desktop\Arztrechnungen.ods
[2012.08.31 09:10:45 | 000,084,934 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.08.29 09:52:20 | 000,000,680 | ---- | M] () -- C:\Users\Boludo\AppData\Local\d3d9caps.dat
[2012.08.28 07:12:54 | 000,000,830 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012.08.15 07:34:58 | 000,352,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.09 19:37:33 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.09 19:37:33 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.09 19:37:33 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.09 19:37:33 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.06 20:36:48 | 000,000,699 | ---- | M] () -- C:\Windows\wiso.ini
 
========== Files Created - No Company Name ==========
 
[2012.08.31 09:10:47 | 000,010,276 | ---- | C] () -- C:\Users\Boludo\Desktop\Ausgaben September.ods
[2012.08.08 19:35:43 | 000,000,830 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012.06.01 09:31:43 | 000,000,008 | ---- | C] () -- C:\Users\Boludo\AppData\Roaming\urhtps.dat
[2011.06.11 19:02:43 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe
[2011.03.15 23:41:32 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.02.20 15:09:34 | 000,000,699 | ---- | C] () -- C:\Windows\wiso.ini
[2011.01.04 17:07:44 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010.11.05 20:03:33 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.04.18 18:29:23 | 000,000,680 | ---- | C] () -- C:\Users\Boludo\AppData\Local\d3d9caps.dat
[2010.01.16 14:36:39 | 000,034,923 | ---- | C] () -- C:\Users\Boludo\AppData\Roaming\mdbu.bin
[2009.11.22 17:43:57 | 000,084,934 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.11.22 17:40:22 | 000,084,934 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.11.22 00:41:26 | 000,018,432 | ---- | C] () -- C:\Users\Boludo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2009.11.20 09:55:21 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Acer
[2008.03.29 05:06:10 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Acer GameZone Console
[2009.12.24 13:52:44 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\AnvSoft
[2011.02.20 15:11:25 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Buhl Data Service
[2009.12.29 22:00:24 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Canon
[2009.12.01 19:49:49 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\FreeFLVConverter
[2011.12.30 21:05:34 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\GMX
[2010.05.26 22:18:47 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\IrfanView
[2009.11.20 23:09:08 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Leadertech
[2010.08.01 13:39:02 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\MusicBrainz
[2012.02.11 22:02:35 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia
[2010.05.09 21:34:24 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia Ovi Suite
[2012.02.12 10:06:05 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia Suite
[2009.11.21 11:47:44 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\OpenOffice.org
[2012.03.02 20:16:09 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\PC Suite
[2011.06.11 19:03:23 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\pics
[2010.02.07 19:03:53 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\StreamTorrent
[2009.11.20 09:35:43 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Validity
[2012.09.02 07:50:48 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
OTL Extras

Code:
ATTFilter
OTL Extras logfile created on: 02.09.2012 08:23:34 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Boludo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,91% Memory free
6,19 Gb Paging File | 5,19 Gb Available in Paging File | 83,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 8,26 Gb Free Space | 7,41% Space Free | Partition Type: NTFS
Drive D: | 107,90 Gb Total Space | 3,42 Gb Free Space | 3,17% Space Free | Partition Type: NTFS
 
Computer Name: BOLUDO-PC | User Name: Boludo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AceBackup] -- "C:\Program Files\AceBIT\AceBackup 3\AceBackup.exe" -as "%1" (AceBIT)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Fotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Saturn Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Saturn Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770103E9-E1C3-48C9-812B-2982C7070575}_is1" = Pazera Free MOV to AVI Converter 1.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{87B60A11-AA9E-43FE-A68F-B3C4F80F7D2F}" = AceBackup 3
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials
"{9F70E36A-8C0F-4069-9C81-9708E46E6F5E}" = O&O PartitionManager Professional
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B5577A8D-500A-4972-ADC4-E813C94FC510}" = NTI Backup Now 5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AmoKExifSorter2" = AmoK Exif Sorter 2.5.6 (nur deinstallieren)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner
"DirSync" = DirSync  2.93
"dm-Fotowelt" = dm-Fotowelt
"DPP" = Canon Utilities Digital Photo Professional 3.4
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"Fotoservice" = Fotoservice
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"GMX ProfiFax" = GMX ProfiFax
"GMX SMS-Manager" = GMX SMS-Manager
"GridVista" = Acer GridVista
"InstallShield_{B5577A8D-500A-4972-ADC4-E813C94FC510}" = NTI Backup Now 5.5
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MusicBrainz Picard" = MusicBrainz Picard
"MyCamera" = Canon Utilities MyCamera
"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.12
"Nokia Suite" = Nokia Suite
"NTI Open File Manager" = NTI Open File Manager
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"pdfsam" = pdfsam
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Saturn Fotoservice" = Saturn Fotoservice
"SopCast" = SopCast 3.3.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.09.2012 15:23:57 | Computer Name = Boludo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.09.2012 15:27:55 | Computer Name = Boludo-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16448 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1460  Anfangszeit: 01cd8877cf1c1573  Zeitpunkt
 der Beendigung: 202
 
Error - 01.09.2012 15:55:09 | Computer Name = Boludo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.09.2012 20:51:38 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.09.2012 20:51:39 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7218291
 
Error - 01.09.2012 20:51:39 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7218291
 
Error - 02.09.2012 01:37:22 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.09.2012 01:37:22 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17129222
 
Error - 02.09.2012 01:37:22 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17129222
 
Error - 02.09.2012 01:52:28 | Computer Name = Boludo-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 05.04.2012 14:31:30 | Computer Name = Boludo-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
[ System Events ]
Error - 01.09.2012 15:23:58 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 01.09.2012 15:23:58 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 01.09.2012 15:30:08 | Computer Name = Boludo-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 01.09.2012 15:55:09 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 01.09.2012 15:55:09 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 01.09.2012 15:55:09 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 02.09.2012 01:51:45 | Computer Name = Boludo-PC | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
 nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
 oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
 auswählen.
 
Error - 02.09.2012 01:52:28 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 02.09.2012 01:52:28 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 02.09.2012 01:52:28 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description = 
 
 
< End of report >
         
GMER

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-02 09:42:22
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: e1rvr27y.exe; Driver: C:\Users\Boludo\AppData\Local\Temp\pfriipog.sys


---- System - GMER 1.0.15 ----

SSDT            8CA61636                                                                                                             ZwCreateSection
SSDT            8CA61640                                                                                                             ZwRequestWaitReplyPort
SSDT            8CA6163B                                                                                                             ZwSetContextThread
SSDT            8CA61645                                                                                                             ZwSetSecurityObject
SSDT            8CA6164A                                                                                                             ZwSystemDebugControl
SSDT            8CA615D7                                                                                                             ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                                        822E48D8 4 Bytes  [36, 16, A6, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                                        822E4BFC 4 Bytes  [40, 16, A6, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                                        822E4C30 4 Bytes  [3B, 16, A6, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                                        822E4C94 4 Bytes  [45, 16, A6, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                                        822E4CDC 4 Bytes  [4A, 16, A6, 8C]
.text           ...                                                                                                                  
?               System32\drivers\rxgqhbs.sys                                                                                         Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                             section is writeable [0x8E800340, 0x3D50E7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] USER32.dll!GetWindowInfo                                 767F428E 5 Bytes  JMP 626FF66F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] USER32.dll!SetMenuItemBitmaps + 71                       768014EE 7 Bytes  JMP 626FFCA8 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5396] ntdll.dll!LdrLoadDll                                              77439378 5 Bytes  JMP 625A6C40 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5396] kernel32.dll!HeapSetInformation + 26                              771AA8C0 7 Bytes  JMP 625AFE71 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5396] kernel32.dll!LockResource + C                                     771C6B0B 7 Bytes  JMP 627E2D9C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5396] kernel32.dll!VirtualAllocEx + 54                                  771CAF70 7 Bytes  JMP 627E2DBF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5396] GDI32.dll!SetStretchBltMode + 256                                 76B6745C 7 Bytes  JMP 627E2D1D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateFile + 6               7747424A 4 Bytes  [28, 00, 16, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateFile + B               7747424F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateKey + 6                7747428A 4 Bytes  [68, 01, 16, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateKey + B                7747428F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateMutant + 6             774742BA 4 Bytes  [28, 02, 16, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateMutant + B             774742BF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateSection + 6            7747433A 4 Bytes  [68, 02, 16, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateSection + B            7747433F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtMapViewOfSection + 6         7747499A 4 Bytes  [A8, 04, 16, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtMapViewOfSection + B         7747499F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenFile + 6                 77474A2A 4 Bytes  [68, 00, 16, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenFile + B                 77474A2F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenKey + 6                  77474A5A 4 Bytes  [A8, 01, 16, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenKey + B                  77474A5F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenMutant + B               77474A7F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcess + 6              77474AAA 1 Byte  [28]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcess + 6              77474AAA 4 Bytes  [28, 03, 16, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcess + B              77474AAF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcessToken + 6         77474ABA 1 Byte  [68]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcessToken + 6         77474ABA 4 Bytes  [68, 03, 16, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcessToken + B         77474ABF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcessTokenEx + 6       77474ACA 4 Bytes  [28, 04, 16, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcessTokenEx + B       77474ACF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenSection + 6              77474ADA 4 Bytes  [A8, 02, 16, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenSection + B              77474ADF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenThread + B               77474B1F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenThreadToken + 6          77474B2A 1 Byte  [E8]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenThreadToken + B          77474B2F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenThreadTokenEx + 6        77474B3A 4 Bytes  [68, 04, 16, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenThreadTokenEx + B        77474B3F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtQueryAttributesFile + 6      77474BCA 4 Bytes  [A8, 00, 16, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtQueryAttributesFile + B      77474BCF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtQueryFullAttributesFile + B  77474C7F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtSetInformationFile + 6       7747515A 4 Bytes  [28, 01, 16, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtSetInformationFile + B       7747515F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtSetInformationThread + 6     774751AA 1 Byte  [A8]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtSetInformationThread + 6     774751AA 4 Bytes  [A8, 03, 16, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtSetInformationThread + B     774751AF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtUnmapViewOfSection + B       7747544F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] kernel32.dll!CreateProcessW              77181BF3 5 Bytes  JMP 000100B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] kernel32.dll!CreateProcessA              77181C28 5 Bytes  JMP 000100F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] kernel32.dll!OpenEventW                  7719C033 5 Bytes  JMP 00010070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] kernel32.dll!CreateEventW                771CB87E 5 Bytes  JMP 00010030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!DeleteObject                   76B65A37 5 Bytes  JMP 001801B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetDeviceCaps                  76B6617F 5 Bytes  JMP 001803B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SelectObject                   76B662A0 5 Bytes  JMP 001805F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetTextColor                   76B6666B 5 Bytes  JMP 001809F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetBkMode                      76B66716 5 Bytes  JMP 001808B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!DeleteDC                       76B668CD 5 Bytes  JMP 00180170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetCurrentObject               76B66B58 5 Bytes  JMP 00180370 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetStretchBltMode              76B67206 5 Bytes  JMP 00180670 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SaveDC                         76B675BA 5 Bytes  JMP 00180570 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!RestoreDC                      76B67675 5 Bytes  JMP 00180530 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!StretchDIBits                  76B678CF 5 Bytes  JMP 00180730 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!ExtSelectClipRgn               76B679F8 5 Bytes  JMP 001802F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SelectClipRgn                  76B67AF9 5 Bytes  JMP 001805B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!MoveToEx                       76B67C33 5 Bytes  JMP 00180470 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!Rectangle                      76B67EA9 5 Bytes  JMP 00180970 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextAlign                   76B682E0 5 Bytes  JMP 00180D30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetTextAlign                   76B685CB 5 Bytes  JMP 001809B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!ExtTextOutW                    76B6872B 5 Bytes  JMP 00180930 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextMetricsW                76B68A81 5 Bytes  JMP 00180DF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!IntersectClipRect              76B68B64 5 Bytes  JMP 001803F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetClipBox                     76B69071 5 Bytes  JMP 00180330 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetICMMode                     76B694E7 5 Bytes  JMP 00180D70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!CreateDCW                      76B6A91D 5 Bytes  JMP 001800F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!CreateDCA                      76B6AA49 5 Bytes  JMP 001800B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!CreateICW                      76B6B2E9 5 Bytes  JMP 00180130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextFaceW                   76B6B637 5 Bytes  JMP 00180CF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetFontData                    76B6BA6C 5 Bytes  JMP 00180C30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextExtentPoint32W          76B6C01A 5 Bytes  JMP 00180630 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetWorldTransform              76B6C46A 5 Bytes  JMP 001806B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!LineTo                         76B6C65E 5 Bytes  JMP 00180430 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextMetricsA                76B6CCEB 5 Bytes  JMP 00180DB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!ExtTextOutA                    76B700A5 5 Bytes  JMP 001808F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!ExtEscape                      76B722A7 5 Bytes  JMP 001802B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!Escape                         76B727F1 5 Bytes  JMP 00180270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!ResetDCW                       76B73132 5 Bytes  JMP 00180A70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!EndPage                        76B7375E 5 Bytes  JMP 00180230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetPolyFillMode                76B761D3 5 Bytes  JMP 00180AF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetMiterLimit                  76B762E2 5 Bytes  JMP 00180B30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextFaceA                   76B7F4C5 5 Bytes  JMP 00180CB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetGlyphOutlineW               76B8A41F 5 Bytes  JMP 00180C70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!CreateScalableFontResourceW    76B8C88B 5 Bytes  JMP 00180B70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!AddFontResourceW               76B8CC93 5 Bytes  JMP 00180BB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!RemoveFontResourceW            76B8D129 5 Bytes  JMP 00180BF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!AbortDoc                       76B92CC4 5 Bytes  JMP 00180030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!EndDoc                         76B930D8 5 Bytes  JMP 001801F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!StartPage                      76B931C3 5 Bytes  JMP 001806F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!StartDocW                      76B93CA7 5 Bytes  JMP 001807B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!BeginPath                      76B94465 5 Bytes  JMP 001807F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SelectClipPath                 76B944BC 5 Bytes  JMP 00180AB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!CloseFigure                    76B94517 5 Bytes  JMP 00180070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!EndPath                        76B9456E 5 Bytes  JMP 00180A30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!StrokePath                     76B947A0 5 Bytes  JMP 00180770 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!FillPath                       76B9482C 1 Byte  [E9]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!FillPath                       76B9482C 5 Bytes  JMP 00180830 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!PolylineTo                     76B94C95 5 Bytes  JMP 001804F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!PolyBezierTo                   76B94D25 5 Bytes  JMP 001804B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!PolyDraw                       76B94DD6 5 Bytes  JMP 00180870 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!SetCursor                     767ED37D 5 Bytes  JMP 00190530 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!RegisterClipboardFormatW      767ED6AC 1 Byte  [E9]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!RegisterClipboardFormatW      767ED6AC 5 Bytes  JMP 001902B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!ActivateKeyboardLayout        767F478C 5 Bytes  JMP 001904F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!IsWindowVisible               767F878A 7 Bytes  JMP 001906B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!MonitorFromWindow             767F88D4 4 Bytes  JMP 00190630 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!MonitorFromWindow + 5         767F88D9 2 Bytes  [CC, CC] {INT 3 ; INT 3 }
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!ScreenToClient                767F8C56 7 Bytes  JMP 00190670 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClientRect                 767F8F0D 7 Bytes  JMP 001905B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetParent                     767F90AA 7 Bytes  JMP 001906F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!RegisterClipboardFormatA      767FA111 5 Bytes  JMP 001902F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!PostMessageW                  767FA175 5 Bytes  JMP 001905F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!MapWindowPoints               767FA30D 5 Bytes  JMP 00190570 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardFormatNameA       767FA552 5 Bytes  JMP 00190270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetOpenClipboardWindow        768026A6 5 Bytes  JMP 001903F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!SetClipboardViewer            7680BA2D 5 Bytes  JMP 001904B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!IsClipboardFormatAvailable    7680C2E3 5 Bytes  JMP 001900F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!CloseClipboard                7680C2F7 5 Bytes  JMP 001900B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!OpenClipboard                 7680C31D 5 Bytes  JMP 00190070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetTopWindow                  7680CE0A 7 Bytes  JMP 00190730 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardSequenceNumber    7680D8B7 5 Bytes  JMP 00190330 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!ChangeClipboardChain          7680DF83 5 Bytes  JMP 00190430 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!CountClipboardFormats         76810048 5 Bytes  JMP 001901F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardOwner             768126EF 5 Bytes  JMP 00190370 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!SetClipboardData              76826410 5 Bytes  JMP 00190170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!EnumClipboardFormats          76826D16 5 Bytes  JMP 001901B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!SetCursorPos                  76826FB2 5 Bytes  JMP 00190770 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardData              7682715A 5 Bytes  JMP 00190030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardFormatNameW       7682A99F 5 Bytes  JMP 00190230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!EmptyClipboard                7684398B 5 Bytes  JMP 00190130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardViewer            768439ED 5 Bytes  JMP 00190470 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetPriorityClipboardFormat    76843AEF 5 Bytes  JMP 001903B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ole32.dll!OleGetClipboard                769274C9 5 Bytes  JMP 001A00B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ole32.dll!OleSetClipboard                769511E3 5 Bytes  JMP 001A0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ole32.dll!OleIsCurrentClipboard          7695A8F9 5 Bytes  JMP 001A0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!FreeContextBuffer            75962D83 5 Bytes  JMP 002C00F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!DeleteSecurityContext        75962F18 5 Bytes  JMP 002C0270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!FreeCredentialsHandle        75963598 5 Bytes  JMP 002C0130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!EncryptMessage               75963745 5 Bytes  JMP 002C01F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!DecryptMessage               75963813 5 Bytes  JMP 002C0230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!InitializeSecurityContextA   759687DF 5 Bytes  JMP 002C0170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!AcquireCredentialsHandleA    75968A43 5 Bytes  JMP 002C0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!QueryContextAttributesA      75968E77 5 Bytes  JMP 002C0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!ApplyControlToken            7596DE4F 5 Bytes  JMP 002C01B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!QueryCredentialsAttributesA  7596E052 5 Bytes  JMP 002C00B0 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                              Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                              Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001f3aec4348                                          
Reg             HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001f3aec4348 (not active ControlSet)                      
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                                
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOPM02.00.00.01PRO                                             D4A20DAD5868B6041F04324742A5C08A4AA057E0733C7E4C1DDFA45CC1C941D4674BF258D6B8800A9109D0A2DEC8CD5CDFEC54BDF821889B189644EF887B7147759D09E7C5D7030263D371F0AB431E839090CAB02DAF89AECE10BF7BBE58BC9CC5E410B933BB7857EF7015D65A9D3B06ED769747841FF8C2A53BEF16C06A24ECB3AD7E8AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452C038D530D6EB34529DB7CE019D40AA5C80ABBC8B1D9C3EF8987473BA6BA15654E4CBE3AEE6BAB6D9675FC46044E9E6C0A7A78D5E861D47FEF8887DA770D2876F1307FC96BFE0E9027914C65B44C0D801B65E65853D6ACB60613C009E07C77824F6A3F658A2B0DACF04A8CFC0FE770B689C1D72939D8CDB8AA433B50D8329D48868B2B85A768EF32204C195140FD5C2C19E3BD7441CCA3CCF6E12CC054C60FE1A174C1E2AB7A852404D874078A7687DB9D10FAAF53C326667B9826A3FDD9A0CB6830BF875F6EB4A5186A5EC370D7E68632577F4299A16856C57B1A316C4C9C6A1848C0B92580BE0E02A4CAD3D98ADE832D5D3350565887A5B6CD10408A7A5AB0343740D77937F5260862C869B37CC1701F8885D53DCE4DA9871998AB7BB28ECE5BCE82CC175028B24408070076BF8BB0C76FE528159C6EDE834C02BE

---- EOF - GMER 1.0.15 ----
         


Bin ich den Plagegeist nun los oder soll ich noch weitere Scans durchführen?

Ach so: Der normale Windows-Modus funktioniert scheinbar einwandfrei und leere Ordner sind im Startmenü nicht vorhanden, vermisst wird auch nichts.

Vielen Dank vorab & Gruß
Boludo

Geändert von Boludo (02.09.2012 um 08:58 Uhr) Grund: Ergänzung

Alt 03.09.2012, 12:49   #2
Larusso
/// Selecta Jahrusso
 
Live Security Platinum 3.6.1 - Standard

Live Security Platinum 3.6.1





Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.
Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________

Alt 03.09.2012, 16:00   #3
Boludo
 
Live Security Platinum 3.6.1 - Standard

Live Security Platinum 3.6.1



Hallo Daniel,

gesagt getan! Anbei das Logfile:

Code:
ATTFilter
ComboFix 12-09-03.06 - Boludo 03.09.2012  16:31:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1866 [GMT 2:00]
ausgeführt von:: c:\users\Boludo\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-03 bis 2012-09-03  ))))))))))))))))))))))))))))))
.
.
2012-09-03 14:45 . 2012-09-03 14:50	--------	d-----w-	c:\users\Boludo\AppData\Local\temp
2012-09-03 14:45 . 2012-09-03 14:45	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-09-03 14:45 . 2012-09-03 14:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-03 14:45 . 2012-09-03 14:45	--------	d-----w-	c:\users\Catja Mobil\AppData\Local\temp
2012-09-01 03:56 . 2012-08-23 07:15	7022536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED14920F-8513-4F40-BB4E-E1331C422AC2}\mpengine.dll
2012-08-30 09:24 . 2012-08-30 09:24	73696	----a-w-	c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-15 05:05 . 2012-06-29 00:00	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-14 18:57 . 2012-05-11 15:57	623616	----a-w-	c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 19:11 . 2012-06-07 05:30	696520	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-01 19:11 . 2011-05-24 04:45	73416	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2012-06-02 09:04	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\system32\msxml4.dll
2012-06-15 05:13 . 2012-06-15 05:13	476936	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-15 05:13 . 2010-06-15 05:53	472840	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-05 16:47 . 2012-07-11 04:54	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 04:54	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-08-30 09:24 . 2012-06-17 05:59	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-07 17425072]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-07 13527584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-07 92704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-03-13 805384]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2009-09-22 33024]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"PMBVolumeWatcher"="c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-04-22 724536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
c:\users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-29 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
bthsvcs	REG_MULTI_SZ   	BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-03 16:50
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3828)
c:\windows\System32\SysHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Acer\Acer VCM\RS_Service.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-03  16:55:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-03 14:55
.
Vor Suchlauf: 8.961.388.544 Bytes frei
Nach Suchlauf: 9.626.333.184 Bytes frei
.
- - End Of File - - 7107B1425AFDB8F3DE329B5CF22263C4
         
Vielen Dank & Gruß
Micha
__________________

Alt 03.09.2012, 16:17   #4
Larusso
/// Selecta Jahrusso
 
Live Security Platinum 3.6.1 - Standard

Live Security Platinum 3.6.1



Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:
BleepingComputer.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:
ATTFilter
DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
FireFox::
FF - ProfilePath - c:\users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}
ClearJavaCache::
         
Speichere dies als CFScript.txt auf deinem Desktop.
Wichtig:
  • Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern. Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher, dass ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.


  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.




Downloade dir bitte Farbar's Service Scanner
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 03.09.2012, 17:30   #5
Boludo
 
Live Security Platinum 3.6.1 - Standard

Live Security Platinum 3.6.1



Combo Fix:

Code:
ATTFilter
ComboFix 12-09-03.06 - Boludo 03.09.2012  17:38:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1955 [GMT 2:00]
ausgeführt von:: c:\users\Boludo\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Boludo\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-03 bis 2012-09-03  ))))))))))))))))))))))))))))))
.
.
2012-09-03 16:06 . 2012-09-03 16:10	--------	d-----w-	c:\users\Boludo\AppData\Local\temp
2012-09-03 16:06 . 2012-09-03 16:06	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-09-03 16:06 . 2012-09-03 16:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-03 16:06 . 2012-09-03 16:06	--------	d-----w-	c:\users\Catja Mobil\AppData\Local\temp
2012-09-01 03:56 . 2012-08-23 07:15	7022536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED14920F-8513-4F40-BB4E-E1331C422AC2}\mpengine.dll
2012-08-30 09:24 . 2012-08-30 09:24	73696	----a-w-	c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-15 05:05 . 2012-06-29 00:00	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-14 18:57 . 2012-05-11 15:57	623616	----a-w-	c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 19:11 . 2012-06-07 05:30	696520	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-01 19:11 . 2011-05-24 04:45	73416	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2012-06-02 09:04	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\system32\msxml4.dll
2012-06-15 05:13 . 2012-06-15 05:13	476936	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-15 05:13 . 2010-06-15 05:53	472840	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-05 16:47 . 2012-07-11 04:54	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 04:54	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-08-30 09:24 . 2012-06-17 05:59	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-07 17425072]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-07 13527584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-07 92704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-03-13 805384]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2009-09-22 33024]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"PMBVolumeWatcher"="c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-04-22 724536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
c:\users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-29 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
bthsvcs	REG_MULTI_SZ   	BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\
FF - prefs.js: browser.search.selectedEngine - 
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-03 18:10
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2112)
c:\windows\System32\SysHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Acer\Acer VCM\RS_Service.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-03  18:15:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-03 16:14
ComboFix2.txt  2012-09-03 14:55
.
Vor Suchlauf: 9.659.248.640 Bytes frei
Nach Suchlauf: 9.627.549.696 Bytes frei
.
- - End Of File - - D5BB24BDB16C7FF72360ABB23EE54408
         
Farbar's:

Code:
ATTFilter
Farbar Service Scanner Version: 06-08-2012
Ran by Boludo (administrator) on 03-09-2012 at 18:27:40
Running from "C:\Users\Boludo\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Demand. The default start type is Auto.
The ImagePath of MpsSvc: ".".
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Demand. The default start type is Auto.
The ImagePath of bfe: ".".
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         
Dank & Gruß
Micha


Alt 03.09.2012, 17:59   #6
Larusso
/// Selecta Jahrusso
 
Live Security Platinum 3.6.1 - Standard

Live Security Platinum 3.6.1



Downloade dir bitte ServiceRepair.exe auf deinem Desktop.
Doppelklick auf die Datei und bestätige die ersten Nachricht mit Yes.
Das Tool wird einen Neustart verlangen, dies bitte zulassen.



Starte bitte FSS.exe erneut und klicke auf den Scan Button. Poste die FSS.txt bitte hier und berichte, wie der Rechner läuft.
__________________
--> Live Security Platinum 3.6.1

Alt 03.09.2012, 18:34   #7
Boludo
 
Live Security Platinum 3.6.1 - Standard

Live Security Platinum 3.6.1



FSS Log:

Code:
ATTFilter
Farbar Service Scanner Version: 06-08-2012
Ran by Boludo (administrator) on 03-09-2012 at 19:32:23
Running from "C:\Users\Boludo\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         
Der Rechner läuft normal, keine ersichtlichen Probleme.

Gruß
Micha

Alt 03.09.2012, 18:59   #8
Larusso
/// Selecta Jahrusso
 
Live Security Platinum 3.6.1 - Standard

Live Security Platinum 3.6.1



Sieht alles ganz gut aus



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 04.09.2012, 05:09   #9
Boludo
 
Live Security Platinum 3.6.1 - Standard

Live Security Platinum 3.6.1



3 Funde

Code:
ATTFilter
C:\$RECYCLE.BIN\S-1-5-21-2555909198-2805718332-2460936450-1000\$RZEDW1Q.exe	a variant of Win32/InstallCore.AN application
C:\Users\Boludo\AppData\Local\temp\ICReinstall_DownloadManagerSetup.exe	a variant of Win32/InstallCore.AN application
C:\Users\Boludo\AppData\Local\temp\is357113909\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe	probably a variant of Win32/Adware.HLQFYSH application
         
Dank & Gruß
Micha

Alt 04.09.2012, 12:50   #10
Larusso
/// Selecta Jahrusso
 
Live Security Platinum 3.6.1 - Standard

Live Security Platinum 3.6.1



Die Funde sind garnichts.

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:commands
[emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt )
    Kopiere nun den Inhalt hier in Deinen Thread




Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.



Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.




Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 04.09.2012, 13:20   #11
Boludo
 
Live Security Platinum 3.6.1 - Standard

Live Security Platinum 3.6.1



Zitat:
Zitat von Larusso Beitrag anzeigen
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.
Habe hier gestoppt, da ich nur ein Hacken bei Trace- und Logdateien setzen kann. Die beiden weiteren Punkte sind nicht anwählbar. Soll ich fortfahren mit der einen Auswahl?

Gruß
Micha

Alt 04.09.2012, 18:11   #12
Larusso
/// Selecta Jahrusso
 
Live Security Platinum 3.6.1 - Standard

Live Security Platinum 3.6.1



Danke für den Hinweis.

Ja
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 04.09.2012, 19:03   #13
Boludo
 
Live Security Platinum 3.6.1 - Standard

Live Security Platinum 3.6.1



OTL Fix Log:

Code:
ATTFilter
All processes killed
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Boludo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 24155794 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65860081 bytes
->Flash cache emptied: 506 bytes
 
User: Catja Mobil
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7288 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 86,00 mb
 
 
OTL by OldTimer - Version 3.2.59.1 log created on 09042012_140005

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
OTL Log:

Code:
ATTFilter
OTL logfile created on: 04.09.2012 19:41:47 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Boludo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,36% Memory free
6,19 Gb Paging File | 5,15 Gb Available in Paging File | 83,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 8,27 Gb Free Space | 7,42% Space Free | Partition Type: NTFS
Drive D: | 107,90 Gb Total Space | 3,33 Gb Free Space | 3,09% Space Free | Partition Type: NTFS
 
Computer Name: BOLUDO-PC | User Name: Boludo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.03 18:26:20 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Boludo\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2012.09.02 07:57:11 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe
PRC - [2012.04.22 10:05:38 | 000,474,168 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012.04.22 09:58:48 | 000,724,536 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012.04.19 08:57:16 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2012.04.19 08:57:16 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.03.13 11:24:20 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.03.11 20:30:28 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.03.11 11:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.07 04:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008.01.31 18:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007.10.11 08:46:14 | 000,121,344 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2007.10.11 08:45:52 | 000,031,232 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 06:57:02 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012.06.14 06:47:10 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 06:46:52 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.24 18:06:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.24 18:01:05 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.24 17:57:36 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.24 17:57:21 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.04.13 12:04:32 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.04.13 12:00:04 | 000,170,496 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxslt.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.09.23 15:58:24 | 000,008,960 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.03.29 04:48:02 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3005.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008.03.29 04:48:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3005.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008.03.29 04:48:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3005.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008.03.11 10:14:34 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.30 11:24:26 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.22 10:05:38 | 000,474,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009.11.20 23:23:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.11.01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.11.01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.09.08 20:42:26 | 000,100,376 | ---- | M] (VisionWorks Solutions, Inc) [File_System | System | Running] -- C:\Windows\System32\drivers\FAMv4.sys -- (FAMv4)
DRV - [2009.08.05 07:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.11.17 08:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.03.13 10:23:06 | 000,080,912 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.07 19:55:00 | 007,480,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.15 10:09:46 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.01.08 21:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.12.18 18:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.7
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_10.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_10.0
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 11:24:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.04 19:39:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.11 21:59:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Boludo\AppData\Roaming\12011
 
[2009.11.20 12:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boludo\AppData\Roaming\mozilla\Extensions
[2012.08.27 08:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boludo\AppData\Roaming\mozilla\Firefox\Profiles\lb90ov9f.default\extensions
[2012.08.27 08:37:16 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Boludo\AppData\Roaming\mozilla\Firefox\Profiles\lb90ov9f.default\extensions\maps@ovi.com
[2012.06.14 20:25:50 | 000,000,925 | ---- | M] () -- C:\Users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\searchplugins\conduit.xml
[2011.07.31 18:52:02 | 000,005,310 | ---- | M] () -- C:\Users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\searchplugins\footiefox.xml
[2012.09.04 14:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.26 19:21:38 | 000,222,562 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
[2012.05.23 19:03:31 | 000,355,956 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\{9FB7D178-155A-4318-9173-1A8EAAEA7FE4}.XPI
[2012.02.07 18:29:57 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2009.11.20 12:27:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.08.30 11:24:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 11:24:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.09.03 18:09:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8621F01D-1B82-4981-BC90-637664DB07CE}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.04 19:25:43 | 000,000,000 | R--D | C] -- C:\Users\Boludo\Documents
[2012.09.04 14:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.04 14:10:34 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.09.04 14:10:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.09.04 14:10:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.09.04 14:10:22 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.09.04 14:05:11 | 000,894,952 | ---- | C] (Oracle Corporation) -- C:\Users\Boludo\Desktop\jxpiinstall.exe
[2012.09.04 14:00:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.03 20:12:37 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Boludo\Desktop\esetsmartinstaller_enu.exe
[2012.09.03 19:27:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012.09.03 18:24:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.09.03 18:23:14 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Boludo\Desktop\FSS.exe
[2012.09.03 18:15:05 | 000,000,000 | ---D | C] -- C:\Users\Boludo\AppData\Local\temp
[2012.09.03 18:10:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.09.03 17:33:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.09.03 17:28:54 | 004,743,334 | R--- | C] (Swearware) -- C:\Users\Boludo\Desktop\ComboFix.exe
[2012.09.03 16:27:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.09.03 16:27:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.09.03 16:27:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.09.03 16:19:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.02 07:57:08 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe
[2012.08.15 07:05:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.15 07:04:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.15 07:04:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.15 07:04:57 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.15 07:04:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.15 07:04:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.15 07:04:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.15 07:04:18 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.04 19:39:15 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.09.04 19:23:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.04 16:17:50 | 000,141,505 | ---- | M] () -- C:\Users\Boludo\Desktop\Kitaplatz_Interessentenbogen_Caven.pdf
[2012.09.04 16:14:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 16:14:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 14:14:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.09.04 14:14:01 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.04 14:13:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.04 14:09:14 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.09.04 14:09:12 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012.09.04 14:09:12 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.09.04 14:09:12 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.09.04 14:09:12 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.09.04 14:09:12 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.09.04 14:05:13 | 000,894,952 | ---- | M] (Oracle Corporation) -- C:\Users\Boludo\Desktop\jxpiinstall.exe
[2012.09.04 13:16:34 | 000,013,915 | ---- | M] () -- D:\Daten\Ausgaben September.ods
[2012.09.04 13:05:43 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.04 13:05:43 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.04 13:05:43 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.04 13:05:43 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.03 20:12:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Boludo\Desktop\esetsmartinstaller_enu.exe
[2012.09.03 19:21:45 | 004,009,167 | ---- | M] () -- C:\Users\Boludo\Desktop\ServicesRepair.exe
[2012.09.03 18:23:14 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Boludo\Desktop\FSS.exe
[2012.09.03 18:09:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.09.03 17:29:10 | 004,743,334 | R--- | M] (Swearware) -- C:\Users\Boludo\Desktop\ComboFix.exe
[2012.09.03 11:54:42 | 003,742,512 | ---- | M] () -- C:\Users\Boludo\Desktop\016.jpg
[2012.09.03 11:53:50 | 003,683,039 | ---- | M] () -- C:\Users\Boludo\Desktop\019.jpg
[2012.09.03 11:26:29 | 003,706,648 | ---- | M] () -- C:\Users\Boludo\Desktop\011.jpg
[2012.09.03 11:25:26 | 003,590,641 | ---- | M] () -- C:\Users\Boludo\Desktop\010.jpg
[2012.09.03 11:24:35 | 003,557,781 | ---- | M] () -- C:\Users\Boludo\Desktop\008.jpg
[2012.09.03 11:23:32 | 003,656,740 | ---- | M] () -- C:\Users\Boludo\Desktop\009.jpg
[2012.09.03 11:21:32 | 003,955,620 | ---- | M] () -- C:\Users\Boludo\Desktop\014.jpg
[2012.09.03 11:20:22 | 003,887,138 | ---- | M] () -- C:\Users\Boludo\Desktop\015.jpg
[2012.09.02 19:51:01 | 000,000,555 | ---- | M] () -- C:\Users\Boludo\Desktop\Ausgaben September - Verknüpfung.lnk
[2012.09.02 19:50:34 | 000,000,469 | ---- | M] () -- C:\Users\Boludo\Desktop\Arztrechnungen - Verknüpfung.lnk
[2012.09.02 08:53:17 | 000,302,592 | ---- | M] () -- C:\Users\Boludo\Desktop\e1rvr27y.exe
[2012.09.02 08:50:19 | 000,084,934 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.02 07:57:11 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe
[2012.09.01 21:52:08 | 000,018,432 | ---- | M] () -- C:\Users\Boludo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.01 21:11:56 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.09.01 21:11:56 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.31 20:56:55 | 000,014,887 | ---- | M] () -- D:\Daten\Ausgaben August.ods
[2012.08.31 11:13:46 | 000,017,101 | ---- | M] () -- D:\Daten\Arztrechnungen.ods
[2012.08.29 09:52:20 | 000,000,680 | ---- | M] () -- C:\Users\Boludo\AppData\Local\d3d9caps.dat
[2012.08.28 07:12:54 | 000,000,830 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012.08.15 07:34:58 | 000,352,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.06 20:36:48 | 000,000,699 | ---- | M] () -- C:\Windows\wiso.ini
 
========== Files Created - No Company Name ==========
 
[2012.09.04 19:39:15 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.09.04 19:39:15 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.09.04 16:17:50 | 000,141,505 | ---- | C] () -- C:\Users\Boludo\Desktop\Kitaplatz_Interessentenbogen_Caven.pdf
[2012.09.03 19:21:40 | 004,009,167 | ---- | C] () -- C:\Users\Boludo\Desktop\ServicesRepair.exe
[2012.09.03 16:27:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.09.03 16:27:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.09.03 16:27:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.09.03 16:27:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.09.03 16:27:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.09.03 11:54:36 | 003,742,512 | ---- | C] () -- C:\Users\Boludo\Desktop\016.jpg
[2012.09.03 11:53:45 | 003,683,039 | ---- | C] () -- C:\Users\Boludo\Desktop\019.jpg
[2012.09.03 11:26:24 | 003,706,648 | ---- | C] () -- C:\Users\Boludo\Desktop\011.jpg
[2012.09.03 11:25:21 | 003,590,641 | ---- | C] () -- C:\Users\Boludo\Desktop\010.jpg
[2012.09.03 11:24:30 | 003,557,781 | ---- | C] () -- C:\Users\Boludo\Desktop\008.jpg
[2012.09.03 11:23:27 | 003,656,740 | ---- | C] () -- C:\Users\Boludo\Desktop\009.jpg
[2012.09.03 11:21:27 | 003,955,620 | ---- | C] () -- C:\Users\Boludo\Desktop\014.jpg
[2012.09.03 11:20:16 | 003,887,138 | ---- | C] () -- C:\Users\Boludo\Desktop\015.jpg
[2012.09.02 19:50:34 | 000,000,469 | ---- | C] () -- C:\Users\Boludo\Desktop\Arztrechnungen - Verknüpfung.lnk
[2012.09.02 19:50:24 | 000,000,555 | ---- | C] () -- C:\Users\Boludo\Desktop\Ausgaben September - Verknüpfung.lnk
[2012.09.02 08:53:17 | 000,302,592 | ---- | C] () -- C:\Users\Boludo\Desktop\e1rvr27y.exe
[2012.08.31 09:10:47 | 000,013,915 | ---- | C] () -- D:\Daten\Ausgaben September.ods
[2012.08.08 19:35:43 | 000,000,830 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012.06.01 09:31:43 | 000,000,008 | ---- | C] () -- C:\Users\Boludo\AppData\Roaming\urhtps.dat
[2011.06.11 19:02:43 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe
[2011.03.15 23:41:32 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.02.20 15:09:34 | 000,000,699 | ---- | C] () -- C:\Windows\wiso.ini
[2011.01.04 17:07:44 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010.11.05 20:03:33 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.04.18 18:29:23 | 000,000,680 | ---- | C] () -- C:\Users\Boludo\AppData\Local\d3d9caps.dat
[2010.01.16 14:36:39 | 000,034,923 | ---- | C] () -- C:\Users\Boludo\AppData\Roaming\mdbu.bin
[2009.11.22 17:43:57 | 000,084,934 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.11.22 17:40:22 | 000,084,934 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.11.22 00:41:26 | 000,018,432 | ---- | C] () -- C:\Users\Boludo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >
         
Extras:

Code:
ATTFilter
OTL Extras logfile created on: 04.09.2012 19:41:47 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Boludo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,36% Memory free
6,19 Gb Paging File | 5,15 Gb Available in Paging File | 83,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 8,27 Gb Free Space | 7,42% Space Free | Partition Type: NTFS
Drive D: | 107,90 Gb Total Space | 3,33 Gb Free Space | 3,09% Space Free | Partition Type: NTFS
 
Computer Name: BOLUDO-PC | User Name: Boludo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AceBackup] -- "C:\Program Files\AceBIT\AceBackup 3\AceBackup.exe" -as "%1" (AceBIT)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Fotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Saturn Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Saturn Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770103E9-E1C3-48C9-812B-2982C7070575}_is1" = Pazera Free MOV to AVI Converter 1.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{87B60A11-AA9E-43FE-A68F-B3C4F80F7D2F}" = AceBackup 3
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials
"{9F70E36A-8C0F-4069-9C81-9708E46E6F5E}" = O&O PartitionManager Professional
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B5577A8D-500A-4972-ADC4-E813C94FC510}" = NTI Backup Now 5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AmoKExifSorter2" = AmoK Exif Sorter 2.5.6 (nur deinstallieren)
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner
"DirSync" = DirSync  2.93
"dm-Fotowelt" = dm-Fotowelt
"DPP" = Canon Utilities Digital Photo Professional 3.4
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"Fotoservice" = Fotoservice
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"GMX ProfiFax" = GMX ProfiFax
"GMX SMS-Manager" = GMX SMS-Manager
"GridVista" = Acer GridVista
"InstallShield_{B5577A8D-500A-4972-ADC4-E813C94FC510}" = NTI Backup Now 5.5
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MusicBrainz Picard" = MusicBrainz Picard
"MyCamera" = Canon Utilities MyCamera
"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.12
"Nokia Suite" = Nokia Suite
"NTI Open File Manager" = NTI Open File Manager
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"pdfsam" = pdfsam
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Saturn Fotoservice" = Saturn Fotoservice
"SopCast" = SopCast 3.3.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.09.2012 10:34:15 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.09.2012 10:34:15 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 52869
 
Error - 04.09.2012 10:34:15 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 52869
 
Error - 04.09.2012 10:34:22 | Computer Name = Boludo-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,  Prozess-ID 0x15b8, 
Anwendungsstartzeit 01cd8aaa5fc761a0.
 
Error - 04.09.2012 13:23:56 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.09.2012 13:23:56 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9515234
 
Error - 04.09.2012 13:23:56 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9515234
 
Error - 04.09.2012 13:24:05 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.09.2012 13:24:05 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9523799
 
Error - 04.09.2012 13:24:05 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9523799
 
[ Media Center Events ]
Error - 05.04.2012 14:31:30 | Computer Name = Boludo-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
[ System Events ]
Error - 04.09.2012 08:00:06 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 04.09.2012 08:01:43 | Computer Name = Boludo-PC | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
 nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
 oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
 auswählen.
 
Error - 04.09.2012 08:02:21 | Computer Name = Boludo-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{8621F01D-1B82-4981-BC90-637664DB07CE} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 04.09.2012 08:14:01 | Computer Name = Boludo-PC | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
 nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
 oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
 auswählen.
 
Error - 04.09.2012 13:25:44 | Computer Name = Boludo-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 04.09.2012 13:25:44 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 04.09.2012 13:25:44 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.09.2012 13:25:44 | Computer Name = Boludo-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 04.09.2012 13:25:44 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 04.09.2012 13:25:44 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
Gruß
Micha

Alt 04.09.2012, 21:44   #14
Larusso
/// Selecta Jahrusso
 
Live Security Platinum 3.6.1 - Standard

Live Security Platinum 3.6.1



Nabend.

Noch Probleme ?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 05.09.2012, 07:50   #15
Boludo
 
Live Security Platinum 3.6.1 - Standard

Live Security Platinum 3.6.1



Moin!

Nein! (Also zumindest nicht mit dem Rechner)

Aber eine Frage: Sollte ich mir wegen des auf c: liegenden ordners $recycle.bin Sorgen machen? Im Windows Explorer wird mir der Ordner als leer angezeigt, wenn ich mir allerdings die Eigenschaften anzeigen lasse, steht dort Inhalt 1 Datei mit einer Ordnergröße von 129 Bytes bzw 4.096 Bytes auf dem Datenträger. Hat dies überhaupt mit dem Befall zu tun?

Dank und Gruß
Micha

Antwort

Themen zu Live Security Platinum 3.6.1
7-zip, ad-aware, antivir, autorun, avira, bho, bonjour, cursor, desktop, error, fastprox.dll, firefox, flash player, getwindowinfo, helper, home, iexplore.exe, installation, launch, mozilla, mp3, nodrives, ntdll.dll, popup, realtek, recycle.bin, registry, rundll, security, software, system, vista



Ähnliche Themen: Live Security Platinum 3.6.1


  1. troj zero acces in: Live Security Platinum und Microsoft\Security Center|
    Log-Analyse und Auswertung - 10.12.2012 (7)
  2. Live Security Platinum
    Log-Analyse und Auswertung - 28.09.2012 (8)
  3. Live Security Platinum 3.6.1
    Plagegeister aller Art und deren Bekämpfung - 21.09.2012 (3)
  4. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (5)
  5. Live Security Platinum
    Log-Analyse und Auswertung - 12.09.2012 (2)
  6. Live Security Platinum (zum x-ten)
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (21)
  7. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 11.08.2012 (23)
  8. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (6)
  9. Live Security Platinum
    Log-Analyse und Auswertung - 01.08.2012 (1)
  10. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (14)
  11. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  12. Live Security Platinum
    Log-Analyse und Auswertung - 30.07.2012 (1)
  13. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (1)
  14. live security platinum
    Log-Analyse und Auswertung - 17.07.2012 (3)
  15. Log <-- live security platinum
    Log-Analyse und Auswertung - 15.07.2012 (1)
  16. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  17. Live Security Platinum
    Alles rund um Windows - 10.07.2012 (1)

Zum Thema Live Security Platinum 3.6.1 - Moin, gestern Abend hat sich auf meinem Rechner Live Security Platinum 3.6.1 gemeldet und erst einmal alles lahmgelegt. (Übrigens kurz nachdem sich Adobe Flash Player als Update gemeldet hatte und - Live Security Platinum 3.6.1...
Archiv
Du betrachtest: Live Security Platinum 3.6.1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.