AviraExploitsfunde:EXP/2011-3544.CZ.2; EXP/Java.Ternub.a.6; EXP/Java.Ternub.a.28 &Fund APPL/HideWindows.31232 in C:\Programme\MioNet\cmd.exe

cosinus · 04.10.2012, 13:44

Hm, da ist immer noch Toolbar-Müll drin
Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

raethkey · 04.10.2012, 14:00

done!

Code:

ATTFilter

# AdwCleaner v2.003 - Datei am 10/04/2012 um 14:57:12 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Mumsi - LIZZY
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Mumsi\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [578 octets] - [04/10/2012 14:57:12]

########## EOF - C:\AdwCleaner[R1].txt - [637 octets] ##########

Die einzige Toolbar, die noch bestand, war GMX Mailcheck als Add-on für Firefox - hab ich soeben manuell entfernt.

cosinus · 04.10.2012, 14:28

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

raethkey · 04.10.2012, 14:44

done!

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.10.2012 15:35:26 - Run 2
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Dokumente und Einstellungen\Mumsi\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 85,27% Memory free
4,84 Gb Paging File | 4,28 Gb Available in Paging File | 88,31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,65 Gb Total Space | 301,93 Gb Free Space | 64,84% Space Free | Partition Type: FAT32
Drive I: | 149,05 Gb Total Space | 7,77 Gb Free Space | 5,21% Space Free | Partition Type: NTFS
Drive J: | 3,73 Gb Total Space | 2,25 Gb Free Space | 60,38% Space Free | Partition Type: FAT32
Drive K: | 963,73 Mb Total Space | 72,16 Mb Free Space | 7,49% Space Free | Partition Type: FAT
Drive L: | 3,73 Gb Total Space | 2,73 Gb Free Space | 73,28% Space Free | Partition Type: FAT32
 
Computer Name: LIZZY | User Name: Mumsi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.04 15:33:54 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mumsi\Desktop\OTL.exe
PRC - [2012.09.25 11:00:46 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.25 10:52:58 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 10:52:50 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.19 19:20:42 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.15 13:23:48 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006.10.11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Programme\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006.05.10 13:26:42 | 000,278,528 | ---- | M] () -- C:\Programme\Philips\Philips SPC315NC Webcam\TrayMin315.exe
PRC - [2004.06.09 15:37:02 | 000,040,960 | ---- | M] (BIGDOG) -- C:\WINDOWS\VM_STI.EXE
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.19 19:17:42 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.07.27 22:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2010.08.10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.05.10 13:26:42 | 000,278,528 | ---- | M] () -- C:\Programme\Philips\Philips SPC315NC Webcam\TrayMin315.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.25 11:00:46 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:52:58 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.24 13:07:38 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.09 16:42:32 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.09.24 09:58:12 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 10:58:26 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.13 10:58:18 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.27 15:50:26 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.04.10 12:04:40 | 004,397,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.03.06 05:27:32 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.03.06 05:27:28 | 000,058,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.02.26 16:25:52 | 000,091,527 | ---- | M] (VM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004.08.13 10:56:00 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.12.05 11:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.07.16 14:58:30 | 000,013,056 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.olidata.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.olidata.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.olidata.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.olidata.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\..\SearchScopes\{78C093D2-1BFB-4824-8ADF-7D9908C0510B}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\..\SearchScopes\{F2AD07D5-65FA-4E50-AFA8-163C15B0BFCA}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: en-US@dictionaries.addons.mozilla.org:6.0
FF - prefs.js..extensions.enabledAddons: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5015 [2011.05.31 15:48:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.09 16:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.09 16:42:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5015 [2011.05.31 15:48:34 | 000,000,000 | ---D | M]
 
[2009.03.04 11:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Extensions
[2008.01.01 18:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\extensions
[2010.06.27 00:37:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.22 17:53:00 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.05.24 16:07:42 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012.09.25 15:32:48 | 000,000,853 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\11-suche.xml
[2012.09.25 15:32:46 | 000,010,506 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\gmx-suche.xml
[2012.09.25 15:32:46 | 000,005,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\webde-suche.xml
[2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin.src
[2012.10.01 17:16:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-39.xml
[2012.05.05 15:25:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-40.xml
[2008.01.01 23:22:26 | 000,001,878 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\aolsearch.xml
[2012.09.02 19:49:34 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-17.xml
[2012.09.25 15:32:48 | 000,002,368 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\lastminute.xml
[2012.09.25 15:32:48 | 000,002,209 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\englische-ergebnisse.xml
[2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin.gif
[2012.08.05 10:08:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-41.xml
[2012.08.05 16:42:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-42.xml
[2012.09.10 15:45:28 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-43.xml
[2012.09.11 09:59:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-44.xml
[2010.12.16 12:20:00 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-2.xml
[2011.02.24 10:09:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-8.xml
[2011.03.03 09:50:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-18.xml
[2011.03.16 10:02:34 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-19.xml
[2011.03.23 11:56:00 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-9.xml
[2011.03.26 22:04:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-20.xml
[2011.03.29 00:37:32 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-21.xml
[2011.04.29 11:14:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-4.xml
[2011.05.01 10:35:58 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin.xml
[2011.05.07 19:12:08 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-22.xml
[2011.05.08 10:36:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-23.xml
[2011.06.27 11:47:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-10.xml
[2011.07.05 19:21:08 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-24.xml
[2011.07.06 10:40:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-25.xml
[2011.08.26 17:57:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-11.xml
[2011.08.30 10:07:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-26.xml
[2011.08.30 10:09:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-5.xml
[2011.08.30 10:45:14 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-27.xml
[2011.09.08 11:36:34 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-12.xml
[2011.09.09 15:33:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-28.xml
[2011.09.09 16:04:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-29.xml
[2011.09.09 16:06:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-1.xml
[2011.10.02 19:16:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-13.xml
[2011.10.03 19:57:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-30.xml
[2011.10.03 19:59:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-6.xml
[2011.10.04 08:37:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-31.xml
[2011.10.26 19:57:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-14.xml
[2011.11.08 20:08:08 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-3.xml
[2011.11.09 10:57:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-32.xml
[2011.11.09 11:07:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-33.xml
[2012.01.08 19:20:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-15.xml
[2012.01.13 12:26:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-34.xml
[2012.01.13 12:43:06 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-35.xml
[2012.02.13 09:49:58 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-16.xml
[2012.02.25 00:19:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-36.xml
[2012.02.25 00:25:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-37.xml
[2012.03.14 11:59:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-7.xml
[2012.03.26 15:28:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-38.xml
[2012.09.09 16:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.09 16:42:24 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.09.09 16:42:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.01 11:17:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.09 16:42:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.06.29 10:29:18 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2012.06.29 10:29:18 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.29 10:29:18 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.29 10:29:18 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.29 10:29:18 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.05 15:24:10 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (BIGDOG)
O4 - HKLM..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1888824258-2030818873-708882483-1005..\Run: [Power2GoExpress]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TrayMin315.exe.lnk = C:\Programme\Philips\Philips SPC315NC Webcam\TrayMin315.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Mumsi\Startmenü\Programme\Autostart\Picture Motion Browser Medien-Prüfung.lnk = C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64EF5E6B-BE29-4633-88B9-7D0465449F1F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mumsi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mumsi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.22 14:08:16 | 000,000,110 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\{b873b00a-8c5b-11df-a3fa-001d60a1552b}\Shell\AutoRun\command - "" = I:\wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - 
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.clmp3enc - C:\Programme\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.03 18:17:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012.10.02 21:29:21 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.10.02 21:29:15 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Mumsi\Desktop\esetsmartinstaller_enu.exe
[2012.10.01 20:38:34 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mumsi\Desktop\OTL.exe
[2012.10.01 18:36:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Malwarebytes
[2012.10.01 18:36:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.10.01 18:36:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.10.01 18:36:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.10.01 18:36:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.10.01 13:00:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.01 11:14:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Avira
[2012.10.01 11:12:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2012.10.01 11:09:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2012.10.01 11:09:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Mozilla
[2012.10.01 11:08:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2012.10.01 11:08:34 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.10.01 11:08:34 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.10.01 11:08:34 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.10.01 11:08:31 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2012.10.01 11:08:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2012.09.09 16:42:22 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.04 15:33:54 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mumsi\Desktop\OTL.exe
[2012.10.04 15:07:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.10.04 14:56:36 | 000,513,501 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Desktop\adwcleaner.exe
[2012.10.04 14:18:50 | 000,452,446 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.10.04 14:18:50 | 000,435,726 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.04 14:18:50 | 000,081,386 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.10.04 14:18:50 | 000,068,622 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.10.04 14:14:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.10.04 14:14:18 | 3220,492,288 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.04 10:52:24 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.10.02 23:28:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.02 21:29:08 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Mumsi\Desktop\esetsmartinstaller_enu.exe
[2012.10.01 20:57:30 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\defogger_reenable
[2012.10.01 20:42:08 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Desktop\Gmer.exe
[2012.10.01 20:31:02 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Desktop\Defogger.exe
[2012.10.01 18:36:08 | 000,000,662 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.01 17:17:38 | 000,002,515 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Desktop\Word 2007.lnk
[2012.10.01 11:08:46 | 000,001,577 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.09.24 09:58:12 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.09.13 10:58:26 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.09.13 10:58:18 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.09.12 17:23:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.04 14:56:40 | 000,513,501 | ---- | C] () -- C:\Dokumente und Einstellungen\Mumsi\Desktop\adwcleaner.exe
[2012.10.01 20:57:29 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Mumsi\defogger_reenable
[2012.10.01 20:42:33 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Mumsi\Desktop\Gmer.exe
[2012.10.01 20:31:33 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Mumsi\Desktop\Defogger.exe
[2012.10.01 18:36:07 | 000,000,662 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.01 17:17:36 | 000,002,515 | ---- | C] () -- C:\Dokumente und Einstellungen\Mumsi\Desktop\Word 2007.lnk
[2012.10.01 11:08:44 | 000,001,577 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.02.17 12:32:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.05.31 19:55:41 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
[2008.04.05 22:54:55 | 000,055,808 | ---- | C] () -- C:\Dokumente und Einstellungen\Mumsi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.12 08:57:43 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008.01.01 18:45:51 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
 
========== ZeroAccess Check ==========
 
[2007.11.09 09:44:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.01.02 02:06:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2008.01.02 02:10:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2008.01.02 22:32:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2008.01.03 11:21:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2009.04.08 13:31:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009.08.03 22:29:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010.11.28 18:05:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008.01.02 02:10:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\ScanSoft
[2008.01.02 23:51:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\PC Suite
[2008.04.19 13:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Canon
[2009.05.28 15:07:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Walgreens
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2007.11.09 09:39:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Identities
[2007.11.09 09:47:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\InstallShield
[2007.11.09 11:11:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\CyberLink
[2007.11.09 12:00:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Adobe
[2007.11.09 09:25:28 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Microsoft
[2008.01.01 18:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla
[2008.01.01 19:01:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Winamp
[2008.01.01 20:03:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Macromedia
[2008.01.02 02:10:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\ScanSoft
[2008.01.02 23:51:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\PC Suite
[2008.03.01 22:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Comodo
[2008.03.12 08:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Skype
[2008.03.12 08:57:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\skypePM
[2008.04.05 19:28:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Sony Corporation
[2008.04.05 22:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\ArcSoft
[2008.04.19 13:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Canon
[2009.03.05 19:58:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Apple Computer
[2009.05.28 15:00:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\WinRAR
[2009.05.28 15:07:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Walgreens
[2010.02.15 12:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Sun
[2010.09.25 17:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Help
[2012.10.01 11:14:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Avira
[2012.10.01 18:36:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Malwarebytes
 
< %APPDATA%\*.exe /s >
[2009.08.04 12:28:36 | 001,924,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.10.09 14:22:30 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008.10.09 14:22:30 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.10.09 14:22:30 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008.10.09 14:22:30 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVGTS.SYS  >
[2007.05.04 08:50:10 | 000,103,936 | ---- | M] (NVIDIA Corporation) MD5=859794817394AFAE6E79E069BA5125BA -- C:\d\chipset\Nforce630a\ide\Win2K\sata_ide\nvgts.sys
[2007.05.04 08:50:10 | 000,103,936 | ---- | M] (NVIDIA Corporation) MD5=859794817394AFAE6E79E069BA5125BA -- C:\d\chipset\Nforce630a\ide\Win2K\sataraid\nvgts.sys
[2007.05.04 08:50:10 | 000,103,936 | ---- | M] (NVIDIA Corporation) MD5=859794817394AFAE6E79E069BA5125BA -- C:\d\chipset\Nforce630a\ide\WinXP\sata_ide\nvgts.sys
[2007.05.04 08:50:10 | 000,103,936 | ---- | M] (NVIDIA Corporation) MD5=859794817394AFAE6E79E069BA5125BA -- C:\d\chipset\Nforce630a\ide\WinXP\sataraid\nvgts.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2006.02.28 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2006.02.28 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 16:48:40 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2006.02.28 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.02.28 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2007.11.09 09:22:24 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2007.11.09 09:22:24 | 000,643,072 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007.11.09 09:22:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<           >
[1980.01.01 00:00:00 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2007.11.09 09:34:23 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2009.03.05 19:57:53 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2012.04.12 14:37:48 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

< End of report >

--- --- ---

cosinus · 04.10.2012, 14:51

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q="
FF - user.js - File not found
[2012.09.25 15:32:46 | 000,005,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\webde-suche.xml
[2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin.src
[2012.10.01 17:16:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-39.xml
[2012.05.05 15:25:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-40.xml
[2008.01.01 23:22:26 | 000,001,878 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\aolsearch.xml
[2012.09.02 19:49:34 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-17.xml
[2012.09.25 15:32:48 | 000,002,368 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\lastminute.xml
[2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin.gif
[2012.08.05 10:08:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-41.xml
[2012.08.05 16:42:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-42.xml
[2012.09.10 15:45:28 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-43.xml
[2012.09.11 09:59:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-44.xml
[2010.12.16 12:20:00 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-2.xml
[2011.02.24 10:09:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-8.xml
[2011.03.03 09:50:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-18.xml
[2011.03.16 10:02:34 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-19.xml
[2011.03.23 11:56:00 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-9.xml
[2011.03.26 22:04:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-20.xml
[2011.03.29 00:37:32 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-21.xml
[2011.04.29 11:14:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-4.xml
[2011.05.01 10:35:58 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin.xml
[2011.05.07 19:12:08 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-22.xml
[2011.05.08 10:36:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-23.xml
[2011.06.27 11:47:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-10.xml
[2011.07.05 19:21:08 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-24.xml
[2011.07.06 10:40:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-25.xml
[2011.08.26 17:57:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-11.xml
[2011.08.30 10:07:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-26.xml
[2011.08.30 10:09:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-5.xml
[2011.08.30 10:45:14 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-27.xml
[2011.09.08 11:36:34 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-12.xml
[2011.09.09 15:33:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-28.xml
[2011.09.09 16:04:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-29.xml
[2011.09.09 16:06:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-1.xml
[2011.10.02 19:16:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-13.xml
[2011.10.03 19:57:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-30.xml
[2011.10.03 19:59:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-6.xml
[2011.10.04 08:37:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-31.xml
[2011.10.26 19:57:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-14.xml
[2011.11.08 20:08:08 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-3.xml
[2011.11.09 10:57:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-32.xml
[2011.11.09 11:07:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-33.xml
[2012.01.08 19:20:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-15.xml
[2012.01.13 12:26:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-34.xml
[2012.01.13 12:43:06 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-35.xml
[2012.02.13 09:49:58 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-16.xml
[2012.02.25 00:19:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-36.xml
[2012.02.25 00:25:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-37.xml
[2012.03.14 11:59:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-7.xml
[2012.03.26 15:28:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-38.xml
[2012.09.09 16:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.09 16:42:24 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1888824258-2030818873-708882483-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.22 14:08:16 | 000,000,110 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\{b873b00a-8c5b-11df-a3fa-001d60a1552b}\Shell\AutoRun\command - "" = I:\wd_windows_tools\setup.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

raethkey · 04.10.2012, 15:15

done! Rechner wurde neu gestartet.

Code:

ATTFilter

All processes killed
========== OTL ==========
HKU\S-1-5-21-1888824258-2030818873-708882483-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1888824258-2030818873-708882483-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-1888824258-2030818873-708882483-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1888824258-2030818873-708882483-1005\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=" removed from keyword.URL
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\webde-suche.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin.src moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-39.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-40.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\aolsearch.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\lastminute.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin.gif moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-41.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-42.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-43.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-44.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-21.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-22.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-23.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-24.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-25.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-26.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-27.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-28.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-29.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-30.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-31.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-32.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-33.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-34.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-35.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-36.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-37.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Dokumente und Einstellungen\Mumsi\Anwendungsdaten\Mozilla\Firefox\Profiles\xbmwqln0.default\searchplugins\icqplugin-38.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions folder moved successfully.
Folder C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1888824258-2030818873-708882483-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Easy-WebPrint\ not found.
File WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Toolband.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Easy-WebPrint\ not found.
File WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Toolband.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Easy-WebPrint\ not found.
File WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Toolband.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Easy-WebPrint\ not found.
File WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Toolband.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
L:\autorun.inf moved successfully.
Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\ not found.
Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe not found.
Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\ not found.
File C:\Recycled\ctfmon.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b873b00a-8c5b-11df-a3fa-001d60a1552b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b873b00a-8c5b-11df-a3fa-001d60a1552b}\ not found.
File I:\wd_windows_tools\setup.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 94458325 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->FireFox cache emptied: 168445790 bytes
->Flash cache emptied: 1199 bytes
 
User: Mumsi
->Temp folder emptied: 841147817 bytes
->Temporary Internet Files folder emptied: 26593978 bytes
->Java cache emptied: 19172299 bytes
->FireFox cache emptied: 211795526 bytes
->Flash cache emptied: 1947259 bytes
 
User: Andy
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 1163143 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43040846 bytes
RecycleBin emptied: 591536392 bytes
 
Total Files Cleaned = 1.907,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.70.2 log created on 10042012_161011

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\ not found.

cosinus · 04.10.2012, 15:40

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

raethkey · 04.10.2012, 16:37

done! Neustart wurde nicht verlangt, beide Funde geskipt.

Code:

ATTFilter

17:27:36.0250 1152  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:27:36.0328 1152  ============================================================
17:27:36.0328 1152  Current date / time: 2012/10/04 17:27:36.0328
17:27:36.0328 1152  SystemInfo:
17:27:36.0328 1152  
17:27:36.0328 1152  OS Version: 5.1.2600 ServicePack: 3.0
17:27:36.0328 1152  Product type: Workstation
17:27:36.0328 1152  ComputerName: LIZZY
17:27:36.0328 1152  UserName: Mumsi
17:27:36.0328 1152  Windows directory: C:\WINDOWS
17:27:36.0328 1152  System windows directory: C:\WINDOWS
17:27:36.0328 1152  Processor architecture: Intel x86
17:27:36.0328 1152  Number of processors: 2
17:27:36.0328 1152  Page size: 0x1000
17:27:36.0328 1152  Boot type: Normal boot
17:27:36.0328 1152  ============================================================
17:27:37.0343 1152  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:27:37.0343 1152  Drive \Device\Harddisk1\DR2 - Size: 0xEEF00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:27:37.0343 1152  Drive \Device\Harddisk2\DR3 - Size: 0x3C400000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:27:37.0359 1152  Drive \Device\Harddisk7\DR14 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:27:37.0359 1152  Drive \Device\Harddisk8\DR15 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:27:37.0703 1152  ============================================================
17:27:37.0703 1152  \Device\Harddisk0\DR0:
17:27:37.0703 1152  MBR partitions:
17:27:37.0703 1152  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
17:27:37.0703 1152  \Device\Harddisk1\DR2:
17:27:37.0703 1152  MBR partitions:
17:27:37.0703 1152  \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7777E0
17:27:37.0703 1152  \Device\Harddisk2\DR3:
17:27:37.0703 1152  MBR partitions:
17:27:37.0703 1152  \Device\Harddisk7\DR14:
17:27:37.0703 1152  MBR partitions:
17:27:37.0703 1152  \Device\Harddisk7\DR14\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7757E0
17:27:37.0703 1152  \Device\Harddisk8\DR15:
17:27:37.0703 1152  MBR partitions:
17:27:37.0703 1152  \Device\Harddisk8\DR15\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
17:27:37.0703 1152  ============================================================
17:27:37.0703 1152  C: <-> \Device\Harddisk0\DR0\Partition1
17:27:37.0765 1152  I: <-> \Device\Harddisk8\DR15\Partition1
17:27:37.0781 1152  ============================================================
17:27:37.0781 1152  Initialize success
17:27:37.0781 1152  ============================================================
17:32:08.0281 3312  ============================================================
17:32:08.0281 3312  Scan started
17:32:08.0281 3312  Mode: Manual; SigCheck; TDLFS; 
17:32:08.0281 3312  ============================================================
17:32:08.0796 3312  ================ Scan system memory ========================
17:32:08.0796 3312  System memory - ok
17:32:08.0796 3312  ================ Scan services =============================
17:32:08.0859 3312  Abiosdsk - ok
17:32:08.0859 3312  abp480n5 - ok
17:32:08.0906 3312  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:32:10.0296 3312  ACPI - ok
17:32:10.0312 3312  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
17:32:10.0453 3312  ACPIEC - ok
17:32:10.0546 3312  [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:32:10.0562 3312  AdobeFlashPlayerUpdateSvc - ok
17:32:10.0562 3312  adpu160m - ok
17:32:10.0609 3312  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
17:32:10.0718 3312  aec - ok
17:32:10.0750 3312  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
17:32:10.0781 3312  AFD - ok
17:32:10.0781 3312  Aha154x - ok
17:32:10.0796 3312  aic78u2 - ok
17:32:10.0796 3312  aic78xx - ok
17:32:10.0843 3312  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
17:32:10.0953 3312  Alerter - ok
17:32:10.0984 3312  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
17:32:11.0109 3312  ALG - ok
17:32:11.0109 3312  AliIde - ok
17:32:11.0140 3312  [ 58BE3C2F1AA041EA56F7305A6463035C ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:32:11.0171 3312  AmdK8 - ok
17:32:11.0187 3312  amsint - ok
17:32:11.0281 3312  [ 98A8B7D168D035FEFDEFA18F759115F6 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
17:32:11.0296 3312  AntiVirSchedulerService - ok
17:32:11.0296 3312  [ AAACAE485AE81D0A449FBC754880C791 ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:32:11.0312 3312  AntiVirService - ok
17:32:11.0359 3312  [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:32:11.0359 3312  Apple Mobile Device - ok
17:32:11.0406 3312  AppMgmt - ok
17:32:11.0421 3312  asc - ok
17:32:11.0421 3312  asc3350p - ok
17:32:11.0437 3312  asc3550 - ok
17:32:11.0500 3312  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:32:11.0500 3312  aspnet_state - ok
17:32:11.0531 3312  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:32:11.0640 3312  AsyncMac - ok
17:32:11.0671 3312  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
17:32:11.0765 3312  atapi - ok
17:32:11.0781 3312  Atdisk - ok
17:32:11.0812 3312  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:32:11.0921 3312  Atmarpc - ok
17:32:11.0953 3312  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
17:32:12.0062 3312  AudioSrv - ok
17:32:12.0078 3312  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
17:32:12.0203 3312  audstub - ok
17:32:12.0203 3312  [ 583B68234A159BA64090F3CAE7360F03 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:32:12.0406 3312  avgntflt - ok
17:32:12.0421 3312  [ C499333D8915597FE415F0058EFFD7D2 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:32:12.0437 3312  avipbb - ok
17:32:12.0453 3312  [ 52EC5F852B42136C513B9009A3C27891 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:32:12.0468 3312  avkmgr - ok
17:32:12.0484 3312  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:32:12.0609 3312  Beep - ok
17:32:12.0671 3312  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
17:32:12.0781 3312  BITS - ok
17:32:12.0843 3312  [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
17:32:12.0859 3312  Bonjour Service - ok
17:32:12.0906 3312  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
17:32:12.0953 3312  Browser - ok
17:32:12.0984 3312  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
17:32:13.0109 3312  cbidf2k - ok
17:32:13.0140 3312  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:32:13.0234 3312  CCDECODE - ok
17:32:13.0234 3312  cd20xrnt - ok
17:32:13.0250 3312  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
17:32:13.0359 3312  Cdaudio - ok
17:32:13.0375 3312  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
17:32:13.0484 3312  Cdfs - ok
17:32:13.0500 3312  [ 80AC946628DE5DEAB071474E30D7A071 ] cdrbsvsd        C:\WINDOWS\system32\drivers\cdrbsvsd.sys
17:32:13.0515 3312  cdrbsvsd ( UnsignedFile.Multi.Generic ) - warning
17:32:13.0515 3312  cdrbsvsd - detected UnsignedFile.Multi.Generic (1)
17:32:13.0515 3312  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:32:13.0625 3312  Cdrom - ok
17:32:13.0625 3312  Changer - ok
17:32:13.0687 3312  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
17:32:13.0796 3312  CiSvc - ok
17:32:13.0812 3312  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
17:32:13.0921 3312  ClipSrv - ok
17:32:13.0968 3312  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:32:13.0984 3312  clr_optimization_v2.0.50727_32 - ok
17:32:13.0984 3312  CmdIde - ok
17:32:14.0015 3312  COMSysApp - ok
17:32:14.0031 3312  Cpqarray - ok
17:32:14.0078 3312  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
17:32:14.0171 3312  CryptSvc - ok
17:32:14.0171 3312  dac2w2k - ok
17:32:14.0187 3312  dac960nt - ok
17:32:14.0234 3312  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:32:14.0296 3312  DcomLaunch - ok
17:32:14.0328 3312  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
17:32:14.0421 3312  Dhcp - ok
17:32:14.0453 3312  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
17:32:14.0546 3312  Disk - ok
17:32:14.0578 3312  dmadmin - ok
17:32:14.0656 3312  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
17:32:14.0812 3312  dmboot - ok
17:32:14.0828 3312  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
17:32:14.0937 3312  dmio - ok
17:32:14.0968 3312  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
17:32:15.0078 3312  dmload - ok
17:32:15.0125 3312  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
17:32:15.0218 3312  dmserver - ok
17:32:15.0250 3312  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
17:32:15.0343 3312  DMusic - ok
17:32:15.0375 3312  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:32:15.0453 3312  Dnscache - ok
17:32:15.0546 3312  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:32:15.0656 3312  Dot3svc - ok
17:32:15.0656 3312  dpti2o - ok
17:32:15.0671 3312  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:32:15.0765 3312  drmkaud - ok
17:32:15.0812 3312  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
17:32:15.0921 3312  EapHost - ok
17:32:15.0953 3312  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
17:32:16.0046 3312  ERSvc - ok
17:32:16.0093 3312  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
17:32:16.0125 3312  Eventlog - ok
17:32:16.0156 3312  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
17:32:16.0171 3312  EventSystem - ok
17:32:16.0203 3312  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
17:32:16.0312 3312  Fastfat - ok
17:32:16.0343 3312  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:32:16.0359 3312  FastUserSwitchingCompatibility - ok
17:32:16.0390 3312  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
17:32:16.0484 3312  Fdc - ok
17:32:16.0500 3312  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
17:32:16.0593 3312  Fips - ok
17:32:16.0593 3312  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:32:16.0687 3312  Flpydisk - ok
17:32:16.0703 3312  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
17:32:16.0812 3312  FltMgr - ok
17:32:16.0890 3312  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:32:16.0890 3312  FontCache3.0.0.0 - ok
17:32:16.0906 3312  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:32:17.0015 3312  Fs_Rec - ok
17:32:17.0031 3312  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:32:17.0156 3312  Ftdisk - ok
17:32:17.0171 3312  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:32:17.0171 3312  GEARAspiWDM - ok
17:32:17.0187 3312  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:32:17.0281 3312  Gpc - ok
17:32:17.0281 3312  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:32:17.0375 3312  HDAudBus - ok
17:32:17.0421 3312  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:32:17.0515 3312  helpsvc - ok
17:32:17.0546 3312  HidServ - ok
17:32:17.0609 3312  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
17:32:17.0687 3312  hkmsvc - ok
17:32:17.0703 3312  hpn - ok
17:32:17.0750 3312  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
17:32:17.0781 3312  HTTP - ok
17:32:17.0828 3312  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
17:32:17.0937 3312  HTTPFilter - ok
17:32:17.0937 3312  i2omgmt - ok
17:32:17.0953 3312  i2omp - ok
17:32:17.0968 3312  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:32:18.0062 3312  i8042prt - ok
17:32:18.0125 3312  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:32:18.0156 3312  idsvc - ok
17:32:18.0203 3312  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
17:32:18.0281 3312  Imapi - ok
17:32:18.0343 3312  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
17:32:18.0437 3312  ImapiService - ok
17:32:18.0437 3312  ini910u - ok
17:32:18.0640 3312  [ CDFD5A68A2E1CAA89C5C0E0B3CB98731 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:32:18.0781 3312  IntcAzAudAddService - ok
17:32:18.0875 3312  IntelIde - ok
17:32:18.0906 3312  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
17:32:19.0015 3312  Ip6Fw - ok
17:32:19.0046 3312  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:32:19.0171 3312  IpFilterDriver - ok
17:32:19.0187 3312  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:32:19.0296 3312  IpInIp - ok
17:32:19.0328 3312  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:32:19.0437 3312  IpNat - ok
17:32:19.0546 3312  [ 0CA8C2E721617AA2F923A8151C96FB33 ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
17:32:19.0578 3312  iPod Service - ok
17:32:19.0609 3312  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:32:19.0703 3312  IPSec - ok
17:32:19.0718 3312  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
17:32:19.0812 3312  IRENUM - ok
17:32:19.0843 3312  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:32:19.0937 3312  isapnp - ok
17:32:20.0046 3312  [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
17:32:20.0046 3312  JavaQuickStarterService - ok
17:32:20.0062 3312  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:32:20.0156 3312  Kbdclass - ok
17:32:20.0203 3312  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
17:32:20.0296 3312  kmixer - ok
17:32:20.0312 3312  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
17:32:20.0359 3312  KSecDD - ok
17:32:20.0390 3312  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
17:32:20.0421 3312  lanmanserver - ok
17:32:20.0468 3312  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:32:20.0500 3312  lanmanworkstation - ok
17:32:20.0515 3312  lbrtfdc - ok
17:32:20.0562 3312  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
17:32:20.0656 3312  LmHosts - ok
17:32:20.0671 3312  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
17:32:20.0687 3312  MBAMProtector - ok
17:32:20.0718 3312  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:32:20.0734 3312  MBAMScheduler - ok
17:32:20.0796 3312  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
17:32:20.0812 3312  MBAMService - ok
17:32:20.0921 3312  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
17:32:20.0937 3312  MDM - ok
17:32:20.0953 3312  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
17:32:21.0062 3312  Messenger - ok
17:32:21.0156 3312  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
17:32:21.0156 3312  Microsoft Office Groove Audit Service - ok
17:32:21.0171 3312  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
17:32:21.0281 3312  mnmdd - ok
17:32:21.0328 3312  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
17:32:21.0421 3312  mnmsrvc - ok
17:32:21.0468 3312  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
17:32:21.0578 3312  Modem - ok
17:32:21.0593 3312  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:32:21.0687 3312  Mouclass - ok
17:32:21.0703 3312  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
17:32:21.0796 3312  MountMgr - ok
17:32:21.0843 3312  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:32:21.0859 3312  MozillaMaintenance - ok
17:32:21.0875 3312  mraid35x - ok
17:32:21.0890 3312  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:32:21.0968 3312  MRxDAV - ok
17:32:22.0015 3312  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:32:22.0062 3312  MRxSmb - ok
17:32:22.0125 3312  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
17:32:22.0218 3312  MSDTC - ok
17:32:22.0234 3312  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:32:22.0312 3312  Msfs - ok
17:32:22.0375 3312  MSIServer - ok
17:32:22.0390 3312  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:32:22.0468 3312  MSKSSRV - ok
17:32:22.0500 3312  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:32:22.0609 3312  MSPCLOCK - ok
17:32:22.0640 3312  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:32:22.0750 3312  MSPQM - ok
17:32:22.0750 3312  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:32:22.0843 3312  mssmbios - ok
17:32:22.0875 3312  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
17:32:22.0984 3312  MSTEE - ok
17:32:23.0000 3312  [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:32:23.0031 3312  MTsensor - ok
17:32:23.0046 3312  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
17:32:23.0078 3312  Mup - ok
17:32:23.0093 3312  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:32:23.0203 3312  NABTSFEC - ok
17:32:23.0265 3312  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
17:32:23.0375 3312  napagent - ok
17:32:23.0390 3312  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
17:32:23.0500 3312  NDIS - ok
17:32:23.0531 3312  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:32:23.0609 3312  NdisIP - ok
17:32:23.0640 3312  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:32:23.0671 3312  NdisTapi - ok
17:32:23.0703 3312  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:32:23.0796 3312  Ndisuio - ok
17:32:23.0812 3312  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:32:23.0906 3312  NdisWan - ok
17:32:23.0921 3312  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:32:23.0953 3312  NDProxy - ok
17:32:23.0968 3312  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:32:24.0062 3312  NetBIOS - ok
17:32:24.0078 3312  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:32:24.0171 3312  NetBT - ok
17:32:24.0218 3312  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
17:32:24.0312 3312  NetDDE - ok
17:32:24.0328 3312  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
17:32:24.0406 3312  NetDDEdsdm - ok
17:32:24.0453 3312  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:32:24.0546 3312  Netlogon - ok
17:32:24.0578 3312  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
17:32:24.0671 3312  Netman - ok
17:32:24.0765 3312  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:32:24.0781 3312  NetTcpPortSharing - ok
17:32:24.0828 3312  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
17:32:24.0859 3312  Nla - ok
17:32:24.0875 3312  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:32:24.0968 3312  Npfs - ok
17:32:24.0984 3312  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:32:25.0093 3312  Ntfs - ok
17:32:25.0109 3312  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
17:32:25.0187 3312  NtLmSsp - ok
17:32:25.0281 3312  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
17:32:25.0406 3312  NtmsSvc - ok
17:32:25.0421 3312  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:32:25.0531 3312  Null - ok
17:32:25.0828 3312  [ C190757A29A9BC0199032F353DD2557A ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:32:26.0093 3312  nv - ok
17:32:26.0171 3312  [ D875346596BD48D74AC9B9BE791B8D69 ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:32:26.0203 3312  NVENETFD - ok
17:32:26.0234 3312  [ F02C1C5E84C37667ECD3EEA5958449BC ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:32:26.0265 3312  nvnetbus - ok
17:32:26.0343 3312  [ 8D64B827A6709C3D18F855619D7D89E9 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
17:32:26.0359 3312  NVSvc - ok
17:32:26.0390 3312  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:32:26.0515 3312  NwlnkFlt - ok
17:32:26.0531 3312  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:32:26.0656 3312  NwlnkFwd - ok
17:32:26.0734 3312  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
17:32:26.0812 3312  odserv - ok
17:32:26.0843 3312  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
17:32:26.0859 3312  ose - ok
17:32:26.0890 3312  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
17:32:26.0968 3312  Parport - ok
17:32:26.0984 3312  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
17:32:27.0078 3312  PartMgr - ok
17:32:27.0093 3312  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
17:32:27.0218 3312  ParVdm - ok
17:32:27.0234 3312  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
17:32:27.0312 3312  PCI - ok
17:32:27.0328 3312  PCIDump - ok
17:32:27.0328 3312  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
17:32:27.0437 3312  PCIIde - ok
17:32:27.0484 3312  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
17:32:27.0578 3312  Pcmcia - ok
17:32:27.0578 3312  PDCOMP - ok
17:32:27.0593 3312  PDFRAME - ok
17:32:27.0593 3312  PDRELI - ok
17:32:27.0609 3312  PDRFRAME - ok
17:32:27.0609 3312  perc2 - ok
17:32:27.0625 3312  perc2hib - ok
17:32:27.0656 3312  [ 444F122E68DB44C0589227781F3C8B3F ] pfc             C:\WINDOWS\system32\drivers\pfc.sys
17:32:27.0656 3312  pfc ( UnsignedFile.Multi.Generic ) - warning
17:32:27.0656 3312  pfc - detected UnsignedFile.Multi.Generic (1)
17:32:27.0687 3312  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
17:32:27.0703 3312  PlugPlay - ok
17:32:27.0718 3312  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
17:32:27.0812 3312  PolicyAgent - ok
17:32:27.0812 3312  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:32:27.0906 3312  PptpMiniport - ok
17:32:27.0921 3312  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
17:32:28.0015 3312  Processor - ok
17:32:28.0031 3312  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:32:28.0109 3312  ProtectedStorage - ok
17:32:28.0125 3312  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
17:32:28.0218 3312  PSched - ok
17:32:28.0218 3312  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:32:28.0343 3312  Ptilink - ok
17:32:28.0343 3312  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:32:28.0359 3312  PxHelp20 - ok
17:32:28.0359 3312  ql1080 - ok
17:32:28.0375 3312  Ql10wnt - ok
17:32:28.0375 3312  ql12160 - ok
17:32:28.0390 3312  ql1240 - ok
17:32:28.0390 3312  ql1280 - ok
17:32:28.0406 3312  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:32:28.0515 3312  RasAcd - ok
17:32:28.0562 3312  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:32:28.0640 3312  RasAuto - ok
17:32:28.0671 3312  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:32:28.0750 3312  Rasl2tp - ok
17:32:28.0812 3312  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:32:28.0906 3312  RasMan - ok
17:32:28.0921 3312  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:32:29.0000 3312  RasPppoe - ok
17:32:29.0015 3312  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
17:32:29.0125 3312  Raspti - ok
17:32:29.0140 3312  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:32:29.0234 3312  Rdbss - ok
17:32:29.0234 3312  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:32:29.0359 3312  RDPCDD - ok
17:32:29.0406 3312  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
17:32:29.0453 3312  RDPWD - ok
17:32:29.0500 3312  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
17:32:29.0593 3312  RDSessMgr - ok
17:32:29.0609 3312  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
17:32:29.0703 3312  redbook - ok
17:32:29.0781 3312  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:32:29.0875 3312  RemoteAccess - ok
17:32:29.0906 3312  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
17:32:29.0984 3312  RpcLocator - ok
17:32:30.0015 3312  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
17:32:30.0078 3312  RpcSs - ok
17:32:30.0093 3312  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
17:32:30.0203 3312  RSVP - ok
17:32:30.0218 3312  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
17:32:30.0312 3312  SamSs - ok
17:32:30.0328 3312  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
17:32:30.0421 3312  SCardSvr - ok
17:32:30.0468 3312  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:32:30.0562 3312  Schedule - ok
17:32:30.0593 3312  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:32:30.0671 3312  Secdrv - ok
17:32:30.0750 3312  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
17:32:30.0828 3312  seclogon - ok
17:32:30.0859 3312  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
17:32:30.0953 3312  SENS - ok
17:32:30.0968 3312  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
17:32:31.0062 3312  serenum - ok
17:32:31.0078 3312  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
17:32:31.0156 3312  Serial - ok
17:32:31.0171 3312  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
17:32:31.0265 3312  Sfloppy - ok
17:32:31.0328 3312  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:32:31.0421 3312  SharedAccess - ok
17:32:31.0453 3312  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:32:31.0468 3312  ShellHWDetection - ok
17:32:31.0468 3312  Simbad - ok
17:32:31.0687 3312  [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:32:31.0796 3312  Skype C2C Service - ok
17:32:31.0906 3312  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Programme\Skype\Updater\Updater.exe
17:32:31.0921 3312  SkypeUpdate - ok
17:32:31.0984 3312  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:32:32.0093 3312  SLIP - ok
17:32:32.0093 3312  Sparrow - ok
17:32:32.0125 3312  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
17:32:32.0218 3312  splitter - ok
17:32:32.0265 3312  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
17:32:32.0296 3312  Spooler - ok
17:32:32.0312 3312  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
17:32:32.0421 3312  sr - ok
17:32:32.0468 3312  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
17:32:32.0578 3312  srservice - ok
17:32:32.0593 3312  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:32:32.0656 3312  Srv - ok
17:32:32.0703 3312  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:32:32.0796 3312  SSDPSRV - ok
17:32:32.0812 3312  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:32:32.0828 3312  ssmdrv - ok
17:32:32.0890 3312  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
17:32:32.0984 3312  stisvc - ok
17:32:33.0000 3312  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:32:33.0093 3312  streamip - ok
17:32:33.0109 3312  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
17:32:33.0203 3312  swenum - ok
17:32:33.0218 3312  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
17:32:33.0312 3312  swmidi - ok
17:32:33.0359 3312  SwPrv - ok
17:32:33.0375 3312  symc810 - ok
17:32:33.0390 3312  symc8xx - ok
17:32:33.0390 3312  sym_hi - ok
17:32:33.0390 3312  sym_u3 - ok
17:32:33.0421 3312  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
17:32:33.0515 3312  sysaudio - ok
17:32:33.0562 3312  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
17:32:33.0656 3312  SysmonLog - ok
17:32:33.0703 3312  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:32:33.0796 3312  TapiSrv - ok
17:32:33.0828 3312  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:32:33.0859 3312  Tcpip - ok
17:32:33.0890 3312  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
17:32:33.0968 3312  TDPIPE - ok
17:32:33.0984 3312  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
17:32:34.0093 3312  TDTCP - ok
17:32:34.0109 3312  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
17:32:34.0187 3312  TermDD - ok
17:32:34.0250 3312  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
17:32:34.0359 3312  TermService - ok
17:32:34.0406 3312  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
17:32:34.0421 3312  Themes - ok
17:32:34.0421 3312  TosIde - ok
17:32:34.0484 3312  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
17:32:34.0562 3312  TrkWks - ok
17:32:34.0609 3312  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
17:32:34.0703 3312  Udfs - ok
17:32:34.0703 3312  ultra - ok
17:32:34.0734 3312  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
17:32:34.0828 3312  Update - ok
17:32:34.0875 3312  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:32:34.0968 3312  upnphost - ok
17:32:35.0031 3312  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
17:32:35.0125 3312  UPS - ok
17:32:35.0156 3312  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:32:35.0250 3312  usbccgp - ok
17:32:35.0265 3312  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:32:35.0343 3312  usbehci - ok
17:32:35.0359 3312  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:32:35.0437 3312  usbhub - ok
17:32:35.0453 3312  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:32:35.0546 3312  usbohci - ok
17:32:35.0562 3312  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:32:35.0656 3312  usbprint - ok
17:32:35.0656 3312  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:32:35.0734 3312  usbscan - ok
17:32:35.0765 3312  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:32:35.0859 3312  USBSTOR - ok
17:32:35.0875 3312  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
17:32:35.0968 3312  VgaSave - ok
17:32:35.0968 3312  ViaIde - ok
17:32:35.0984 3312  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
17:32:36.0078 3312  VolSnap - ok
17:32:36.0140 3312  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
17:32:36.0234 3312  VSS - ok
17:32:36.0265 3312  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
17:32:36.0359 3312  W32Time - ok
17:32:36.0375 3312  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:32:36.0453 3312  Wanarp - ok
17:32:36.0468 3312  WDICA - ok
17:32:36.0484 3312  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
17:32:36.0562 3312  wdmaud - ok
17:32:36.0593 3312  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:32:36.0687 3312  WebClient - ok
17:32:36.0734 3312  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:32:36.0828 3312  winmgmt - ok
17:32:36.0921 3312  [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc      C:\Programme\Windows Live\installer\WLSetupSvc.exe
17:32:36.0953 3312  WLSetupSvc - ok
17:32:37.0000 3312  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
17:32:37.0015 3312  WmdmPmSN - ok
17:32:37.0046 3312  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:32:37.0125 3312  WmiAcpi - ok
17:32:37.0171 3312  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:32:37.0265 3312  WmiApSrv - ok
17:32:37.0359 3312  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
17:32:37.0421 3312  WMPNetworkSvc - ok
17:32:37.0484 3312  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
17:32:37.0578 3312  wscsvc - ok
17:32:37.0593 3312  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:32:37.0703 3312  WSTCODEC - ok
17:32:37.0765 3312  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
17:32:37.0859 3312  wuauserv - ok
17:32:37.0890 3312  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:32:37.0921 3312  WudfPf - ok
17:32:37.0937 3312  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:32:37.0968 3312  WudfRd - ok
17:32:38.0000 3312  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
17:32:38.0031 3312  WudfSvc - ok
17:32:38.0093 3312  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
17:32:38.0234 3312  WZCSVC - ok
17:32:38.0281 3312  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
17:32:38.0390 3312  xmlprov - ok
17:32:38.0437 3312  [ 7481637A50A0468CF46C719672BC7EAA ] ZSMC301b        C:\WINDOWS\system32\Drivers\usbVM31b.sys
17:32:38.0468 3312  ZSMC301b - ok
17:32:38.0468 3312  ================ Scan global ===============================
17:32:38.0562 3312  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:32:38.0609 3312  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:32:38.0656 3312  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:32:38.0671 3312  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:32:38.0687 3312  [Global] - ok
17:32:38.0687 3312  ================ Scan MBR ==================================
17:32:38.0687 3312  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:32:38.0937 3312  \Device\Harddisk0\DR0 - ok
17:32:38.0937 3312  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
17:32:39.0296 3312  \Device\Harddisk1\DR2 - ok
17:32:39.0312 3312  [ 1BC352326C6E3A3D5B74CD6270878046 ] \Device\Harddisk2\DR3
17:34:33.0187 3312  \Device\Harddisk2\DR3 - ok
17:34:33.0187 3312  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk7\DR14
17:34:33.0515 3312  \Device\Harddisk7\DR14 - ok
17:34:33.0531 3312  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk8\DR15
17:34:34.0062 3312  \Device\Harddisk8\DR15 - ok
17:34:34.0062 3312  ================ Scan VBR ==================================
17:34:34.0062 3312  [ 8809B53C00113EE41CBA59E864E2D959 ] \Device\Harddisk0\DR0\Partition1
17:34:34.0062 3312  \Device\Harddisk0\DR0\Partition1 - ok
17:34:34.0062 3312  [ E692ECCBE3986F5DA2352DF19BE85D37 ] \Device\Harddisk1\DR2\Partition1
17:34:34.0062 3312  \Device\Harddisk1\DR2\Partition1 - ok
17:34:34.0078 3312  [ 30F613419E2A678A9F401460E78C41A6 ] \Device\Harddisk7\DR14\Partition1
17:34:34.0078 3312  \Device\Harddisk7\DR14\Partition1 - ok
17:34:34.0078 3312  [ B486A17BAFF8BFBCD9843EC83F157E58 ] \Device\Harddisk8\DR15\Partition1
17:34:34.0078 3312  \Device\Harddisk8\DR15\Partition1 - ok
17:34:34.0078 3312  ============================================================
17:34:34.0078 3312  Scan finished
17:34:34.0078 3312  ============================================================
17:34:34.0187 3324  Detected object count: 2
17:34:34.0187 3324  Actual detected object count: 2
17:35:06.0421 3324  cdrbsvsd ( UnsignedFile.Multi.Generic ) - skipped by user
17:35:06.0421 3324  cdrbsvsd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:35:06.0437 3324  pfc ( UnsignedFile.Multi.Generic ) - skipped by user
17:35:06.0437 3324  pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 04.10.2012, 19:13

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

raethkey · 04.10.2012, 20:36

Hi Cosinus!

Ich habe alles befolgt, wie Du es geschrieben hast. Nachdem ComboFix fertig war, war nur noch das Fenster und mein Hintergrundbild da. Keine Startleiste mehr, nichts mehr auf dem Desktop (keine Icons). Daraufhin hab ich den Rechner runtergefahren und wieder hoch. Jetzt finde ich die txt.Datei aber nicht mehr, trotz Suche auf ganz C: ..

Wie finde ich die wieder?

LG, ANDY

cosinus · 05.10.2012, 11:14

Lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

raethkey · 05.10.2012, 15:01

Hi Cosinus!

Ich glaube combofix funktioniert bei mir irgendwie nicht richtig.. das einzige was ich bekomme ist das hier:

Autoscan:

Suche nach infizierten Dateien:
Dies dauert in der Regel nicht länger als 10 Min, bei stark infizierten Rechnern kann sich die Zeit leicht verdoppeln..

Fertiggestellt Stufe_1
.
.
.
Fertiggestellt Stufe_50

Lösche Ordner
C:\Dokumente und Einstellungen\Mumsi\4.0
_ (Cursor blinkt und es passiert nichts mehr, habe eine halbe Stunde gewartet)
Das wars.. habe eine Screenshot gemacht, kann ihn Dir aber leider nicht schicken, da die Dateigröße mit 42,7 KB zu groß ist um sie hochzuladen..

Ich bin ein wenig am Verzweifeln.. Was soll ich tun? Mache ich etwas falsch?

Ich habe alle Programme beendet, selbst die Windows Firewall und weder eine Taste noch die Maus berührt..

Irgendwelche Ideen oder Alternativen?

Viele Grüße,

ANDY

cosinus · 05.10.2012, 15:05

Lassen wir CF einfach sein

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

raethkey · 05.10.2012, 16:21

ok, hab ich erledigt - hier die Ergebnisse:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-05 16:41:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD5000AAJS-00YFA0 rev.12.01C02
Running: Gmer.exe; Driver: C:\DOKUME~1\Mumsi\LOKALE~1\Temp\fgtdapow.sys


---- System - GMER 1.0.15 ----

SSDT            B952AC84                                                                                                                                     ZwClose
SSDT            B952AC3E                                                                                                                                     ZwCreateKey
SSDT            B952AC8E                                                                                                                                     ZwCreateSection
SSDT            B952AC34                                                                                                                                     ZwCreateThread
SSDT            B952AC43                                                                                                                                     ZwDeleteKey
SSDT            B952AC4D                                                                                                                                     ZwDeleteValueKey
SSDT            B952AC7F                                                                                                                                     ZwDuplicateObject
SSDT            B952AC52                                                                                                                                     ZwLoadKey
SSDT            B952AC20                                                                                                                                     ZwOpenProcess
SSDT            B952AC25                                                                                                                                     ZwOpenThread
SSDT            B952ACA7                                                                                                                                     ZwQueryValueKey
SSDT            B952AC5C                                                                                                                                     ZwReplaceKey
SSDT            B952AC98                                                                                                                                     ZwRequestWaitReplyPort
SSDT            B952AC57                                                                                                                                     ZwRestoreKey
SSDT            B952AC93                                                                                                                                     ZwSetContextThread
SSDT            B952AC9D                                                                                                                                     ZwSetSecurityObject
SSDT            B952AC48                                                                                                                                     ZwSetValueKey
SSDT            B952ACA2                                                                                                                                     ZwSystemDebugControl
SSDT            B952AC2F                                                                                                                                     ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                     section is writeable [0xB9645360, 0x307F47, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                     fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout                                                           15
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota                                                              10000
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                                                                            yes
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk                                                                           
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout                                                           90
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota                                                             10000
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs                                                                   1
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A@BaseClass                                                             Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C@BaseClass                                                             Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D@BaseClass                                                             Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E@BaseClass                                                             Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F@BaseClass                                                             Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G@BaseClass                                                             Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H@BaseClass                                                             Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I@BaseClass                                                             Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J@BaseClass                                                             Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ac8f64-a99e-11dc-af9b-806d6172696f}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ac8f64-a99e-11dc-af9b-806d6172696f}\_Autorun                         
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ac8f64-a99e-11dc-af9b-806d6172696f}\_Autorun\DefaultIcon             
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ac8f64-a99e-11dc-af9b-806d6172696f}\_Autorun\DefaultIcon@            D:\setup.exe,0
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ac8f65-a99e-11dc-af9b-001d60a1552b}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ac8f66-a99e-11dc-af9b-001d60a1552b}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ac8f67-a99e-11dc-af9b-001d60a1552b}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ac8f68-a99e-11dc-af9b-001d60a1552b}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{059a4764-b549-11e1-a6a3-001d60a1552b}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{059a4764-b549-11e1-a6a3-001d60a1552b}\shell                            
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{059a4764-b549-11e1-a6a3-001d60a1552b}\shell@                           None
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{059a4764-b549-11e1-a6a3-001d60a1552b}\shell\Autoplay                   
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{059a4764-b549-11e1-a6a3-001d60a1552b}\shell\Autoplay@MUIVerb           @shell32.dll,-8504
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{059a4764-b549-11e1-a6a3-001d60a1552b}\shell\Autoplay\DropTarget        
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{059a4764-b549-11e1-a6a3-001d60a1552b}\shell\Autoplay\DropTarget@CLSID  {f26a669a-bcbb-4e37-abf9-7325da15f931}
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d463ccc-b8d0-11dc-a096-001d60a1552b}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d463ccc-b8d0-11dc-a096-001d60a1552b}\shell                            
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d463ccc-b8d0-11dc-a096-001d60a1552b}\shell@                           None
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d463ccc-b8d0-11dc-a096-001d60a1552b}\shell\Autoplay                   
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d463ccc-b8d0-11dc-a096-001d60a1552b}\shell\Autoplay@MUIVerb           @shell32.dll,-8504
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d463ccc-b8d0-11dc-a096-001d60a1552b}\shell\Autoplay\DropTarget        
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d463ccc-b8d0-11dc-a096-001d60a1552b}\shell\Autoplay\DropTarget@CLSID  {f26a669a-bcbb-4e37-abf9-7325da15f931}
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b8287d6-08d9-11de-a1ff-001d60a1552b}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\Autoplay\DropTarget@CLSID  {f26a669a-bcbb-4e37-abf9-7325da15f931}
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\AutoRun@                   Auto&Play
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\AutoRun\command            
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\AutoRun\command@           C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\Open(&0)\command           
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\Open(&0)\command@          Recycled\ctfmon.exe
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e03e450-f719-11de-a365-001d60a1552b}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b96ecbe-0334-11dd-a0d4-001d60a1552b}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b96ecbe-0334-11dd-a0d4-001d60a1552b}\shell                            
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b96ecbe-0334-11dd-a0d4-001d60a1552b}\shell@                           None
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b96ecbe-0334-11dd-a0d4-001d60a1552b}\shell\Autoplay                   
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b96ecbe-0334-11dd-a0d4-001d60a1552b}\shell\Autoplay@MUIVerb           @shell32.dll,-8504
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b96ecbe-0334-11dd-a0d4-001d60a1552b}\shell\Autoplay\DropTarget        
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b96ecbe-0334-11dd-a0d4-001d60a1552b}\shell\Autoplay\DropTarget@CLSID  {f26a669a-bcbb-4e37-abf9-7325da15f931}
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99b979ce-b7b0-11dc-a091-001d60a1552b}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99b979ce-b7b0-11dc-a091-001d60a1552b}\shell                            
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99b979ce-b7b0-11dc-a091-001d60a1552b}\shell@                           None
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99b979ce-b7b0-11dc-a091-001d60a1552b}\shell\Autoplay                   
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99b979ce-b7b0-11dc-a091-001d60a1552b}\shell\Autoplay@MUIVerb           @shell32.dll,-8504
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99b979ce-b7b0-11dc-a091-001d60a1552b}\shell\Autoplay\DropTarget        
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99b979ce-b7b0-11dc-a091-001d60a1552b}\shell\Autoplay\DropTarget@CLSID  {f26a669a-bcbb-4e37-abf9-7325da15f931}
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ae83da4-8ea1-11dc-8a01-001d6080fcb8}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ae83da4-8ea1-11dc-8a01-001d6080fcb8}@_CommentFromDesktopINI           
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ae83da4-8ea1-11dc-8a01-001d6080fcb8}\shell                            
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ae83da4-8ea1-11dc-8a01-001d6080fcb8}\shell@                           None
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ae83da4-8ea1-11dc-8a01-001d6080fcb8}\shell\Autoplay                   
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ae83da4-8ea1-11dc-8a01-001d6080fcb8}\shell\Autoplay@MUIVerb           @shell32.dll,-8504
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ae83da4-8ea1-11dc-8a01-001d6080fcb8}\shell\Autoplay\DropTarget        
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ae83da4-8ea1-11dc-8a01-001d6080fcb8}\shell\Autoplay\DropTarget@CLSID  {f26a669a-bcbb-4e37-abf9-7325da15f931}
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ae83da5-8ea1-11dc-8a01-001d6080fcb8}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ae83da6-8ea1-11dc-8a01-001d6080fcb8}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ae83da7-8ea1-11dc-8a01-001d6080fcb8}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ae83da8-8ea1-11dc-8a01-001d6080fcb8}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac646ae9-78cf-11e0-a507-001d60a1552b}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac646ae9-78cf-11e0-a507-001d60a1552b}\shell                            
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac646ae9-78cf-11e0-a507-001d60a1552b}\shell@                           None
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac646ae9-78cf-11e0-a507-001d60a1552b}\shell\Autoplay                   
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac646ae9-78cf-11e0-a507-001d60a1552b}\shell\Autoplay@MUIVerb           @shell32.dll,-8504
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac646ae9-78cf-11e0-a507-001d60a1552b}\shell\Autoplay\DropTarget        
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac646ae9-78cf-11e0-a507-001d60a1552b}\shell\Autoplay\DropTarget@CLSID  {f26a669a-bcbb-4e37-abf9-7325da15f931}
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5de27fa-b97a-11dc-a09b-001d60a1552b}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5de27fa-b97a-11dc-a09b-001d60a1552b}\shell                            
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5de27fa-b97a-11dc-a09b-001d60a1552b}\shell@                           None
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5de27fa-b97a-11dc-a09b-001d60a1552b}\shell\Autoplay                   
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5de27fa-b97a-11dc-a09b-001d60a1552b}\shell\Autoplay@MUIVerb           @shell32.dll,-8504
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5de27fa-b97a-11dc-a09b-001d60a1552b}\shell\Autoplay\DropTarget        
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5de27fa-b97a-11dc-a09b-001d60a1552b}\shell\Autoplay\DropTarget@CLSID  {f26a669a-bcbb-4e37-abf9-7325da15f931}
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4472024-9088-11e0-a537-001d60a1552b}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4472024-9088-11e0-a537-001d60a1552b}\shell                            
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4472024-9088-11e0-a537-001d60a1552b}\shell@                           None
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4472024-9088-11e0-a537-001d60a1552b}\shell\Autoplay                   
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4472024-9088-11e0-a537-001d60a1552b}\shell\Autoplay@MUIVerb           @shell32.dll,-8504
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4472024-9088-11e0-a537-001d60a1552b}\shell\Autoplay\DropTarget        
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4472024-9088-11e0-a537-001d60a1552b}\shell\Autoplay\DropTarget@CLSID  {f26a669a-bcbb-4e37-abf9-7325da15f931}
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6a8d290-17d1-11de-a21d-001d60a1552b}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6a8d290-17d1-11de-a21d-001d60a1552b}\shell                            
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6a8d290-17d1-11de-a21d-001d60a1552b}\shell@                           None
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6a8d290-17d1-11de-a21d-001d60a1552b}\shell\Autoplay                   
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6a8d290-17d1-11de-a21d-001d60a1552b}\shell\Autoplay@MUIVerb           @shell32.dll,-8504
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6a8d290-17d1-11de-a21d-001d60a1552b}\shell\Autoplay\DropTarget        
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6a8d290-17d1-11de-a21d-001d60a1552b}\shell\Autoplay\DropTarget@CLSID  {f26a669a-bcbb-4e37-abf9-7325da15f931}
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf328e90-8ea4-11dc-8079-806d6172696f}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf328e91-8ea4-11dc-8079-806d6172696f}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf328e91-8ea4-11dc-8079-806d6172696f}\_Autorun                         
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf328e91-8ea4-11dc-8079-806d6172696f}\_Autorun\DefaultIcon             
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf328e91-8ea4-11dc-8079-806d6172696f}\_Autorun\DefaultIcon@            D:\CyberLink.ico,0
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf328e92-8ea4-11dc-8079-806d6172696f}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3a301c8-b6f7-11dc-a08d-806d6172696f}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3a301c9-b6f7-11dc-a08d-806d6172696f}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3a301c9-b6f7-11dc-a08d-806d6172696f}\_Autorun                         
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3a301c9-b6f7-11dc-a08d-806d6172696f}\_Autorun\DefaultIcon             
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3a301c9-b6f7-11dc-a08d-806d6172696f}\_Autorun\DefaultIcon@            D:\SETUP.EXE,0
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3a301ca-b6f7-11dc-a08d-806d6172696f}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3a301cb-b6f7-11dc-a08d-806d6172696f}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3a301cc-b6f7-11dc-a08d-806d6172696f}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3a301cd-b6f7-11dc-a08d-806d6172696f}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d639da38-035f-11dd-a0d7-001d60a1552b}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de13dbbc-0cc6-11e2-a6f9-001d60a1552b}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed2ba7ac-e7db-11dc-b48b-806d6172696f}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9ea0b2a-f25e-11de-a350-001d60a1552b}@BaseClass                        Drive
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9ea0b2a-f25e-11de-a350-001d60a1552b}\shell                            
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9ea0b2a-f25e-11de-a350-001d60a1552b}\shell@                           None
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9ea0b2a-f25e-11de-a350-001d60a1552b}\shell\Autoplay                   
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9ea0b2a-f25e-11de-a350-001d60a1552b}\shell\Autoplay@MUIVerb           @shell32.dll,-8504
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9ea0b2a-f25e-11de-a350-001d60a1552b}\shell\Autoplay\DropTarget        
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9ea0b2a-f25e-11de-a350-001d60a1552b}\shell\Autoplay\DropTarget@CLSID  {f26a669a-bcbb-4e37-abf9-7325da15f931}
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffc30ac6-3c7e-11e1-a619-001d60a1552b}@BaseClass                        Drive

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:57:31 on 05.10.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"JAVACPL.CPL" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\JAVACPL.CPL
"NVCPL.CPL" - "NVIDIA Corporation" - C:\WINDOWS\system32\NVCPL.CPL
"NVTUICPL.CPL" - "NVIDIA Corporation" - C:\WINDOWS\system32\NVTUICPL.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira Operations GmbH & Co. KG" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira Operations GmbH & Co. KG" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira Operations GmbH & Co. KG" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Mumsi\LOKALE~1\Temp\catchme.sys  (File not found)
"cdrbsvsd" (cdrbsvsd) - "B.H.A Corporation" - C:\WINDOWS\system32\drivers\cdrbsvsd.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"fgtdapow" (fgtdapow) - ? - C:\DOKUME~1\Mumsi\LOKALE~1\Temp\fgtdapow.sys  (Hidden registry entry, rootkit activity | File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Yahoo! Companion" - "Yahoo! Inc." - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Yahoo! Companion" - "Yahoo! Inc." - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DESKTOP.INI
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
"TrayMin315.exe.lnk" - ? - C:\Programme\Philips\Philips SPC315NC Webcam\TrayMin315.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\Mumsi\Startmenü\Programme\Autostart\DESKTOP.INI
"Picture Motion Browser Medien-Prüfung.lnk" - "Sony Corporation" - C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe  (Shortcut exists | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"GrooveMonitor" - "Microsoft Corporation" - "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"mmtask" - ? - c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe  (File not found)
"NeroCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"OpwareSE4" - "ScanSoft, Inc." - "C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"RemoteControl" - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"pdfcmon" - "pdfforge GbR" - C:\WINDOWS\system32\pdfcmon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira Echtzeit-Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Programme\Skype\Updater\Updater.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

Code:

ATTFilter

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-05 16:58:48
-----------------------------
16:58:48.781    OS Version: Windows 5.1.2600 Service Pack 3
16:58:48.781    Number of processors: 2 586 0x6B02
16:58:48.781    ComputerName: LIZZY  UserName: Mumsi
16:58:50.515    Initialize success
16:59:36.468    AVAST engine defs: 12100501
16:59:54.484    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
16:59:54.484    Disk 0 Vendor: WDC_WD5000AAJS-00YFA0 12.01C02 Size: 476940MB BusType: 3
16:59:54.500    Disk 0 MBR read successfully
16:59:54.500    Disk 0 MBR scan
16:59:54.531    Disk 0 Windows XP default MBR code
16:59:54.531    Disk 0 Partition 1 80 (A) 0C    FAT32 LBA            476937 MB offset 63
16:59:54.562    Disk 0 scanning sectors +976768065
16:59:54.609    Disk 0 scanning C:\WINDOWS\system32\drivers
17:00:03.609    Service scanning
17:00:14.062    Modules scanning
17:00:15.796    Disk 0 trace - called modules:
17:00:15.812    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
17:00:15.812    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae14ab8]
17:00:15.812    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000062[0x8ae2bf18]
17:00:15.812    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8ae15d98]
17:00:17.421    AVAST engine scan C:\WINDOWS
17:00:35.578    AVAST engine scan C:\WINDOWS\system32
17:03:12.609    AVAST engine scan C:\WINDOWS\system32\drivers
17:03:31.296    AVAST engine scan C:\Dokumente und Einstellungen\Mumsi
17:13:37.609    AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:14:16.656    Scan finished successfully
17:16:38.984    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Mumsi\Desktop\MBR.dat"
17:16:38.984    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Mumsi\Desktop\aswMBR.txt"

cosinus · 05.10.2012, 18:11

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

AviraExploitsfunde:EXP/2011-3544.CZ.2; EXP/Java.Ternub.a.6; EXP/Java.Ternub.a.28 &Fund APPL/HideWindows.31232 in C:\Programme\MioNet\cmd.exe

Plagegeister aller Art und deren Bekämpfung: AviraExploitsfunde:EXP/2011-3544.CZ.2; EXP/Java.Ternub.a.6; EXP/Java.Ternub.a.28 &Fund APPL/HideWindows.31232 in C:\Programme\MioNet\cmd.exe