Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA Trojaner/Virus GVU Version 2.11

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.02.2013, 18:18   #1
schorsch0788
 
BKA Trojaner/Virus GVU Version 2.11 - Standard

BKA Trojaner/Virus GVU Version 2.11



Hallo,

ich habe mir gestern den BKA Trojaner GVU Version 2.11 eingefangen.
Ich habe schon versucht den Laptop im Abgesicherten Modus zu starten und hab bereits die Registry durchsucht, leider ohne Erfolg.

Habe heute auch schon mehrer Stunden mit verschiedenen Rescue CDs ausprobiert.
Ich habe mir eine OLTPE Bootcd angelegt und den Scanner durchlaufen lassen.

Ich wäre sehr dankbar wenn mir jemand helfen könnte.


Hier die Auswertung der beiden Logfiles:

Extra.txt

OTL Extras logfile created on: 2/13/2013 5:59:36 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,023.00 Mb Total Physical Memory | 729.00 Mb Available Physical Memory | 71.00% Memory free
907.00 Mb Paging File | 813.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1534 1534 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55.89 Gb Total Space | 10.37 Gb Free Space | 18.56% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\InterVideo\DVD5\WinDVD.exe" = C:\Programme\InterVideo\DVD5\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)
"C:\Programme\CoCreate\OSD_Modeling_12.1.6.4\binNT\SolidDesigner.exe" = C:\Programme\CoCreate\OSD_Modeling_12.1.6.4\binNT\SolidDesigner.exe:*:Enabled:OneSpace Designer
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*isabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*isabled:Sentinel Keys Server -- (SafeNet, Inc.)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service
"C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- ()
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager -- (SweetIM Technologies Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05B41EC7-1C7E-4B94-AD0B-B51273C4C616}" = GOelan
"{06CA7E0A-0E71-44CD-A32E-8F59704A360B}" = GOelan Solid Importer 2009
"{07E7EFE7-3D94-4D29-B83C-B81137199C1A}" = CoCreate OneSpace 3D Access 2007
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1103112B-513D-4DEF-96B4-9889774E0118}" = Creative Zen Touch
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2D026738-9CC6-4D24-A1B4-FFBA9D59C746}" = CoCreate 3D Access 2008 - 16.0.1.65
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35343FF7-939B-401A-87B3-FF90A5123D88}" = Microsoft XML Parser und SDK
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver
"{514405D1-B3DE-482F-90EC-29D9272F2424}" = CoCreate OneSpace Designer Modeling 2006
"{53480250-325A-41FE-9F60-1E3DEA1D2BD8}" = O&O CleverCache Professional Edition
"{5402BE47-9E53-463F-BC61-76AF0F91D8BB}" = CoCreate 3D Access 17.0
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A4A8570-F6A7-11D4-BAD8-000102A2E03A}" = Lexware Online Banking
"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{924FD767-4B99-47FC-9DB5-2F44E062E548}" = FireGL Control Panel
"{92746D91-8107-4481-A3C4-D36B22B720A4}" = CoCreate OneSpace Designer Drafting 12.01d
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B668CB7B-A9DF-43B6-8876-A373A8E1D438}" = HP Mobile Printing
"{B78DFC4B-B7B5-46A4-9231-D454737B1AC0}" = CoCreate OneSpace Designer Modeling 2005
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C5AEBFD6-3AF9-4784-81C2-F442C86AA096}" = FireGL driver for 3D Studio MAX/VIZ
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 C2
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E462A9AD-3376-4362-92CA-832E0F58C6CC}" = CoCreate License Server 14.0.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2545484-7B1C-484A-89B8-B0F8B38BC67F}" = O2Micro SmartCardBus Reader Windows Driver Installer
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6C0D92C-7EBC-4CEE-A0DD-BCE6ADB50E22}" = PARTcommunity 3D Web Viewer
"{FAE396F4-6684-4BAF-80B2-9B669C39540B}" = CoCreate OneSpace Designer Drafting 2006
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AFPL Ghostscript 8.13" = AFPL Ghostscript 8.13
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"AVMWLANCLI" = AVM FRITZ!WLAN
"Biet-O-Matic v2.12.7" = Biet-O-Matic v2.12.7
"Creative Jukebox Driver" = Creative Jukebox Driver
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GOelan" = GOelan V5
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageMagick 5.5.2 Q:16_is1" = ImageMagick 5.5.2 Q:16 Beta (November 10, 2002)
"InstallShield_{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver
"InterActual Player" = InterActual Player
"ISDN CAPI Port" = ISDN CAPI Port
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NortonLive" = NortonLive
"Notepad++" = Notepad++
"PMDeinstKey" = Production Milling V10.0
"PrintKey2000" = PrintKey2000
"QuickBooks 2002" = QuickBooks 2002
"ST6UNST #1" = BatchPlot
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative-Systeminformationen
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Engine" = Sony Ericsson Update Engine
"Videoload Manager" = Videoload Manager 1.0.1095
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

< End of report >



OTL.txt

OTL logfile created on: 2/13/2013 5:59:36 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,023.00 Mb Total Physical Memory | 729.00 Mb Available Physical Memory | 71.00% Memory free
907.00 Mb Paging File | 813.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1534 1534 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55.89 Gb Total Space | 10.37 Gb Free Space | 18.56% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (Automatisches LiveUpdate - Scheduler)
SRV - [2013/02/12 12:46:33 | 000,114,688 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Dokumente und Einstellungen\Administrator\3748115.dll -- (winmgmt)
SRV - [2013/02/08 11:09:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto] -- C:\Programme\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2012/02/15 14:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/01/18 07:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2007/04/27 01:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2007/04/26 19:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2006/12/27 18:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2006/03/01 09:26:40 | 006,410,240 | ---- | M] () [Auto] -- C:\Programme\CoCreate\MEls\MEls32.exe -- (MEls)
SRV - [2003/07/28 06:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/09/20 09:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/04/11 08:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) [Auto] -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe -- (OOCleverCache)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand] -- -- (SYMIDS)
DRV - File not found [Kernel | On_Demand] -- -- (SYMFW)
DRV - File not found [Kernel | On_Demand] -- -- (SipIMNDI)
DRV - File not found [Kernel | On_Demand] -- -- (SANDRA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2013/01/24 10:57:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130212.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/24 10:57:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/01/24 10:57:49 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130212.004\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/23 10:37:50 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130209.002\IDSxpx86.sys -- (IDSxpx86)
DRV - [2013/01/15 21:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/30 23:29:23 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/07 22:46:46 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/07/05 21:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\WINDOWS\System32\Drivers\N360\0604010.00E\SRTSP.SYS -- (SRTSP)
DRV - [2012/07/05 21:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2012/06/06 23:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ccSetx86.sys -- (ccSet_N360)
DRV - [2012/05/21 20:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA)
DRV - [2012/03/29 01:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\N360\0604010.00E\SYMTDI.SYS -- (SYMTDI)
DRV - [2012/03/29 01:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2012/03/29 01:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2012/03/29 01:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symds.sys -- (SymDS)
DRV - [2012/03/29 01:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\Ironx86.SYS -- (SymIRON)
DRV - [2008/10/21 03:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008/10/21 03:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008/10/21 03:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008/10/21 03:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008/10/21 03:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008/10/21 03:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008/10/21 03:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/01/09 06:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/12/10 08:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007/12/10 08:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007/12/10 08:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007/12/10 08:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007/12/10 08:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007/12/10 08:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007/12/10 08:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007/04/27 01:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2007/04/27 01:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006/12/27 18:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006/12/27 18:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2006/06/08 03:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/11/05 04:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/08/04 03:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 03:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/07/08 05:10:06 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/06/03 06:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2004/05/17 19:25:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004/04/14 01:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/23 21:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/12/02 17:57:02 | 000,641,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/09/18 19:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/08/04 21:00:10 | 000,322,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (WLAN_400_500_SERVICE)
DRV - [2003/07/28 19:49:00 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2003/07/24 09:50:00 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)
DRV - [2003/07/03 12:07:58 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/06/06 05:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/05/30 11:01:26 | 001,170,464 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/05/28 11:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003/03/26 05:13:04 | 000,030,208 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2002/02/20 08:45:06 | 000,012,474 | R--- | M] (SONICBlue ,Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RiotDrv.sys -- (RiotDrv)
DRV - [2001/08/17 21:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2000/09/07 00:11:30 | 000,486,624 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase) Teledat USB 2 a/b (Win2000)
DRV - [2000/09/07 00:11:30 | 000,029,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [1998/08/06 18:00:00 | 000,069,840 | ---- | M] (AVM Berlin) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\avmport.sys -- (AVMPORT)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687}
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKU\Administrator_ON_C\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\Administrator_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>




========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Programme\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008/03/19 14:20:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 12:14:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/08/07 22:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013/02/13 09:19:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2011/09/11 12:33:33 | 000,000,000 | ---D | M]

[2010/06/01 10:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010/06/01 10:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2010/09/04 07:37:49 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAMME\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2005/06/19 10:59:30 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [Performance Center] File not found
O4 - HKU\Administrator_ON_C..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier [2013/01/20 23:37:57 | 000,000,000 | ---D | M]
O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows-Desktopsuche.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} hxxp://fibro.partcommunity.com/FileService/FileLoader/cnsViewer3D/cnsweb3d.cab (PARTcommunity 3D Web Viewer)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\style2: DllName - C:\WINDOWS\q286592_disk.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - Memory monitor - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop Components:1 (Security info v2) - C:\WINDOWS\screen.html
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2fe9fb01-506e-11d9-8216-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{2fe9fb01-506e-11d9-8216-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2fe9fb01-506e-11d9-8216-806d6172696f}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/02/13 17:16:59 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2013/02/13 17:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/12 12:46:32 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Administrator\3748115.dll
[2013/02/08 11:09:02 | 015,739,760 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
[12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/13 11:21:34 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.pad
[2013/02/13 11:21:31 | 000,002,876 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.js
[2013/02/13 11:21:31 | 000,000,778 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk
[2013/02/13 11:21:19 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd09a5862e4900.job
[2013/02/13 11:20:48 | 000,001,024 | ---- | M] () -- C:\WINDOWS\cclsi.ini
[2013/02/13 11:20:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/13 11:20:22 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/13 09:25:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/12 12:46:33 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Administrator\3748115.dll
[2013/02/12 12:14:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/12 12:08:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/10 05:13:27 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Excel 2003.lnk
[2013/02/10 04:45:00 | 000,001,774 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360.LNK
[2013/02/10 04:44:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton 360
[2013/02/10 04:44:13 | 000,758,531 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\Cat.DB
[2013/02/10 04:43:22 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\VT20130115.021
[2013/02/09 03:14:07 | 000,004,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini
[2013/02/09 03:14:07 | 000,001,378 | ---- | M] () -- C:\WINDOWS\smartcam.ini
[2013/02/09 03:11:07 | 000,000,892 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini
[2013/02/09 03:00:00 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos08.job
[2013/02/09 03:00:00 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos07.job
[2013/02/09 03:00:00 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos05.job
[2013/02/09 03:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01008.job
[2013/02/09 03:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01007.job
[2013/02/09 03:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01005.job
[2013/02/09 01:59:18 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2013/02/08 11:09:09 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/08 11:09:09 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/08 11:09:03 | 015,739,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/02/08 10:16:03 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
[2013/02/04 00:58:25 | 000,002,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html
[2013/02/03 05:11:35 | 000,001,272 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html
[2013/02/02 05:15:50 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2013/02/02 01:28:00 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\isolate.ini
[2013/01/25 11:15:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
[12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/13 11:21:31 | 000,002,876 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.js
[2013/02/13 11:21:30 | 000,000,778 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk
[2013/02/13 10:49:25 | 1073,139,712 | -HS- | C] () -- C:\hiberfil.sys
[2013/02/12 12:48:07 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.pad
[2012/02/17 06:39:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/16 09:59:51 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/06/16 09:54:35 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/05 11:27:20 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/04/23 05:15:08 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2010/03/07 12:29:35 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2009/11/05 13:32:26 | 000,001,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html
[2008/04/02 11:52:23 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2008/04/02 11:52:23 | 000,295,018 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2008/04/02 11:52:23 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2008/03/22 07:07:18 | 000,097,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2007/10/05 09:45:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2007/05/18 08:41:57 | 000,000,210 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/03/07 13:39:17 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\Hooks.dll
[2006/11/20 06:29:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/11/20 06:29:31 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/11/20 06:29:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/11/20 06:29:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/11/20 06:29:31 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/11/20 06:29:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/11/11 09:12:13 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/10/13 04:25:17 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/06/13 09:35:32 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2006/05/05 06:03:14 | 000,010,249 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI
[2006/01/11 12:22:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2006/01/11 12:22:29 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/01/11 12:22:29 | 000,006,067 | ---- | C] () -- C:\WINDOWS\UNWISE.INI
[2005/09/19 07:44:12 | 000,002,447 | ---- | C] () -- C:\WINDOWS\FESTO.INI
[2005/07/07 03:31:37 | 000,002,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html
[2005/06/19 13:27:02 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/06/19 07:58:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\ignored.lst
[2005/03/02 03:24:41 | 000,002,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\qs_dflt.su
[2005/03/02 03:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmmetric.su
[2005/03/02 03:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pminch.su
[2005/03/02 03:24:37 | 000,000,892 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini
[2005/03/02 03:24:37 | 000,000,082 | ---- | C] () -- C:\WINDOWS\cam.ini
[2005/01/18 03:49:23 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin0407.exe
[2005/01/18 03:38:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\cclsi.ini
[2005/01/13 05:54:30 | 000,841,489 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\rechnung 475
[2005/01/13 04:57:58 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3m.DLL
[2005/01/13 03:37:00 | 000,012,467 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/13 03:05:28 | 000,144,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/11 18:41:49 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2005/01/11 18:41:49 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2005/01/11 18:11:33 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/11 18:02:19 | 000,009,197 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.bak
[2005/01/11 18:02:19 | 000,008,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.bak
[2005/01/11 18:02:19 | 000,002,396 | ---- | C] () -- C:\WINDOWS\COMM.INI
[2005/01/11 18:02:19 | 000,000,795 | ---- | C] () -- C:\WINDOWS\EDPLUS.INI
[2005/01/11 18:02:19 | 000,000,076 | ---- | C] () -- C:\WINDOWS\MACHDEF.INI
[2005/01/11 18:02:16 | 000,008,424 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.su
[2005/01/11 18:02:16 | 000,008,263 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.su
[2005/01/11 18:02:16 | 000,004,819 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini
[2005/01/11 18:02:13 | 000,000,409 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\text_att.su
[2005/01/11 18:02:13 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\error.su
[2005/01/11 18:02:13 | 000,000,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\datetm.su
[2005/01/11 18:02:13 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\deffont.su
[2005/01/11 18:02:11 | 000,001,378 | ---- | C] () -- C:\WINDOWS\smartcam.ini
[2005/01/11 18:02:11 | 000,000,513 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\licadm.ini
[2005/01/11 17:50:41 | 000,000,062 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2004/10/22 02:46:36 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2004/10/22 02:46:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/10/21 18:08:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/10/21 18:07:35 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/21 18:07:13 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2004/08/07 04:38:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 04:38:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 04:30:28 | 000,463,382 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/08/07 04:30:28 | 000,444,848 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 04:30:28 | 000,086,226 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/08/07 04:30:28 | 000,072,724 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 04:29:08 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 04:22:56 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 04:17:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 04:14:30 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 03:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 03:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2000/09/07 00:11:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\capi2032.dll

========== LOP Check ==========

[2004/12/18 00:55:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\InterTrust
[2012/09/11 02:41:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BOM
[2008/04/18 10:08:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\cadenas
[2007/06/12 11:36:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon
[2011/02/10 12:48:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CoCreate
[2007/10/05 09:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DWGeditor
[2007/05/09 13:13:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ectaco
[2004/12/18 00:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterTrust
[2005/01/11 18:44:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterVideo
[2012/02/06 05:59:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Notepad++
[2006/02/27 04:56:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OD2
[2012/11/01 02:01:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong
[2007/12/15 09:56:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\sldIM
[2009/12/05 05:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony
[2009/12/05 09:28:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Creative Software
[2009/12/05 05:43:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Setup
[2006/11/11 10:15:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\T-DSL SpeedManager
[2011/08/20 22:42:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Tific
[2010/06/01 10:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TomTom
[2008/01/24 14:17:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2010/03/14 04:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\371AC
[2010/04/23 05:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ascentive
[2009/03/22 01:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2012/11/01 02:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverGenius
[2008/03/19 14:19:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fluxDVD
[2008/03/19 14:20:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpDRM
[2006/01/11 12:31:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2
[2009/08/14 01:03:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings
[2012/09/11 01:29:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2012/11/01 01:51:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2005/07/07 01:52:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2010/06/01 10:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2008/01/24 14:16:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2008/10/07 02:21:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/09/14 02:53:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2013/02/09 03:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\Tasks\01005.job
[2013/02/09 03:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\Tasks\01007.job
[2013/02/09 03:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\Tasks\01008.job
[2013/01/25 11:15:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2013/02/09 03:00:00 | 000,000,196 | ---- | M] () -- C:\WINDOWS\Tasks\pos05.job
[2013/02/09 03:00:00 | 000,000,196 | ---- | M] () -- C:\WINDOWS\Tasks\pos07.job
[2013/02/09 03:00:00 | 000,000,196 | ---- | M] () -- C:\WINDOWS\Tasks\pos08.job

========== Purity Check ==========


< End of report >

Alt 13.02.2013, 23:50   #2
aharonov
/// TB-Ausbilder
 
BKA Trojaner/Virus GVU Version 2.11 - Standard

BKA Trojaner/Virus GVU Version 2.11



Hallo schorsch0788 und

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich.
Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.
Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.

Hinweise zum Ablauf
  • Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
    • Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
    • Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles gesammelt in einer Antwort.
    • Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
    • Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.
  • Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert. Deshalb: Bitte
    • .. lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
    • .. installiere oder deinstalliere während der Bereinigung keine Software.
    • .. frag nicht parallel in anderen Foren nach Hilfe (Crossposting).
  • Ich kann dir keine Garantien geben, dass die Bereinigung schlussendlich erfolgreich sein wird und wir alles finden werden.
    • Ein Formatieren und Neuinstallieren ist meist der schnellere und immer der sicherere Weg.
    • Sollte ich eine schwerwiegende Infektion bei dir finden, werde ich dich nochmals darauf hinweisen. Es bleibt aber deine Entscheidung.
Los geht's: Alle Tools immer auf den Desktop speichern und von dort starten.



Im ersten Schritt versuchen wir den Sperrbildschirm zu entfernen. Danach solltest du Windows wieder normal aufstarten können.


Schritt 1
  • Starte den infizierten Rechner mit der OTLpe-CD und öffne OTLpe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
ATTFilter
:OTL
[2013/02/13 11:21:34 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.pad
[2013/02/13 11:21:31 | 000,002,876 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.js
[2013/02/13 11:21:31 | 000,000,778 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk
[2013/02/12 12:46:33 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Administrator\3748115.dll

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,\
  00,6c,00,6c,00,00,00
         
  • Klicke jetzt auf den Fix Button.
  • Starte danach den Rechner neu und versuche in den normalen Modus von Windows zu booten.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\OTL\MovedFiles\<time_date.log>)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Falls du wieder normal starten kannst, führe noch folgende Schritte durch:

Schritt 2

Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
  • Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
  • Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
  • Schliesse bitte alle anderen Programme.
  • Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Sollte sich ein Fenster mit folgender Warnung öffnen
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    dann klicke unbedingt auf No.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Show all
  • Setze rechts den Haken bei deiner Systempartition (normalerweise C:\).
  • Starte den Scan mit einem Klick auf Scan.
  • Mache gar nichts am Computer, während der Scan läuft!
  • Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
  • Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
  • Füge bitte den Inhalt des Logfiles hier in deine Thread ein.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.



Schritt 3

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTLPE
  • Log von Gmer
  • Logs von OTL
__________________

__________________

Alt 15.02.2013, 13:30   #3
schorsch0788
 
BKA Trojaner/Virus GVU Version 2.11 - Standard

BKA Trojaner/Virus GVU Version 2.11



Hallo Leo, danke schon einmal für deine Hilfe.

Hier die logfiles:

Fixlog von OTLPE:

Code:
ATTFilter
========== OTL ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.pad moved successfully.
File move failed. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.js scheduled to be moved on reboot.
File move failed. C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk scheduled to be moved on reboot.
C:\Dokumente und Einstellungen\Administrator\3748115.dll moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winmgmt\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 02142013_071214

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5118473.js not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk not found!

Registry entries deleted on Reboot...
         
Log von Gmer:

GMER Logfile:
Code:
ATTFilter
GMER 2.1.18952 - hxxp://www.gmer.net
Rootkit scan 2013-02-15 12:59:12
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS726060M9AT00 rev.MH4OA6AA 55,89GB
Running: s47kmiuh.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pgtdypog.sys


---- System - GMER 2.1 ----

SSDT                                                                                                                                  869AE948                                                                                                                              ZwAlertResumeThread
SSDT                                                                                                                                  869DC940                                                                                                                              ZwAlertThread
SSDT                                                                                                                                  86BD8978                                                                                                                              ZwAllocateVirtualMemory
SSDT                                                                                                                                  8698CA50                                                                                                                              ZwAssignProcessToJobObject
SSDT                                                                                                                                  86C4F5B8                                                                                                                              ZwConnectPort
SSDT                                                                                                                                  \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                            ZwCreateKey [0xA3FDDD40]
SSDT                                                                                                                                  86B8B908                                                                                                                              ZwCreateMutant
SSDT                                                                                                                                  86987A00                                                                                                                              ZwCreateSymbolicLinkObject
SSDT                                                                                                                                  86D3F798                                                                                                                              ZwCreateThread
SSDT                                                                                                                                  86F76470                                                                                                                              ZwDebugActiveProcess
SSDT                                                                                                                                  \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                            ZwDeleteKey [0xA3FDDFC0]
SSDT                                                                                                                                  \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                            ZwDeleteValueKey [0xA3FDE680]
SSDT                                                                                                                                  869E49D0                                                                                                                              ZwDuplicateObject
SSDT                                                                                                                                  86BF3600                                                                                                                              ZwFreeVirtualMemory
SSDT                                                                                                                                  86D15AB0                                                                                                                              ZwImpersonateAnonymousToken
SSDT                                                                                                                                  86AEECE0                                                                                                                              ZwImpersonateThread
SSDT                                                                                                                                  86C10250                                                                                                                              ZwLoadDriver
SSDT                                                                                                                                  869A9D00                                                                                                                              ZwMapViewOfSection
SSDT                                                                                                                                  86D5ECD8                                                                                                                              ZwOpenEvent
SSDT                                                                                                                                  86E9FDC0                                                                                                                              ZwOpenProcess
SSDT                                                                                                                                  86B6A488                                                                                                                              ZwOpenProcessToken
SSDT                                                                                                                                  86EE60A8                                                                                                                              ZwOpenSection
SSDT                                                                                                                                  86E67930                                                                                                                              ZwOpenThread
SSDT                                                                                                                                  86989A40                                                                                                                              ZwProtectVirtualMemory
SSDT                                                                                                                                  \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                            ZwRenameKey [0xA3FDEBF0]
SSDT                                                                                                                                  86B98D20                                                                                                                              ZwResumeThread
SSDT                                                                                                                                  86B888E8                                                                                                                              ZwSetContextThread
SSDT                                                                                                                                  86AD4920                                                                                                                              ZwSetInformationProcess
SSDT                                                                                                                                  86E61550                                                                                                                              ZwSetSystemInformation
SSDT                                                                                                                                  \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                            ZwSetValueKey [0xA3FDE910]
SSDT                                                                                                                                  86EA2558                                                                                                                              ZwSuspendProcess
SSDT                                                                                                                                  86BF2650                                                                                                                              ZwSuspendThread
SSDT                                                                                                                                  86EE9EC0                                                                                                                              ZwTerminateProcess
SSDT                                                                                                                                  86AD48E8                                                                                                                              ZwTerminateThread
SSDT                                                                                                                                  86BA3CD8                                                                                                                              ZwUnmapViewOfSection
SSDT                                                                                                                                  86BA3D10                                                                                                                              ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text                                                                                                                                 ntoskrnl.exe!_abnormal_termination + 7C                                                                                               804E26E8 8 Bytes  [48, E9, 9A, 86, 40, C9, 9D, ...]
.text                                                                                                                                 ntoskrnl.exe!_abnormal_termination + 15C                                                                                              804E27C8 1 Byte  [D0]
.text                                                                                                                                 ntoskrnl.exe!_abnormal_termination + 234                                                                                              804E28A0 8 Bytes  [C0, FD, E9, 86, 88, A4, B6, ...]
.text                                                                                                                                 ntoskrnl.exe!_abnormal_termination + 3A0                                                                                              804E2A0C 4 Bytes  CALL D8D4E299 
.text                                                                                                                                 ntoskrnl.exe!_abnormal_termination + 428                                                                                              804E2A94 4 Bytes  JMP FD1DCE96 
.text                                                                                                                                 ...                                                                                                                                   
?                                                                                                                                     SYMDS.SYS                                                                                                                             Das System kann die angegebene Datei nicht finden. !
?                                                                                                                                     SYMEFA.SYS                                                                                                                            Das System kann die angegebene Datei nicht finden. !
init                                                                                                                                  C:\WINDOWS\system32\drivers\o2mmb.sys                                                                                                 entry point in "init" section [0xF55BB320]
init                                                                                                                                  C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS                                                                                                entry point in "init" section [0xF78DAB12]
.text                                                                                                                                 C:\WINDOWS\system32\drivers\hardlock.sys                                                                                              section is writeable [0xA383B400, 0x7A186, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA38D9A20]  C:\WINDOWS\system32\drivers\hardlock.sys                                                                                              entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA38D9A20]
.protectÿÿÿÿhardlockunknown last code section [0xA38D9800, 0x5041, 0xE0000020]                                                        C:\WINDOWS\system32\drivers\hardlock.sys                                                                                              unknown last code section [0xA38D9800, 0x5041, 0xE0000020]

---- Devices - GMER 2.1 ----

Device                                                                                                                                                                                                                                                                      Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device                                                                                                                                                                                                                                                                      Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice                                                                                                                        \Driver\Tcpip \Device\Ip                                                                                                              SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice                                                                                                                        \Driver\Kbdclass \Device\KeyboardClass0                                                                                               SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice                                                                                                                        \Driver\Kbdclass \Device\KeyboardClass0                                                                                               mouclass.sys (Mausklassentreiber/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\Kbdclass \Device\KeyboardClass0                                                                                               EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice                                                                                                                        \Driver\Kbdclass \Device\KeyboardClass1                                                                                               SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice                                                                                                                        \Driver\Kbdclass \Device\KeyboardClass1                                                                                               EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice                                                                                                                        \Driver\Tcpip \Device\Tcp                                                                                                             SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice                                                                                                                        \Driver\Tcpip \Device\Udp                                                                                                             SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice                                                                                                                        \Driver\Tcpip \Device\RawIp                                                                                                           SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device                                                                                                                                                                                                                                                                      mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice                                                                                                                                                                                                                                                              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice                                                                                                                                                                                                                                                              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 2.1 ----

Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                       328218
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAB29EAB-D653-45BB-A638-EDA982420EEE}@LeaseObtainedTime           1360907818
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAB29EAB-D653-45BB-A638-EDA982420EEE}@T1                          1360909618
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAB29EAB-D653-45BB-A638-EDA982420EEE}@T2                          1360910968
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAB29EAB-D653-45BB-A638-EDA982420EEE}@LeaseTerminatesTime         1360911418
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\{DAB29EAB-D653-45BB-A638-EDA982420EEE}\Parameters\Tcpip@LeaseObtainedTime                      1360907818
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\{DAB29EAB-D653-45BB-A638-EDA982420EEE}\Parameters\Tcpip@T1                                     1360909618
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\{DAB29EAB-D653-45BB-A638-EDA982420EEE}\Parameters\Tcpip@T2                                     1360910968
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\{DAB29EAB-D653-45BB-A638-EDA982420EEE}\Parameters\Tcpip@LeaseTerminatesTime                    1360911418

---- Files - GMER 2.1 ----

File                                                                                                                                  C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\My Music\Clandestino_ Esperando La Ultima Ola..\Dia Luna... Dia Pena.mp3  1445143 bytes

---- EOF - GMER 2.1 ----
         
--- --- ---


OTL

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.02.2013 13:05:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,36 Mb Total Physical Memory | 646,94 Mb Available Physical Memory | 63,22% Memory free
2,40 Gb Paging File | 2,16 Gb Available in Paging File | 89,91% Paging File free
Paging file location(s): C:\pagefile.sys 1534 1534 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 10,81 Gb Free Space | 19,34% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 7,21 Gb Free Space | 96,75% Space Free | Partition Type: FAT32
 
Computer Name: EWALD-LAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.1.14\ccsvchst.exe
PRC - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe
PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe
MOD - [2002.05.28 17:11:04 | 000,122,880 | ---- | M] () -- C:\Benutzerprogramme\WinRAR\RarExt.dll
MOD - [2002.04.11 14:55:28 | 000,339,968 | ---- | M] () -- C:\Programme\OO Software\CleverCache\OOCCMNGR.dll
MOD - [2001.03.02 12:02:04 | 000,037,808 | ---- | M] () -- C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2013.02.08 17:09:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () [Auto | Running] -- C:\Programme\CoCreate\MEls\MEls32.exe -- (MEls)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)
SRV - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe -- (OOCleverCache)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SipIMNDI.sys -- (SipIMNDI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys -- (SANDRA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013.01.24 16:57:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130212.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.01.24 16:57:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013.01.24 16:57:49 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.01.24 16:57:49 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130212.004\NAVENG.SYS -- (NAVENG)
DRV - [2013.01.23 16:37:50 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130209.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.08.08 04:46:46 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360)
DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA)
DRV - [2012.03.29 07:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symtdi.sys -- (SYMTDI)
DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2012.03.29 07:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symds.sys -- (SymDS)
DRV - [2012.03.29 07:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic)
DRV - [2007.12.10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt)
DRV - [2007.12.10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5)
DRV - [2007.12.10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus)
DRV - [2007.04.27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2007.04.27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006.12.28 00:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.12.28 00:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.06.08 09:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004.11.05 10:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004.08.04 09:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.04 09:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.07.08 11:10:06 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004.06.03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2004.05.18 01:25:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004.04.14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004.03.24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003.12.02 23:57:02 | 000,641,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.09.19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003.08.05 03:00:10 | 000,322,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (WLAN_400_500_SERVICE)
DRV - [2003.07.29 01:49:00 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2003.07.24 15:50:00 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)
DRV - [2003.07.03 18:07:58 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003.06.06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003.05.30 17:01:26 | 001,170,464 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003.05.28 17:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003.03.26 11:13:04 | 000,030,208 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2002.02.20 14:45:06 | 000,012,474 | R--- | M] (SONICBlue ,Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RiotDrv.sys -- (RiotDrv)
DRV - [2001.08.18 03:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2000.09.07 06:11:30 | 000,486,624 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase)
DRV - [2000.09.07 06:11:30 | 000,029,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [1998.08.07 00:00:00 | 000,069,840 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\avmport.sys -- (AVMPORT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com//web?src=ieb&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.oneclicksearches.com/bar.html
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com//web?src=ieb&q={searchTerms}
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=DE&ver=5
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687}
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Programme\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008.03.19 20:20:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012.08.08 04:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013.02.15 13:04:49 | 000,000,000 | ---D | M]
 
[2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
 
========== Chrome  ==========
 
CHR - homepage: hxxp://home.sweetim.com/?st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687}
CHR - homepage: hxxp://home.sweetim.com/?st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Active Process Information eXchange (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll
CHR - plugin: fluxDVD (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
CHR - plugin: NPMPDRM License Acquisition Plugin (Enabled) = C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programme\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Media Go Detector (Enabled) = c:\Programme\Sony\Media Go\npmediago.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: SweetIM for Facebook = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: SweetIM for Facebook = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2005.06.19 16:59:30 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-21-686225105-3868835699-3303831392-500..\Run: [Performance Center] C:\Programme\Ascentive\Performance Center\ApcMain.exe -m File not found
O4 - HKU\S-1-5-21-686225105-3868835699-3303831392-500..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier [2013.01.21 05:37:57 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows-Desktopsuche.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} hxxp://fibro.partcommunity.com/FileService/FileLoader/cnsViewer3D/cnsweb3d.cab (PARTcommunity 3D Web Viewer)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB3CE69-65FF-4A54-B49D-7C762BC7D1A8}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\style2: DllName - (C:\WINDOWS\q286592_disk.dll) -  File not found
O22 - SharedTaskScheduler: {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - Memory monitor - No CLSID value found.
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop Components:1 (Security info v2) - C:\WINDOWS\screen.html
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.15 13:03:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.02.14 07:21:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2013.02.13 23:16:59 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2013.02.13 23:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.08 17:09:02 | 015,739,760 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
[12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.15 13:08:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.15 13:03:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.15 13:03:06 | 000,001,024 | ---- | M] () -- C:\WINDOWS\cclsi.ini
[2013.02.15 13:02:51 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd09a5862e4900.job
[2013.02.15 13:02:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.15 13:02:23 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.15 12:14:43 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos08.job
[2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos07.job
[2013.02.15 09:00:01 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos05.job
[2013.02.15 09:00:01 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01008.job
[2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01007.job
[2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01005.job
[2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.02.14 06:52:24 | 000,374,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\s47kmiuh.exe
[2013.02.10 11:13:27 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Excel 2003.lnk
[2013.02.10 10:45:00 | 000,001,774 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360.LNK
[2013.02.10 10:44:13 | 000,758,531 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\Cat.DB
[2013.02.10 10:43:22 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\VT20130115.021
[2013.02.09 09:14:07 | 000,004,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini
[2013.02.09 09:14:07 | 000,001,378 | ---- | M] () -- C:\WINDOWS\smartcam.ini
[2013.02.09 09:11:07 | 000,000,892 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini
[2013.02.09 07:59:18 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2013.02.08 17:09:09 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.02.08 17:09:09 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.02.08 17:09:03 | 015,739,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013.02.04 06:58:25 | 000,002,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html
[2013.02.03 11:11:35 | 000,001,272 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html
[2013.02.02 11:15:50 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2013.02.02 07:28:00 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\isolate.ini
[2013.01.25 17:15:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
[12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.15 06:52:52 | 000,374,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\s47kmiuh.exe
[2013.02.13 16:49:25 | 1073,139,712 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.17 12:39:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.06.16 15:59:51 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.06.16 15:54:35 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009.11.05 19:32:26 | 000,001,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html
[2005.07.07 09:31:37 | 000,002,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html
[2005.06.19 13:58:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\ignored.lst
[2005.03.02 09:24:41 | 000,002,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\qs_dflt.su
[2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmmetric.su
[2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pminch.su
[2005.03.02 09:24:37 | 000,000,892 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini
[2005.01.13 11:54:30 | 000,841,489 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\rechnung 475
[2005.01.13 09:05:28 | 000,144,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.01.12 00:02:19 | 000,009,197 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.bak
[2005.01.12 00:02:19 | 000,008,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.bak
[2005.01.12 00:02:16 | 000,008,424 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.su
[2005.01.12 00:02:16 | 000,008,263 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.su
[2005.01.12 00:02:16 | 000,004,819 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini
[2005.01.12 00:02:13 | 000,000,409 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\text_att.su
[2005.01.12 00:02:13 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\error.su
[2005.01.12 00:02:13 | 000,000,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\datetm.su
[2005.01.12 00:02:13 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\deffont.su
[2005.01.12 00:02:11 | 000,000,513 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\licadm.ini
[2004.10.22 00:07:13 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2004.08.07 10:25:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


Extras

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.02.2013 13:05:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,36 Mb Total Physical Memory | 646,94 Mb Available Physical Memory | 63,22% Memory free
2,40 Gb Paging File | 2,16 Gb Available in Paging File | 89,91% Paging File free
Paging file location(s): C:\pagefile.sys 1534 1534 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 10,81 Gb Free Space | 19,34% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 7,21 Gb Free Space | 96,75% Space Free | Partition Type: FAT32
 
Computer Name: EWALD-LAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\InterVideo\DVD5\WinDVD.exe" = C:\Programme\InterVideo\DVD5\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)
"C:\Programme\CoCreate\OSD_Modeling_12.1.6.4\binNT\SolidDesigner.exe" = C:\Programme\CoCreate\OSD_Modeling_12.1.6.4\binNT\SolidDesigner.exe:*:Enabled:OneSpace Designer
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Disabled:Sentinel Keys Server -- (SafeNet, Inc.)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service
"C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- ()
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager -- (SweetIM Technologies Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05B41EC7-1C7E-4B94-AD0B-B51273C4C616}" = GOelan
"{06CA7E0A-0E71-44CD-A32E-8F59704A360B}" = GOelan Solid Importer 2009
"{07E7EFE7-3D94-4D29-B83C-B81137199C1A}" = CoCreate OneSpace 3D Access 2007
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1103112B-513D-4DEF-96B4-9889774E0118}" = Creative Zen Touch
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2D026738-9CC6-4D24-A1B4-FFBA9D59C746}" = CoCreate 3D Access 2008 - 16.0.1.65
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35343FF7-939B-401A-87B3-FF90A5123D88}" = Microsoft XML Parser und SDK
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver
"{514405D1-B3DE-482F-90EC-29D9272F2424}" = CoCreate OneSpace Designer Modeling 2006
"{53480250-325A-41FE-9F60-1E3DEA1D2BD8}" = O&O CleverCache Professional Edition
"{5402BE47-9E53-463F-BC61-76AF0F91D8BB}" = CoCreate 3D Access 17.0
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A4A8570-F6A7-11D4-BAD8-000102A2E03A}" = Lexware Online Banking
"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{924FD767-4B99-47FC-9DB5-2F44E062E548}" = FireGL Control Panel
"{92746D91-8107-4481-A3C4-D36B22B720A4}" = CoCreate OneSpace Designer Drafting 12.01d
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B668CB7B-A9DF-43B6-8876-A373A8E1D438}" = HP Mobile Printing
"{B78DFC4B-B7B5-46A4-9231-D454737B1AC0}" = CoCreate OneSpace Designer Modeling 2005
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C5AEBFD6-3AF9-4784-81C2-F442C86AA096}" = FireGL driver for 3D Studio MAX/VIZ
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 C2
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E462A9AD-3376-4362-92CA-832E0F58C6CC}" = CoCreate License Server 14.0.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2545484-7B1C-484A-89B8-B0F8B38BC67F}" = O2Micro SmartCardBus Reader Windows Driver Installer
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6C0D92C-7EBC-4CEE-A0DD-BCE6ADB50E22}" = PARTcommunity 3D Web Viewer
"{FAE396F4-6684-4BAF-80B2-9B669C39540B}" = CoCreate OneSpace Designer Drafting 2006
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AFPL Ghostscript 8.13" = AFPL Ghostscript 8.13
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"AVMWLANCLI" = AVM FRITZ!WLAN
"Biet-O-Matic v2.12.7" = Biet-O-Matic v2.12.7
"Creative Jukebox Driver" = Creative Jukebox Driver
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GOelan" = GOelan V5
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageMagick 5.5.2 Q:16_is1" = ImageMagick 5.5.2 Q:16 Beta (November 10, 2002)
"InstallShield_{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver
"InterActual Player" = InterActual Player
"ISDN CAPI Port" = ISDN CAPI Port
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NortonLive" = NortonLive
"Notepad++" = Notepad++
"PMDeinstKey" = Production Milling V10.0
"PrintKey2000" = PrintKey2000
"QuickBooks 2002" = QuickBooks 2002
"ST6UNST #1" = BatchPlot
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative-Systeminformationen
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Engine" = Sony Ericsson Update Engine
"Videoload Manager" = Videoload Manager 1.0.1095
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.01.2013 01:58:59 | Computer Name = EWALD-LAPTOP | Source = MEls | ID = 0
Description = No device (LAN:0-LAN:255, COM1-COM255) found which match the given
 Lan id 0x0011858661a6
 
Error - 24.01.2013 11:43:40 | Computer Name = EWALD-LAPTOP | Source = MEls | ID = 0
Description = No device (LAN:0-LAN:255, COM1-COM255) found which match the given
 Lan id 0x0011858661a6
 
Error - 25.01.2013 10:19:16 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x100aa3d0.
 
Error - 26.01.2013 04:16:24 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung goelan.exe, Version 5.12.207.0, fehlgeschlagenes
 Modul atioglgl.dll, Version 6.14.10.4063, Fehleradresse 0x000a48c7.
 
Error - 26.01.2013 04:21:27 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung goelan.exe, Version 5.12.207.0, fehlgeschlagenes
 Modul atioglgl.dll, Version 6.14.10.4063, Fehleradresse 0x000a48c7.
 
Error - 08.02.2013 11:12:30 | Computer Name = EWALD-LAPTOP | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 09.02.2013 06:11:58 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung goelan.exe, Version 5.12.207.0, fehlgeschlagenes
 Modul atioglgl.dll, Version 6.14.10.4063, Fehleradresse 0x000755f0.
 
Error - 10.02.2013 06:14:53 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung qbw32.exe, Version 8.0.4.75, fehlgeschlagenes
 Modul comctl32.dll, Version 5.82.2900.6028, Fehleradresse 0x00014784.
 
Error - 10.02.2013 06:15:16 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung qbw32.exe, Version 8.0.4.75, fehlgeschlagenes
 Modul comctl32.dll, Version 5.82.2900.6028, Fehleradresse 0x00014784.
 
Error - 14.02.2013 08:24:29 | Computer Name = EWALD-LAPTOP | Source = MEls | ID = 0
Description = socket(bcst): WSAENOBUFS - No buffer space available
 
[ System Events ]
Error - 15.02.2013 01:56:35 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.02.2013 01:56:38 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.02.2013 01:56:40 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.02.2013 01:56:42 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.02.2013 01:56:44 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.02.2013 01:57:01 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.02.2013 01:57:02 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.02.2013 01:57:30 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.02.2013 01:57:35 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.02.2013 08:03:20 | Computer Name = EWALD-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
 
< End of report >
         
--- --- ---
__________________

Alt 15.02.2013, 13:48   #4
aharonov
/// TB-Ausbilder
 
BKA Trojaner/Virus GVU Version 2.11 - Standard

BKA Trojaner/Virus GVU Version 2.11



Hey,

gut, die Entsperrung hat also schon mal geklappt. Machen wir weiter:


Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
  • Schliesse alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!


Downloade dir bitte Combofix.
  • WICHTIG: Speichere Combofix auf deinen Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
    Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und akzeptiere die Endbenutzer-Lizenz.
    Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
    Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.
  • Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
  • Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 3

Starte bitte die OTL.exe.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von Combofix
  • Log von OTL
__________________
cheers,
Leo

Alt 16.02.2013, 08:58   #5
schorsch0788
 
BKA Trojaner/Virus GVU Version 2.11 - Standard

BKA Trojaner/Virus GVU Version 2.11



Log von AdwCleaner

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 15/02/2013 um 14:05:55 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Administrator - EWALD-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Gelöscht mit Neustart : C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Conduit
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
Ordner Gelöscht : C:\Programme\Conduit
Ordner Gelöscht : C:\Programme\SweetIM
Ordner Gelöscht : C:\WINDOWS\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687} --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.57

Datei : C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.8] : homepage = "hxxp://home.sweetim.com/?st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687}",
Gelöscht [l.12] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?crg=3.1010006.10031&barid={4DA92F[...]
Gelöscht [l.313] : homepage = "hxxp://home.sweetim.com/?st=6&barid={4DA92F51-23F0-11E2-818B-000E2EFF5687}",
Gelöscht [l.576] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?crg=3.1010006.10031&barid={4DA92F51-[...]

*************************

AdwCleaner[S1].txt - [374 octets] - [15/02/2013 14:05:36]
AdwCleaner[S2].txt - [12989 octets] - [15/02/2013 14:05:55]

########## EOF - C:\AdwCleaner[S2].txt - [13050 octets] ##########
         
--- --- ---

[/code]


Log von OTL

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.02.2013 08:35:34 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,36 Mb Total Physical Memory | 655,62 Mb Available Physical Memory | 64,07% Memory free
2,40 Gb Paging File | 2,16 Gb Available in Paging File | 89,76% Paging File free
Paging file location(s): C:\pagefile.sys 1534 1534 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 10,68 Gb Free Space | 19,11% Space Free | Partition Type: NTFS
 
Computer Name: EWALD-LAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.1.14\ccsvchst.exe
PRC - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe
PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe
MOD - [2002.05.28 17:11:04 | 000,122,880 | ---- | M] () -- C:\Benutzerprogramme\WinRAR\RarExt.dll
MOD - [2002.04.11 14:55:28 | 000,339,968 | ---- | M] () -- C:\Programme\OO Software\CleverCache\OOCCMNGR.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2013.02.08 17:09:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.06.26 07:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () [Auto | Running] -- C:\Programme\CoCreate\MEls\MEls32.exe -- (MEls)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)
SRV - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe -- (OOCleverCache)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SipIMNDI.sys -- (SipIMNDI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys -- (SANDRA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013.01.24 16:57:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.01.24 16:57:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013.01.24 16:57:49 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.01.24 16:57:49 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVENG.SYS -- (NAVENG)
DRV - [2013.01.23 16:37:50 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130214.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130208.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.08.08 04:46:46 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360)
DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA)
DRV - [2012.03.29 07:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symtdi.sys -- (SYMTDI)
DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2012.03.29 07:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symds.sys -- (SymDS)
DRV - [2012.03.29 07:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic)
DRV - [2007.12.10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt)
DRV - [2007.12.10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5)
DRV - [2007.12.10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus)
DRV - [2007.04.27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2007.04.27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006.12.28 00:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.12.28 00:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.06.08 09:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004.11.05 10:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004.08.04 09:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.04 09:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.07.08 11:10:06 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004.06.03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2004.05.18 01:25:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004.04.14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004.03.24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003.12.02 23:57:02 | 000,641,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.09.19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003.08.05 03:00:10 | 000,322,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (WLAN_400_500_SERVICE)
DRV - [2003.07.29 01:49:00 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2003.07.24 15:50:00 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)
DRV - [2003.07.03 18:07:58 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003.06.06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003.05.30 17:01:26 | 001,170,464 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003.05.28 17:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003.03.26 11:13:04 | 000,030,208 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2002.02.20 14:45:06 | 000,012,474 | R--- | M] (SONICBlue ,Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RiotDrv.sys -- (RiotDrv)
DRV - [2001.08.18 03:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2000.09.07 06:11:30 | 000,486,624 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase)
DRV - [2000.09.07 06:11:30 | 000,029,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [1998.08.07 00:00:00 | 000,069,840 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\avmport.sys -- (AVMPORT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.oneclicksearches.com/bar.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Programme\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008.03.19 20:20:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012.08.08 04:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013.02.16 08:36:35 | 000,000,000 | ---D | M]
 
[2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Active Process Information eXchange (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll
CHR - plugin: fluxDVD (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
CHR - plugin: NPMPDRM License Acquisition Plugin (Enabled) = C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programme\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Media Go Detector (Enabled) = c:\Programme\Sony\Media Go\npmediago.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2005.06.19 16:59:30 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O4 - HKCU..\Run: [Performance Center] C:\Programme\Ascentive\Performance Center\ApcMain.exe -m File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows-Desktopsuche.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} hxxp://fibro.partcommunity.com/FileService/FileLoader/cnsViewer3D/cnsweb3d.cab (PARTcommunity 3D Web Viewer)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB3CE69-65FF-4A54-B49D-7C762BC7D1A8}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\style2: DllName - (C:\WINDOWS\q286592_disk.dll) -  File not found
O22 - SharedTaskScheduler: {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - Memory monitor - No CLSID value found.
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop Components:1 (Security info v2) - C:\WINDOWS\screen.html
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.16 08:37:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013.02.15 19:52:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.02.15 14:35:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.02.15 14:19:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.02.15 14:19:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.02.15 14:19:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.02.15 14:19:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.02.15 14:17:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.15 14:16:28 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung
[2013.02.15 14:14:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.02.15 14:11:49 | 005,032,798 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
[2013.02.15 13:03:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.02.14 07:21:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2013.02.13 23:16:59 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2013.02.13 23:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.08 17:09:02 | 015,739,760 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
[12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.16 08:37:24 | 000,758,971 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\Cat.DB
[2013.02.16 08:34:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.16 08:33:50 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd09a5862e4900.job
[2013.02.16 08:33:28 | 000,001,024 | ---- | M] () -- C:\WINDOWS\cclsi.ini
[2013.02.16 08:33:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.16 08:32:59 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.15 14:36:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.02.15 14:14:26 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.15 14:00:06 | 005,032,798 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
[2013.02.15 13:59:06 | 000,587,671 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner0.exe
[2013.02.15 13:08:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos08.job
[2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos07.job
[2013.02.15 09:00:01 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos05.job
[2013.02.15 09:00:01 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01008.job
[2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01007.job
[2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01005.job
[2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.02.14 06:52:24 | 000,374,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\s47kmiuh.exe
[2013.02.10 11:13:27 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Excel 2003.lnk
[2013.02.10 10:45:00 | 000,001,774 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360.LNK
[2013.02.10 10:43:22 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\VT20130115.021
[2013.02.09 09:14:07 | 000,004,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini
[2013.02.09 09:14:07 | 000,001,378 | ---- | M] () -- C:\WINDOWS\smartcam.ini
[2013.02.09 09:11:07 | 000,000,892 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini
[2013.02.09 07:59:18 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2013.02.08 17:09:09 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.02.08 17:09:09 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.02.08 17:09:03 | 015,739,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013.02.04 06:58:25 | 000,002,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html
[2013.02.03 11:11:35 | 000,001,272 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html
[2013.02.02 11:15:50 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2013.02.02 07:28:00 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\isolate.ini
[2013.01.25 17:15:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
[12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.15 14:36:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.02.15 14:35:33 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.02.15 14:19:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.02.15 14:19:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.02.15 14:19:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.02.15 14:19:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.02.15 14:19:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.02.15 14:05:07 | 000,587,671 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner0.exe
[2013.02.15 06:52:52 | 000,374,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\s47kmiuh.exe
[2013.02.13 16:49:25 | 1073,139,712 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.17 12:39:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.06.16 15:59:51 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.06.16 15:54:35 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009.11.05 19:32:26 | 000,001,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html
[2005.07.07 09:31:37 | 000,002,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html
[2005.06.19 13:58:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\ignored.lst
[2005.03.02 09:24:41 | 000,002,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\qs_dflt.su
[2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmmetric.su
[2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pminch.su
[2005.03.02 09:24:37 | 000,000,892 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini
[2005.01.13 11:54:30 | 000,841,489 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\rechnung 475
[2005.01.13 09:05:28 | 000,144,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.01.12 00:02:19 | 000,009,197 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.bak
[2005.01.12 00:02:19 | 000,008,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.bak
[2005.01.12 00:02:16 | 000,008,424 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.su
[2005.01.12 00:02:16 | 000,008,263 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.su
[2005.01.12 00:02:16 | 000,004,819 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini
[2005.01.12 00:02:13 | 000,000,409 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\text_att.su
[2005.01.12 00:02:13 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\error.su
[2005.01.12 00:02:13 | 000,000,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\datetm.su
[2005.01.12 00:02:13 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\deffont.su
[2005.01.12 00:02:11 | 000,000,513 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\licadm.ini
[2004.10.22 00:07:13 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2004.08.07 10:25:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---

[/code]


Extra.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.02.2013 08:35:34 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,36 Mb Total Physical Memory | 655,62 Mb Available Physical Memory | 64,07% Memory free
2,40 Gb Paging File | 2,16 Gb Available in Paging File | 89,76% Paging File free
Paging file location(s): C:\pagefile.sys 1534 1534 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 10,68 Gb Free Space | 19,11% Space Free | Partition Type: NTFS
 
Computer Name: EWALD-LAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\InterVideo\DVD5\WinDVD.exe" = C:\Programme\InterVideo\DVD5\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)
"C:\Programme\CoCreate\OSD_Modeling_12.1.6.4\binNT\SolidDesigner.exe" = C:\Programme\CoCreate\OSD_Modeling_12.1.6.4\binNT\SolidDesigner.exe:*:Enabled:OneSpace Designer
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Disabled:Sentinel Keys Server -- (SafeNet, Inc.)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service
"C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- ()
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05B41EC7-1C7E-4B94-AD0B-B51273C4C616}" = GOelan
"{06CA7E0A-0E71-44CD-A32E-8F59704A360B}" = GOelan Solid Importer 2009
"{07E7EFE7-3D94-4D29-B83C-B81137199C1A}" = CoCreate OneSpace 3D Access 2007
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1103112B-513D-4DEF-96B4-9889774E0118}" = Creative Zen Touch
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2D026738-9CC6-4D24-A1B4-FFBA9D59C746}" = CoCreate 3D Access 2008 - 16.0.1.65
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35343FF7-939B-401A-87B3-FF90A5123D88}" = Microsoft XML Parser und SDK
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver
"{514405D1-B3DE-482F-90EC-29D9272F2424}" = CoCreate OneSpace Designer Modeling 2006
"{53480250-325A-41FE-9F60-1E3DEA1D2BD8}" = O&O CleverCache Professional Edition
"{5402BE47-9E53-463F-BC61-76AF0F91D8BB}" = CoCreate 3D Access 17.0
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A4A8570-F6A7-11D4-BAD8-000102A2E03A}" = Lexware Online Banking
"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{924FD767-4B99-47FC-9DB5-2F44E062E548}" = FireGL Control Panel
"{92746D91-8107-4481-A3C4-D36B22B720A4}" = CoCreate OneSpace Designer Drafting 12.01d
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B668CB7B-A9DF-43B6-8876-A373A8E1D438}" = HP Mobile Printing
"{B78DFC4B-B7B5-46A4-9231-D454737B1AC0}" = CoCreate OneSpace Designer Modeling 2005
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5AEBFD6-3AF9-4784-81C2-F442C86AA096}" = FireGL driver for 3D Studio MAX/VIZ
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 C2
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E462A9AD-3376-4362-92CA-832E0F58C6CC}" = CoCreate License Server 14.0.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2545484-7B1C-484A-89B8-B0F8B38BC67F}" = O2Micro SmartCardBus Reader Windows Driver Installer
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6C0D92C-7EBC-4CEE-A0DD-BCE6ADB50E22}" = PARTcommunity 3D Web Viewer
"{FAE396F4-6684-4BAF-80B2-9B669C39540B}" = CoCreate OneSpace Designer Drafting 2006
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AFPL Ghostscript 8.13" = AFPL Ghostscript 8.13
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"AVMWLANCLI" = AVM FRITZ!WLAN
"Biet-O-Matic v2.12.7" = Biet-O-Matic v2.12.7
"Creative Jukebox Driver" = Creative Jukebox Driver
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GOelan" = GOelan V5
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageMagick 5.5.2 Q:16_is1" = ImageMagick 5.5.2 Q:16 Beta (November 10, 2002)
"InstallShield_{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver
"InterActual Player" = InterActual Player
"ISDN CAPI Port" = ISDN CAPI Port
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NortonLive" = NortonLive
"Notepad++" = Notepad++
"PMDeinstKey" = Production Milling V10.0
"PrintKey2000" = PrintKey2000
"QuickBooks 2002" = QuickBooks 2002
"ST6UNST #1" = BatchPlot
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative-Systeminformationen
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Engine" = Sony Ericsson Update Engine
"Videoload Manager" = Videoload Manager 1.0.1095
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.01.2013 01:58:59 | Computer Name = EWALD-LAPTOP | Source = MEls | ID = 0
Description = No device (LAN:0-LAN:255, COM1-COM255) found which match the given
 Lan id 0x0011858661a6
 
Error - 24.01.2013 11:43:40 | Computer Name = EWALD-LAPTOP | Source = MEls | ID = 0
Description = No device (LAN:0-LAN:255, COM1-COM255) found which match the given
 Lan id 0x0011858661a6
 
Error - 25.01.2013 10:19:16 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x100aa3d0.
 
Error - 26.01.2013 04:16:24 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung goelan.exe, Version 5.12.207.0, fehlgeschlagenes
 Modul atioglgl.dll, Version 6.14.10.4063, Fehleradresse 0x000a48c7.
 
Error - 26.01.2013 04:21:27 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung goelan.exe, Version 5.12.207.0, fehlgeschlagenes
 Modul atioglgl.dll, Version 6.14.10.4063, Fehleradresse 0x000a48c7.
 
Error - 08.02.2013 11:12:30 | Computer Name = EWALD-LAPTOP | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 09.02.2013 06:11:58 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung goelan.exe, Version 5.12.207.0, fehlgeschlagenes
 Modul atioglgl.dll, Version 6.14.10.4063, Fehleradresse 0x000755f0.
 
Error - 10.02.2013 06:14:53 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung qbw32.exe, Version 8.0.4.75, fehlgeschlagenes
 Modul comctl32.dll, Version 5.82.2900.6028, Fehleradresse 0x00014784.
 
Error - 10.02.2013 06:15:16 | Computer Name = EWALD-LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung qbw32.exe, Version 8.0.4.75, fehlgeschlagenes
 Modul comctl32.dll, Version 5.82.2900.6028, Fehleradresse 0x00014784.
 
Error - 14.02.2013 08:24:29 | Computer Name = EWALD-LAPTOP | Source = MEls | ID = 0
Description = socket(bcst): WSAENOBUFS - No buffer space available
 
[ System Events ]
Error - 15.02.2013 01:57:01 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.02.2013 01:57:02 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.02.2013 01:57:30 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.02.2013 01:57:35 | Computer Name = EWALD-LAPTOP | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.02.2013 08:03:20 | Computer Name = EWALD-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 15.02.2013 09:04:19 | Computer Name = EWALD-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 15.02.2013 09:09:38 | Computer Name = EWALD-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 15.02.2013 14:46:33 | Computer Name = EWALD-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 15.02.2013 16:26:41 | Computer Name = EWALD-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 16.02.2013 03:34:28 | Computer Name = EWALD-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
 
< End of report >
         
--- --- ---

[/code]


Beim Combofix habe ich die Wiederherstellungskonsole installiert, jedoch ist er danach
stundenlang gelaufen. Und nichts weiteres ist passiert.
Es wurde auch keine Combofix.txt ausgegeben.

Gibt es eine Alternative zu Combofix ?


Alt 16.02.2013, 12:03   #6
aharonov
/// TB-Ausbilder
 
BKA Trojaner/Virus GVU Version 2.11 - Standard

BKA Trojaner/Virus GVU Version 2.11



Versuch es bitte noch einmal: Die ComboFix.exe löschen und eine neue herunterladen. Dann nochmals gemäss der Anleitung ausführen. Vorher unbedingt das Antivirenprogramm komplett ausschalten und während des Scans gar nichts am Rechner machen.
Klappt's dieses Mal?
__________________
--> BKA Trojaner/Virus GVU Version 2.11

Alt 16.02.2013, 16:18   #7
schorsch0788
 
BKA Trojaner/Virus GVU Version 2.11 - Standard

BKA Trojaner/Virus GVU Version 2.11



Klappt so leider immer noch nicht.
Ich hab ComboFix nochmal 4 Stunden laufen lassen.

Alt 16.02.2013, 16:20   #8
aharonov
/// TB-Ausbilder
 
BKA Trojaner/Virus GVU Version 2.11 - Standard

BKA Trojaner/Virus GVU Version 2.11



Noch ein letzter Versuch: Lass Combofix nochmals im abgesicherten Modus laufen.
(Du musste nicht mehr 4 Stunden warten. Wenn nach einer halben Stunde gar nichts mehr passiert, kannst du abbrechen.)
__________________
cheers,
Leo

Alt 16.02.2013, 17:06   #9
schorsch0788
 
BKA Trojaner/Virus GVU Version 2.11 - Standard

BKA Trojaner/Virus GVU Version 2.11



funktioniert so leider auch nicht

Alt 16.02.2013, 17:15   #10
aharonov
/// TB-Ausbilder
 
BKA Trojaner/Virus GVU Version 2.11 - Standard

BKA Trojaner/Virus GVU Version 2.11



Ok, dann machen wir es anders:


Schritt 1

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Wenn eine Warnung "Registry value AppInit_Dlls has been found, .." erscheint, drücke Nein.
  • Folge dann den Anweisungen, führe das Update aus und drücke dann Scan.
Falls Funde angezeigt werden:
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während des Neustarts wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut und wiederhole den Scan.
  • Sollte nochmals was gefunden werden, führe erneut den CleanUp-Prozess durch.
Das Tool wird im erstellten Ordner Logfiles (mbar-log-<Jahr-Monat-Tag>.txt) erzeugen. Bitte poste deren Inhalt hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers.



Schritt 2

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts löschen, sondern nur einen Scan-Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop.
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan.
  • Warnung: Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
  • TDSSKiller wird ein Logfile auf deinem Systemlaufwerk speichern (C:\TDSSKiller.<version_date_time>log.txt).
  • Poste bitte den Inhalt dieses Logfiles hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von MBAR
  • Log von TDSSKiller
__________________
cheers,
Leo

Alt 17.02.2013, 11:14   #11
schorsch0788
 
BKA Trojaner/Virus GVU Version 2.11 - Standard

BKA Trojaner/Virus GVU Version 2.11



Erster Log von MBAR
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.16.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: EWALD-LAPTOP [administrator]

16.02.2013 18:40:30
mbar-log-2013-02-16 (18-40-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 26225
Time elapsed: 58 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\Dokumente und Einstellungen\Administrator\Favoriten\Online Pharmacy.url (Rogue.Link) -> Delete on reboot.
c:\DelUS.bat (Malware.Trace) -> Delete on reboot.

(end)
         

Zweiter Log MBAR:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.16.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: EWALD-LAPTOP [administrator]

16.02.2013 19:43:00
mbar-log-2013-02-16 (19-43-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 26203
Time elapsed: 1 hour(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Log von TDSSKiller:

Code:
ATTFilter
11:07:31.0559 4052  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:07:32.0350 4052  ============================================================
11:07:32.0350 4052  Current date / time: 2013/02/17 11:07:32.0350
11:07:32.0350 4052  SystemInfo:
11:07:32.0350 4052  
11:07:32.0350 4052  OS Version: 5.1.2600 ServicePack: 3.0
11:07:32.0350 4052  Product type: Workstation
11:07:32.0350 4052  ComputerName: EWALD-LAPTOP
11:07:32.0350 4052  UserName: Administrator
11:07:32.0350 4052  Windows directory: C:\WINDOWS
11:07:32.0350 4052  System windows directory: C:\WINDOWS
11:07:32.0350 4052  Processor architecture: Intel x86
11:07:32.0350 4052  Number of processors: 1
11:07:32.0350 4052  Page size: 0x1000
11:07:32.0350 4052  Boot type: Normal boot
11:07:32.0350 4052  ============================================================
11:07:38.0139 4052  Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1E48, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:07:38.0149 4052  Drive \Device\Harddisk1\DR2 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:07:38.0149 4052  ============================================================
11:07:38.0149 4052  \Device\Harddisk0\DR0:
11:07:38.0149 4052  MBR partitions:
11:07:38.0149 4052  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
11:07:38.0149 4052  \Device\Harddisk1\DR2:
11:07:38.0149 4052  MBR partitions:
11:07:38.0149 4052  \Device\Harddisk1\DR2\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEEA080
11:07:38.0149 4052  ============================================================
11:07:38.0219 4052  C: <-> \Device\Harddisk0\DR0\Partition1
11:07:38.0219 4052  ============================================================
11:07:38.0219 4052  Initialize success
11:07:38.0219 4052  ============================================================
11:07:44.0157 1460  ============================================================
11:07:44.0157 1460  Scan started
11:07:44.0157 1460  Mode: Manual; 
11:07:44.0157 1460  ============================================================
11:07:54.0392 1460  ================ Scan system memory ========================
11:07:54.0402 1460  System memory - ok
11:07:54.0402 1460  ================ Scan services =============================
11:07:57.0366 1460  Abiosdsk - ok
11:07:57.0376 1460  abp480n5 - ok
11:07:58.0328 1460  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:07:58.0398 1460  ACPI - ok
11:07:58.0458 1460  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:07:58.0468 1460  ACPIEC - ok
11:07:59.0720 1460  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:08:00.0000 1460  AdobeFlashPlayerUpdateSvc - ok
11:08:00.0010 1460  adpu160m - ok
11:08:00.0360 1460  [ E696E749BEDCDA8B23757B8B5EA93780 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
11:08:00.0701 1460  aeaudio - ok
11:08:00.0971 1460  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:08:01.0031 1460  aec - ok
11:08:01.0662 1460  [ 91F3DF93F40A74D222CD166FE95DB633 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:08:01.0682 1460  AegisP - ok
11:08:02.0173 1460  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:08:02.0223 1460  AFD - ok
11:08:02.0994 1460  [ 3E60F847C0C57EEDB7C0639710512CCC ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:08:03.0595 1460  AgereSoftModem - ok
11:08:03.0715 1460  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
11:08:03.0866 1460  agp440 - ok
11:08:03.0876 1460  Aha154x - ok
11:08:03.0886 1460  aic78u2 - ok
11:08:03.0896 1460  aic78xx - ok
11:08:04.0036 1460  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:08:04.0066 1460  Alerter - ok
11:08:04.0176 1460  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
11:08:04.0196 1460  ALG - ok
11:08:04.0206 1460  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
11:08:04.0206 1460  AliIde - ok
11:08:04.0216 1460  amsint - ok
11:08:04.0677 1460  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
11:08:04.0747 1460  AppMgmt - ok
11:08:04.0997 1460  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:08:05.0328 1460  Arp1394 - ok
11:08:05.0338 1460  asc - ok
11:08:05.0348 1460  asc3350p - ok
11:08:05.0358 1460  asc3550 - ok
11:08:05.0708 1460  [ ED8CEE58C1E4C5893F5B2FD686A272BF ] Aspi32          C:\WINDOWS\system32\drivers\Aspi32.sys
11:08:05.0818 1460  Aspi32 - ok
11:08:07.0270 1460  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:08:07.0631 1460  aspnet_state - ok
11:08:07.0711 1460  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:08:07.0751 1460  AsyncMac - ok
11:08:08.0302 1460  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:08:08.0312 1460  atapi - ok
11:08:08.0322 1460  Atdisk - ok
11:08:10.0415 1460  [ 74861E44690029BF25A99CF1AADCD8F4 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:08:10.0545 1460  Ati HotKey Poller - ok
11:08:11.0216 1460  [ 75410DDA533D6B0DF3689341079FF215 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:08:11.0456 1460  ati2mtag - ok
11:08:11.0717 1460  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:08:11.0957 1460  Atmarpc - ok
11:08:12.0388 1460  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:08:12.0408 1460  AudioSrv - ok
11:08:12.0929 1460  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:08:13.0119 1460  audstub - ok
11:08:13.0489 1460  Automatisches LiveUpdate - Scheduler - ok
11:08:14.0361 1460  [ 9BD46C1D2F33A890B7226EDF543F18AA ] AVM WLAN Connection Service C:\Programme\avmwlanstick\WlanNetService.exe
11:08:14.0481 1460  AVM WLAN Connection Service - ok
11:08:15.0192 1460  [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject        C:\WINDOWS\system32\drivers\avmeject.sys
11:08:15.0262 1460  avmeject - ok
11:08:15.0562 1460  [ 86BB2C24C716761CC4D143EEE35C2356 ] AVMPORT         C:\WINDOWS\System32\drivers\avmport.sys
11:08:15.0723 1460  AVMPORT - ok
11:08:16.0253 1460  [ EB0EF89CCD0191AEC96CD6093FB9770F ] AVMWAN          C:\WINDOWS\system32\DRIVERS\avmwan.sys
11:08:16.0353 1460  AVMWAN - ok
11:08:16.0634 1460  [ 0E72B88B05A5931C46EFA7D511D9AEB9 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:08:16.0974 1460  b57w2k - ok
11:08:17.0575 1460  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:08:17.0665 1460  Beep - ok
11:08:22.0042 1460  [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130208.001\BHDrvx86.sys
11:08:23.0183 1460  BHDrvx86 - ok
11:08:23.0754 1460  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:08:24.0315 1460  BITS - ok
11:08:24.0365 1460  [ F934D1B230F84E1D19DD00AC5A7A83ED ] Bridge          C:\WINDOWS\system32\DRIVERS\bridge.sys
11:08:24.0756 1460  Bridge - ok
11:08:25.0967 1460  [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP        C:\WINDOWS\system32\DRIVERS\bridge.sys
11:08:25.0967 1460  BridgeMP - ok
11:08:26.0368 1460  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
11:08:26.0398 1460  Browser - ok
11:08:26.0648 1460  [ 2D0FC1415956E84CBB06B2542F3BDA41 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
11:08:26.0748 1460  BTWUSB - ok
11:08:27.0920 1460  catchme - ok
11:08:28.0040 1460  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:08:28.0291 1460  cbidf2k - ok
11:08:29.0272 1460  [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360      C:\WINDOWS\system32\drivers\N360\0604010.00E\ccSetx86.sys
11:08:29.0322 1460  ccSet_N360 - ok
11:08:29.0332 1460  cd20xrnt - ok
11:08:29.0372 1460  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:08:29.0402 1460  Cdaudio - ok
11:08:29.0703 1460  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:08:29.0813 1460  Cdfs - ok
11:08:30.0374 1460  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:08:30.0434 1460  Cdrom - ok
11:08:30.0444 1460  Changer - ok
11:08:30.0694 1460  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:08:30.0704 1460  CiSvc - ok
11:08:30.0774 1460  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:08:31.0325 1460  ClipSrv - ok
11:08:31.0435 1460  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:08:31.0445 1460  clr_optimization_v2.0.50727_32 - ok
11:08:31.0515 1460  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:08:31.0515 1460  CmBatt - ok
11:08:31.0525 1460  CmdIde - ok
11:08:31.0615 1460  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:08:31.0615 1460  Compbatt - ok
11:08:31.0625 1460  COMSysApp - ok
11:08:32.0056 1460  [ 32B0AC2449D9EF70B719BFAF631F998A ] CONAN           C:\WINDOWS\system32\drivers\o2mmb.sys
11:08:32.0176 1460  CONAN - ok
11:08:32.0457 1460  Cpqarray - ok
11:08:32.0557 1460  [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.EXE
11:08:32.0567 1460  Creative Service for CDROM Access - ok
11:08:32.0647 1460  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:08:32.0687 1460  CryptSvc - ok
11:08:32.0697 1460  dac2w2k - ok
11:08:32.0717 1460  dac960nt - ok
11:08:33.0308 1460  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:08:33.0498 1460  DcomLaunch - ok
11:08:33.0638 1460  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:08:33.0698 1460  Dhcp - ok
11:08:33.0748 1460  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:08:33.0759 1460  Disk - ok
11:08:33.0769 1460  dmadmin - ok
11:08:34.0470 1460  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:08:34.0790 1460  dmboot - ok
11:08:34.0860 1460  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:08:34.0930 1460  dmio - ok
11:08:34.0980 1460  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:08:34.0980 1460  dmload - ok
11:08:35.0050 1460  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:08:35.0080 1460  dmserver - ok
11:08:35.0120 1460  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:08:35.0291 1460  DMusic - ok
11:08:35.0591 1460  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:08:35.0611 1460  Dnscache - ok
11:08:35.0811 1460  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:08:35.0862 1460  Dot3svc - ok
11:08:35.0872 1460  dpti2o - ok
11:08:35.0912 1460  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:08:35.0922 1460  drmkaud - ok
11:08:35.0982 1460  [ 81B7808D3B5892388F33273119C2DC31 ] eabfiltr        C:\WINDOWS\system32\drivers\EABFiltr.sys
11:08:35.0982 1460  eabfiltr - ok
11:08:36.0022 1460  [ 1BA14DA377B66278335D4B9E8824CD42 ] eabusb          C:\WINDOWS\system32\drivers\eabusb.sys
11:08:36.0032 1460  eabusb - ok
11:08:36.0092 1460  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:08:36.0122 1460  EapHost - ok
11:08:37.0133 1460  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
11:08:37.0274 1460  eeCtrl - ok
11:08:37.0374 1460  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:08:37.0474 1460  EraserUtilRebootDrv - ok
11:08:37.0544 1460  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:08:37.0714 1460  ERSvc - ok
11:08:37.0824 1460  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
11:08:37.0935 1460  Eventlog - ok
11:08:38.0185 1460  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
11:08:38.0275 1460  EventSystem - ok
11:08:38.0525 1460  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:08:38.0575 1460  Fastfat - ok
11:08:38.0966 1460  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:08:39.0066 1460  FastUserSwitchingCompatibility - ok
11:08:39.0096 1460  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
11:08:39.0146 1460  Fdc - ok
11:08:39.0266 1460  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:08:39.0286 1460  Fips - ok
11:08:39.0407 1460  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:08:39.0407 1460  Flpydisk - ok
11:08:39.0507 1460  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:08:39.0557 1460  FltMgr - ok
11:08:40.0348 1460  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:08:40.0408 1460  FontCache3.0.0.0 - ok
11:08:40.0508 1460  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:08:40.0508 1460  Fs_Rec - ok
11:08:40.0598 1460  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:08:40.0658 1460  Ftdisk - ok
11:08:40.0859 1460  [ FF12FA487265DA2AC7DE4BE53F72FF1A ] FWLANUSB        C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
11:08:41.0219 1460  FWLANUSB - ok
11:08:41.0650 1460  [ AAC92FF0D958CF90156C74A9FE3E5E20 ] fxusbase        C:\WINDOWS\system32\DRIVERS\fxusbase.sys
11:08:42.0822 1460  fxusbase - ok
11:08:43.0262 1460  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:08:43.0282 1460  Gpc - ok
11:08:43.0533 1460  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c98bae82261480 C:\Programme\Google\Update\GoogleUpdate.exe
11:08:43.0583 1460  gupdate1c98bae82261480 - ok
11:08:43.0643 1460  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
11:08:43.0643 1460  gupdatem - ok
11:08:44.0073 1460  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
11:08:44.0163 1460  gusvc - ok
11:08:44.0464 1460  [ D64A40B94602158E40527AE95E7A9193 ] Hardlock        C:\WINDOWS\system32\drivers\hardlock.sys
11:08:45.0165 1460  Hardlock - ok
11:08:45.0275 1460  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:08:45.0295 1460  helpsvc - ok
11:08:45.0345 1460  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
11:08:45.0355 1460  HidServ - ok
11:08:45.0415 1460  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:08:45.0415 1460  HidUsb - ok
11:08:45.0485 1460  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:08:45.0505 1460  hkmsvc - ok
11:08:45.0796 1460  hpn - ok
11:08:46.0497 1460  [ E7E0CF2E13994DAB2CE10DFEF25BF610 ] hpqwmi          C:\Programme\HPQ\SHARED\HPQWMI.exe
11:08:46.0567 1460  hpqwmi - ok
11:08:46.0747 1460  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:08:46.0877 1460  HTTP - ok
11:08:46.0957 1460  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:08:46.0968 1460  HTTPFilter - ok
11:08:46.0978 1460  i2omgmt - ok
11:08:46.0988 1460  i2omp - ok
11:08:47.0018 1460  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:08:47.0278 1460  i8042prt - ok
11:08:47.0749 1460  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:08:48.0319 1460  idsvc - ok
11:08:49.0040 1460  [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130214.001\IDSxpx86.sys
11:08:49.0191 1460  IDSxpx86 - ok
11:08:49.0241 1460  [ D542B05BAB582295AFBD92B1965BE68A ] IFXTPM          C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
11:08:49.0261 1460  IFXTPM - ok
11:08:49.0281 1460  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:08:49.0301 1460  Imapi - ok
11:08:49.0591 1460  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:08:49.0641 1460  ImapiService - ok
11:08:49.0671 1460  ini910u - ok
11:08:49.0701 1460  [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
11:08:49.0711 1460  IntelIde - ok
11:08:49.0772 1460  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:08:49.0812 1460  intelppm - ok
11:08:50.0022 1460  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
11:08:50.0282 1460  Ip6Fw - ok
11:08:50.0382 1460  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:08:50.0402 1460  IpFilterDriver - ok
11:08:50.0483 1460  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:08:50.0493 1460  IpInIp - ok
11:08:50.0573 1460  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:08:50.0623 1460  IpNat - ok
11:08:50.0673 1460  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:08:50.0813 1460  IPSec - ok
11:08:51.0133 1460  [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda            C:\WINDOWS\system32\DRIVERS\irda.sys
11:08:51.0184 1460  irda - ok
11:08:51.0214 1460  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:08:51.0224 1460  IRENUM - ok
11:08:51.0294 1460  [ 2EFE1DB1EC58A26B0C14BFDA122E246F ] Irmon           C:\WINDOWS\System32\irmon.dll
11:08:51.0304 1460  Irmon - ok
11:08:51.0344 1460  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:08:51.0354 1460  isapnp - ok
11:08:51.0824 1460  [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi         C:\WINDOWS\system32\drivers\iviaspi.sys
11:08:51.0845 1460  Iviaspi - ok
11:08:52.0095 1460  [ 91061352084424820AC6268808CB8EE3 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
11:08:52.0145 1460  JavaQuickStarterService - ok
11:08:52.0225 1460  [ C4D1E49A7D853A6FDFE8EC2906AE5AAA ] Jukebox3        C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
11:08:52.0235 1460  Jukebox3 - ok
11:08:52.0255 1460  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:08:52.0265 1460  Kbdclass - ok
11:08:52.0355 1460  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:08:52.0576 1460  kmixer - ok
11:08:52.0666 1460  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:08:52.0706 1460  KSecDD - ok
11:08:53.0216 1460  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
11:08:53.0257 1460  lanmanserver - ok
11:08:53.0397 1460  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:08:53.0447 1460  lanmanworkstation - ok
11:08:53.0457 1460  lbrtfdc - ok
11:08:53.0527 1460  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:08:53.0547 1460  LmHosts - ok
11:08:53.0597 1460  [ 4C32B247524F91DB486D21DCB84D9C23 ] MbxStby         C:\WINDOWS\system32\drivers\MbxStby.sys
11:08:53.0607 1460  MbxStby - ok
11:08:57.0062 1460  [ F5EC78762896F18285BF2E900B024775 ] MEls            C:\Programme\CoCreate\MEls\MEls32.exe
11:09:01.0398 1460  MEls - ok
11:09:01.0629 1460  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:09:01.0639 1460  Messenger - ok
11:09:01.0739 1460  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:09:03.0201 1460  mnmdd - ok
11:09:03.0541 1460  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
11:09:03.0551 1460  mnmsrvc - ok
11:09:03.0812 1460  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:09:04.0212 1460  Modem - ok
11:09:04.0252 1460  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:09:04.0262 1460  Mouclass - ok
11:09:04.0503 1460  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:09:04.0503 1460  mouhid - ok
11:09:04.0553 1460  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:09:04.0693 1460  MountMgr - ok
11:09:04.0703 1460  mraid35x - ok
11:09:04.0783 1460  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:09:04.0913 1460  MRxDAV - ok
11:09:05.0454 1460  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:09:05.0704 1460  MRxSmb - ok
11:09:06.0045 1460  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
11:09:06.0405 1460  MSDTC - ok
11:09:06.0436 1460  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:09:06.0446 1460  Msfs - ok
11:09:06.0456 1460  MSIServer - ok
11:09:06.0486 1460  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:09:06.0626 1460  MSKSSRV - ok
11:09:06.0736 1460  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:09:06.0816 1460  MSPCLOCK - ok
11:09:07.0126 1460  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:09:07.0147 1460  MSPQM - ok
11:09:07.0177 1460  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:09:07.0307 1460  mssmbios - ok
11:09:07.0547 1460  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:09:07.0587 1460  Mup - ok
11:09:08.0238 1460  [ F2840DBFE9322F35557219AE82CC4597 ] N360            C:\Programme\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
11:09:08.0288 1460  N360 - ok
11:09:08.0669 1460  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:09:08.0799 1460  napagent - ok
11:09:09.0480 1460  [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG          C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVENG.SYS
11:09:09.0600 1460  NAVENG - ok
11:09:10.0752 1460  [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15         C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVEX15.SYS
11:09:11.0503 1460  NAVEX15 - ok
11:09:11.0723 1460  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:09:11.0803 1460  NDIS - ok
11:09:11.0953 1460  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:09:12.0164 1460  NdisTapi - ok
11:09:12.0304 1460  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:09:12.0454 1460  Ndisuio - ok
11:09:12.0624 1460  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:09:12.0654 1460  NdisWan - ok
11:09:12.0735 1460  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:09:12.0845 1460  NDProxy - ok
11:09:13.0245 1460  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:09:13.0385 1460  NetBIOS - ok
11:09:13.0716 1460  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:09:13.0816 1460  NetBT - ok
11:09:14.0257 1460  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:09:14.0687 1460  NetDDE - ok
11:09:14.0737 1460  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:09:14.0747 1460  NetDDEdsdm - ok
11:09:14.0788 1460  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:09:15.0208 1460  Netlogon - ok
11:09:15.0559 1460  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
11:09:15.0629 1460  Netman - ok
11:09:16.0380 1460  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:09:16.0430 1460  NetTcpPortSharing - ok
11:09:16.0490 1460  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:09:16.0600 1460  NIC1394 - ok
11:09:16.0830 1460  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:09:17.0271 1460  Nla - ok
11:09:17.0311 1460  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:09:17.0371 1460  Npfs - ok
11:09:17.0602 1460  [ 53F7546E8DAEFB3A0813F5E19C4613C9 ] NSNDIS5         C:\WINDOWS\system32\NSNDIS5.SYS
11:09:17.0722 1460  NSNDIS5 - ok
11:09:18.0252 1460  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:09:18.0463 1460  Ntfs - ok
11:09:18.0843 1460  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:09:18.0863 1460  NtLmSsp - ok
11:09:19.0284 1460  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:09:19.0444 1460  NtmsSvc - ok
11:09:19.0604 1460  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:09:19.0614 1460  Null - ok
11:09:19.0725 1460  [ C34A6A72DEC2C317D67355DC18F87090 ] NWCWorkstation  C:\WINDOWS\System32\nwwks.dll
11:09:19.0775 1460  NWCWorkstation - ok
11:09:19.0805 1460  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:09:19.0805 1460  NwlnkFlt - ok
11:09:19.0845 1460  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:09:19.0885 1460  NwlnkFwd - ok
11:09:20.0406 1460  [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx        C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
11:09:20.0436 1460  NwlnkIpx - ok
11:09:20.0476 1460  [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb         C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
11:09:20.0506 1460  NwlnkNb - ok
11:09:20.0556 1460  [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx        C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
11:09:20.0576 1460  NwlnkSpx - ok
11:09:20.0666 1460  [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR           C:\WINDOWS\system32\DRIVERS\nwrdr.sys
11:09:20.0726 1460  NWRDR - ok
11:09:20.0766 1460  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:09:20.0786 1460  ohci1394 - ok
11:09:21.0147 1460  [ A7AFD93CC20A4064A81F82D87C9026A7 ] OOCleverCache   C:\Programme\OO Software\CleverCache\OOCCSVC.exe
11:09:21.0227 1460  OOCleverCache - ok
11:09:21.0397 1460  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
11:09:22.0058 1460  ose - ok
11:09:22.0148 1460  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:09:22.0208 1460  Parport - ok
11:09:22.0228 1460  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:09:22.0228 1460  PartMgr - ok
11:09:22.0308 1460  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:09:22.0318 1460  ParVdm - ok
11:09:22.0358 1460  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:09:22.0378 1460  PCI - ok
11:09:22.0388 1460  PCIDump - ok
11:09:22.0489 1460  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
11:09:22.0489 1460  PCIIde - ok
11:09:22.0569 1460  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:09:22.0629 1460  Pcmcia - ok
11:09:22.0639 1460  PDCOMP - ok
11:09:22.0649 1460  PDFRAME - ok
11:09:22.0669 1460  PDRELI - ok
11:09:22.0679 1460  PDRFRAME - ok
11:09:22.0689 1460  perc2 - ok
11:09:22.0699 1460  perc2hib - ok
11:09:23.0660 1460  [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart  C:\ComboFix\pev.3XE
11:09:23.0760 1460  PEVSystemStart - ok
11:09:23.0790 1460  [ 444F122E68DB44C0589227781F3C8B3F ] Pfc             C:\WINDOWS\system32\drivers\pfc.sys
11:09:23.0800 1460  Pfc - ok
11:09:24.0331 1460  [ 0ABC514F6606324CE15484D079027798 ] PfModNT         C:\WINDOWS\system32\drivers\PfModNT.sys
11:09:24.0351 1460  PfModNT - ok
11:09:24.0411 1460  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
11:09:24.0421 1460  PlugPlay - ok
11:09:24.0812 1460  [ B597C2C966B447E011B4AE1B4D053677 ] PMBDeviceInfoProvider C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
11:09:25.0152 1460  PMBDeviceInfoProvider - ok
11:09:25.0253 1460  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:09:25.0493 1460  PolicyAgent - ok
11:09:25.0593 1460  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:09:25.0673 1460  PptpMiniport - ok
11:09:25.0683 1460  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:09:25.0683 1460  ProtectedStorage - ok
11:09:25.0733 1460  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:09:25.0773 1460  PSched - ok
11:09:25.0813 1460  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:09:25.0823 1460  Ptilink - ok
11:09:25.0833 1460  ql1080 - ok
11:09:25.0843 1460  Ql10wnt - ok
11:09:25.0853 1460  ql12160 - ok
11:09:26.0004 1460  ql1240 - ok
11:09:26.0014 1460  ql1280 - ok
11:09:26.0054 1460  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:09:26.0064 1460  RasAcd - ok
11:09:26.0444 1460  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:09:26.0474 1460  RasAuto - ok
11:09:26.0504 1460  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:09:26.0514 1460  Rasirda - ok
11:09:26.0544 1460  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:09:26.0574 1460  Rasl2tp - ok
11:09:26.0765 1460  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:09:26.0835 1460  RasMan - ok
11:09:26.0885 1460  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:09:26.0895 1460  RasPppoe - ok
11:09:26.0925 1460  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:09:27.0075 1460  Raspti - ok
11:09:27.0255 1460  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:09:27.0316 1460  Rdbss - ok
11:09:27.0336 1460  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:09:27.0336 1460  RDPCDD - ok
11:09:27.0466 1460  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:09:27.0586 1460  rdpdr - ok
11:09:27.0726 1460  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:09:27.0796 1460  RDPWD - ok
11:09:28.0397 1460  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:09:28.0457 1460  RDSessMgr - ok
11:09:28.0507 1460  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:09:28.0547 1460  redbook - ok
11:09:28.0597 1460  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:09:28.0617 1460  RemoteAccess - ok
11:09:28.0698 1460  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:09:28.0728 1460  RemoteRegistry - ok
11:09:28.0828 1460  [ 05BE5E68F6F733D3B913B53BC6B52B13 ] RiotDrv         C:\WINDOWS\system32\Drivers\RiotDrv.sys
11:09:28.0868 1460  RiotDrv - ok
11:09:29.0198 1460  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:09:29.0228 1460  RpcLocator - ok
11:09:29.0709 1460  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
11:09:29.0709 1460  RpcSs - ok
11:09:29.0899 1460  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
11:09:29.0969 1460  RSVP - ok
11:09:30.0360 1460  [ ABDC839BD1C53F9C17449B10221CB942 ] RT73            C:\WINDOWS\system32\DRIVERS\rt73.sys
11:09:30.0480 1460  RT73 - ok
11:09:30.0580 1460  [ 594FF5620661D1386475406E78CB6F2F ] s0017bus        C:\WINDOWS\system32\DRIVERS\s0017bus.sys
11:09:30.0620 1460  s0017bus - ok
11:09:30.0750 1460  [ 7258F550419D543BC5C8E80C578A5D54 ] s0017mdfl       C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys
11:09:31.0051 1460  s0017mdfl - ok
11:09:31.0311 1460  [ 1DE4F6607FEB17A15DBD4F1B139E6D2F ] s0017mdm        C:\WINDOWS\system32\DRIVERS\s0017mdm.sys
11:09:31.0351 1460  s0017mdm - ok
11:09:31.0461 1460  [ 9814E6BACC06D2526CD52981C7EEEDF0 ] s0017mgmt       C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys
11:09:31.0502 1460  s0017mgmt - ok
11:09:31.0592 1460  [ 2C62CD58225973F26682CD4F783DDEDE ] s0017nd5        C:\WINDOWS\system32\DRIVERS\s0017nd5.sys
11:09:31.0602 1460  s0017nd5 - ok
11:09:31.0742 1460  [ F87C3422E84B2FB1B43E0A26247AD5A5 ] s0017obex       C:\WINDOWS\system32\DRIVERS\s0017obex.sys
11:09:31.0812 1460  s0017obex - ok
11:09:31.0872 1460  [ DF5E7360A0AFA5956BF75DA683D0679F ] s0017unic       C:\WINDOWS\system32\DRIVERS\s0017unic.sys
11:09:32.0092 1460  s0017unic - ok
11:09:32.0433 1460  [ AA786AD3A2684D39630744787B00E6F4 ] s3017bus        C:\WINDOWS\system32\DRIVERS\s3017bus.sys
11:09:32.0623 1460  s3017bus - ok
11:09:32.0703 1460  [ CBA4CA5BCE44084E98CE420FD6692D3A ] s3017mdfl       C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys
11:09:32.0733 1460  s3017mdfl - ok
11:09:32.0843 1460  [ 68036EFF647970D6C0399789C8707CAD ] s3017mdm        C:\WINDOWS\system32\DRIVERS\s3017mdm.sys
11:09:32.0914 1460  s3017mdm - ok
11:09:32.0994 1460  [ 3672E7F9349BD98FD3F5AC33E7B2B1A6 ] s3017mgmt       C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys
11:09:33.0034 1460  s3017mgmt - ok
11:09:33.0074 1460  [ B1133B37EB184AEF81D56B4302DBAE9C ] s3017nd5        C:\WINDOWS\system32\DRIVERS\s3017nd5.sys
11:09:33.0094 1460  s3017nd5 - ok
11:09:33.0154 1460  [ D81B1D504AA1426622E7EC09F25130A9 ] s3017obex       C:\WINDOWS\system32\DRIVERS\s3017obex.sys
11:09:33.0595 1460  s3017obex - ok
11:09:33.0665 1460  [ 7B95C53EA8BB585013767EEF2875C0A0 ] s3017unic       C:\WINDOWS\system32\DRIVERS\s3017unic.sys
11:09:33.0705 1460  s3017unic - ok
11:09:33.0845 1460  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:09:33.0845 1460  SamSs - ok
11:09:33.0875 1460  SANDRA - ok
11:09:34.0396 1460  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:09:34.0446 1460  SCardSvr - ok
11:09:34.0576 1460  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:09:34.0646 1460  Schedule - ok
11:09:34.0746 1460  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:09:34.0806 1460  Secdrv - ok
11:09:34.0836 1460  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:09:34.0886 1460  seclogon - ok
11:09:35.0297 1460  [ E5B56569A9F79B70314FEDE6C953641E ] seehcri         C:\WINDOWS\system32\DRIVERS\seehcri.sys
11:09:35.0317 1460  seehcri - ok
11:09:35.0527 1460  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
11:09:35.0557 1460  SENS - ok
11:09:35.0668 1460  [ 95A26D5D8CEDA33377AF627DAFC2796F ] Sentinel        C:\WINDOWS\System32\Drivers\SENTINEL.SYS
11:09:35.0738 1460  Sentinel - ok
11:09:36.0068 1460  [ 731D9B3DE4BC0A3E0830B9BF9DBCE2A5 ] SentinelKeysServer C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
11:09:36.0178 1460  SentinelKeysServer - ok
11:09:36.0278 1460  [ 925E88D7C5A51E25769D9CEB4F7F2E85 ] SentinelProtectionServer C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
11:09:36.0359 1460  SentinelProtectionServer - ok
11:09:36.0859 1460  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:09:36.0869 1460  serenum - ok
11:09:36.0909 1460  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:09:36.0949 1460  Serial - ok
11:09:36.0999 1460  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:09:37.0019 1460  Sfloppy - ok
11:09:37.0210 1460  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:09:37.0350 1460  SharedAccess - ok
11:09:37.0550 1460  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:09:37.0550 1460  ShellHWDetection - ok
11:09:37.0560 1460  Simbad - ok
11:09:37.0570 1460  SipIMNDI - ok
11:09:37.0640 1460  [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA         C:\WINDOWS\system32\DRIVERS\smcirda.sys
11:09:37.0650 1460  SMCIRDA - ok
11:09:38.0331 1460  [ F5A256E9755FD361D277FE1F5D02DD7A ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
11:09:38.0702 1460  smwdm - ok
11:09:38.0852 1460  [ 8D4A96868AE13C3CF8425B383B59D802 ] SNTNLUSB        C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
11:09:39.0052 1460  SNTNLUSB - ok
11:09:39.0964 1460  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Programme\Sony\Sony PC Companion\PCCService.exe
11:09:40.0034 1460  Sony PC Companion - ok
11:09:40.0745 1460  [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
11:09:40.0765 1460  SoundMAX Agent Service (default) - ok
11:09:40.0775 1460  Sparrow - ok
11:09:40.0815 1460  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:09:40.0835 1460  splitter - ok
11:09:40.0955 1460  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:09:40.0975 1460  Spooler - ok
11:09:41.0035 1460  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:09:41.0055 1460  sr - ok
11:09:41.0205 1460  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:09:41.0316 1460  srservice - ok
11:09:42.0467 1460  [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP           C:\WINDOWS\System32\Drivers\N360\0604010.00E\SRTSP.SYS
11:09:42.0898 1460  SRTSP - ok
11:09:42.0958 1460  [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX          C:\WINDOWS\system32\drivers\N360\0604010.00E\SRTSPX.SYS
11:09:42.0988 1460  SRTSPX - ok
11:09:43.0168 1460  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:09:43.0339 1460  Srv - ok
11:09:43.0419 1460  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:09:43.0459 1460  SSDPSRV - ok
11:09:43.0929 1460  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:09:44.0050 1460  stisvc - ok
11:09:44.0210 1460  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:09:44.0330 1460  swenum - ok
11:09:44.0480 1460  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:09:44.0500 1460  swmidi - ok
11:09:44.0560 1460  SwPrv - ok
11:09:44.0570 1460  symc810 - ok
11:09:44.0580 1460  symc8xx - ok
11:09:45.0091 1460  [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS           C:\WINDOWS\system32\drivers\N360\0604010.00E\SYMDS.SYS
11:09:45.0241 1460  SymDS - ok
11:09:45.0622 1460  [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA          C:\WINDOWS\system32\drivers\N360\0604010.00E\SYMEFA.SYS
11:09:46.0413 1460  SymEFA - ok
11:09:46.0543 1460  [ 74E2521E96176A4449570E50BE91954D ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
11:09:46.0593 1460  SymEvent - ok
11:09:46.0603 1460  SYMFW - ok
11:09:46.0623 1460  SYMIDS - ok
11:09:46.0703 1460  [ A7100EA17ED9EAF365362A05BF430E77 ] SymIM           C:\WINDOWS\system32\DRIVERS\SymIM.sys
11:09:46.0884 1460  SymIM - ok
11:09:46.0994 1460  [ A7100EA17ED9EAF365362A05BF430E77 ] SymIMMP         C:\WINDOWS\system32\DRIVERS\SymIM.sys
11:09:46.0994 1460  SymIMMP - ok
11:09:47.0124 1460  [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON         C:\WINDOWS\system32\drivers\N360\0604010.00E\Ironx86.SYS
11:09:47.0204 1460  SymIRON - ok
11:09:47.0535 1460  SYMNDIS - ok
11:09:47.0765 1460  [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI          C:\WINDOWS\System32\Drivers\N360\0604010.00E\SYMTDI.SYS
11:09:48.0095 1460  SYMTDI - ok
11:09:48.0105 1460  sym_hi - ok
11:09:48.0115 1460  sym_u3 - ok
11:09:48.0366 1460  [ 0C1762FEF34B265498EF2F3BEF7F1D64 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:09:48.0476 1460  SynTP - ok
11:09:48.0947 1460  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:09:48.0977 1460  sysaudio - ok
11:09:49.0087 1460  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:09:49.0147 1460  SysmonLog - ok
11:09:49.0277 1460  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:09:49.0367 1460  TapiSrv - ok
11:09:49.0968 1460  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:09:50.0098 1460  Tcpip - ok
11:09:50.0138 1460  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:09:50.0208 1460  TDPIPE - ok
11:09:50.0689 1460  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:09:50.0789 1460  TDTCP - ok
11:09:50.0819 1460  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:09:50.0839 1460  TermDD - ok
11:09:51.0530 1460  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
11:09:51.0831 1460  TermService - ok
11:09:52.0251 1460  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:09:52.0251 1460  Themes - ok
11:09:52.0382 1460  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
11:09:52.0422 1460  TlntSvr - ok
11:09:52.0902 1460  [ 747E60B773E95F6C93D5621B550D6865 ] TomTomHOMEService C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
11:09:53.0493 1460  TomTomHOMEService - ok
11:09:53.0503 1460  TosIde - ok
11:09:53.0914 1460  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:09:54.0475 1460  TrkWks - ok
11:09:54.0785 1460  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:09:54.0815 1460  Udfs - ok
11:09:54.0825 1460  ultra - ok
11:09:55.0837 1460  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:09:56.0497 1460  Update - ok
11:09:56.0738 1460  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:09:56.0808 1460  upnphost - ok
11:09:56.0838 1460  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
11:09:56.0908 1460  UPS - ok
11:09:57.0779 1460  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:09:57.0789 1460  usbccgp - ok
11:09:57.0990 1460  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:09:58.0240 1460  usbehci - ok
11:09:58.0480 1460  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:09:58.0651 1460  usbhub - ok
11:09:58.0701 1460  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:09:58.0721 1460  usbprint - ok
11:09:58.0741 1460  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:09:58.0781 1460  usbscan - ok
11:09:58.0821 1460  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:09:58.0871 1460  USBSTOR - ok
11:09:58.0911 1460  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:09:58.0951 1460  usbuhci - ok
11:09:59.0081 1460  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:09:59.0261 1460  VgaSave - ok
11:09:59.0752 1460  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
11:09:59.0752 1460  ViaIde - ok
11:09:59.0782 1460  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:09:59.0812 1460  VolSnap - ok
11:10:00.0553 1460  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
11:10:00.0673 1460  VSS - ok
11:10:00.0914 1460  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
11:10:01.0274 1460  W32Time - ok
11:10:01.0324 1460  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:10:01.0415 1460  Wanarp - ok
11:10:01.0425 1460  WDICA - ok
11:10:01.0655 1460  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:10:01.0815 1460  wdmaud - ok
11:10:02.0386 1460  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:10:02.0406 1460  WebClient - ok
11:10:02.0536 1460  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:10:02.0596 1460  winmgmt - ok
11:10:02.0756 1460  [ 26E962C7FDAA6FF951DFF46E44A3FD31 ] WLAN_400_500_SERVICE C:\WINDOWS\system32\DRIVERS\ar5211.sys
11:10:02.0917 1460  WLAN_400_500_SERVICE - ok
11:10:03.0217 1460  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
11:10:03.0237 1460  WmdmPmSN - ok
11:10:03.0548 1460  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
11:10:03.0828 1460  Wmi - ok
11:10:03.0848 1460  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:10:03.0918 1460  WmiAcpi - ok
11:10:04.0309 1460  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:10:04.0349 1460  WmiApSrv - ok
11:10:04.0819 1460  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
11:10:05.0450 1460  WMPNetworkSvc - ok
11:10:05.0490 1460  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:10:05.0510 1460  WpdUsb - ok
11:10:05.0551 1460  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:10:05.0551 1460  WS2IFSL - ok
11:10:05.0631 1460  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:10:05.0671 1460  wscsvc - ok
11:10:05.0691 1460  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:10:05.0721 1460  wuauserv - ok
11:10:05.0791 1460  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:10:05.0821 1460  WudfPf - ok
11:10:05.0911 1460  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WUDFRd          C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
11:10:06.0382 1460  WUDFRd - ok
11:10:06.0422 1460  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
11:10:06.0442 1460  WudfSvc - ok
11:10:06.0692 1460  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:10:06.0973 1460  WZCSVC - ok
11:10:07.0333 1460  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:10:07.0403 1460  xmlprov - ok
11:10:07.0463 1460  ================ Scan global ===============================
11:10:07.0543 1460  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
11:10:07.0704 1460  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:10:08.0014 1460  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:10:08.0094 1460  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
11:10:08.0094 1460  [Global] - ok
11:10:08.0094 1460  ================ Scan MBR ==================================
11:10:08.0124 1460  [ 15F0BAA85007F74493FA368029DCE5F7 ] \Device\Harddisk0\DR0
11:10:08.0365 1460  \Device\Harddisk0\DR0 - ok
11:10:08.0375 1460  [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR2
11:10:09.0426 1460  \Device\Harddisk1\DR2 - ok
11:10:09.0426 1460  ================ Scan VBR ==================================
11:10:09.0436 1460  [ 333A94996F2FC035DDD06887574C89E0 ] \Device\Harddisk0\DR0\Partition1
11:10:09.0436 1460  \Device\Harddisk0\DR0\Partition1 - ok
11:10:09.0446 1460  [ B38CD0E8724492870CDA8946FE25F463 ] \Device\Harddisk1\DR2\Partition1
11:10:09.0446 1460  \Device\Harddisk1\DR2\Partition1 - ok
11:10:09.0446 1460  ============================================================
11:10:09.0446 1460  Scan finished
11:10:09.0446 1460  ============================================================
11:10:09.0466 0228  Detected object count: 0
11:10:09.0466 0228  Actual detected object count: 0
11:12:23.0028 3992  Deinitialize success
         

Alt 17.02.2013, 13:35   #12
aharonov
/// TB-Ausbilder
 
BKA Trojaner/Virus GVU Version 2.11 - Standard

BKA Trojaner/Virus GVU Version 2.11



Hi,

das sah unauffällig aus.
Wie läuft der Rechner jetzt? Alles in Ordnung oder siehst du noch Probleme?


Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.oneclicksearches.com/bar.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>
O4 - HKCU..\Run: [Performance Center] C:\Programme\Ascentive\Performance Center\ApcMain.exe -m File not found
O20 - Winlogon\Notify\style2: DllName - (C:\WINDOWS\q286592_disk.dll) -  File not found
O22 - SharedTaskScheduler: {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - Memory monitor - No CLSID value found.

:commands
[emptytemp]
         
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Downloade dir bitte Malwarebytes Anti-Malware .
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte nun Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
  • Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
  • Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
    (Danach nicht vergessen, sie wieder einzuschalten.)
  • Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
  • Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
  • Warte bis die Komponenten heruntergeladen sind.
  • Setze den Haken bei Scan archives.
  • Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
  • Drücke dann auf Start.
  • Die Signaturen werden heruntergeladen und der Scan startet automatisch.
    Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
  • Falls nach Beendigung des Scans Funde angezeigt werden, dann:
    • Drücke auf List of found threats.
    • Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
    • Drücke danach auf << Back.
  • Schliesse nun den Scanner mit einem Klick auf Finish.
Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.



Schritt 4

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Schritt 5

Downloade dir bitte SecurityCheck (Link 2).
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAM
  • Log von ESET
  • Log von OTL
  • Log von SecurityCheck
__________________
cheers,
Leo

Alt 18.02.2013, 16:56   #13
schorsch0788
 
BKA Trojaner/Virus GVU Version 2.11 - Standard

BKA Trojaner/Virus GVU Version 2.11



Hallo Leo,

der Rechner läuft soweit super, nur zu Beginn (bevor das Anmeldefenster) erscheint öffnet sich eine Box ich hab ein Foto davon gemacht und auf meine dropbox gestellt hier der link:
https://www.dropbox.com/l/PpkCFKbuwyjKstMi


Fixlog von OTL

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.02.2013 14:05:49 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,36 Mb Total Physical Memory | 543,72 Mb Available Physical Memory | 53,13% Memory free
2,40 Gb Paging File | 2,05 Gb Available in Paging File | 85,38% Paging File free
Paging file location(s): C:\pagefile.sys 1534 1534 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 10,21 Gb Free Space | 18,27% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 6,54 Gb Free Space | 87,78% Space Free | Partition Type: FAT32
 
Computer Name: EWALD-LAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.1.14\ccsvchst.exe
PRC - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe
PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe
MOD - [2002.05.28 17:11:04 | 000,122,880 | ---- | M] () -- C:\Benutzerprogramme\WinRAR\RarExt.dll
MOD - [2002.04.11 14:55:28 | 000,339,968 | ---- | M] () -- C:\Programme\OO Software\CleverCache\OOCCMNGR.dll
MOD - [2001.03.02 12:02:04 | 000,037,808 | ---- | M] () -- C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2013.02.08 17:09:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.06.26 07:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () [Auto | Running] -- C:\Programme\CoCreate\MEls\MEls32.exe -- (MEls)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)
SRV - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe -- (OOCleverCache)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SipIMNDI.sys -- (SipIMNDI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys -- (SANDRA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2013.01.24 16:57:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.01.24 16:57:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013.01.24 16:57:49 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.01.24 16:57:49 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVENG.SYS -- (NAVENG)
DRV - [2013.01.23 16:37:50 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130214.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130208.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.08.08 04:46:46 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360)
DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA)
DRV - [2012.03.29 07:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symtdi.sys -- (SYMTDI)
DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2012.03.29 07:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symds.sys -- (SymDS)
DRV - [2012.03.29 07:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic)
DRV - [2007.12.10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt)
DRV - [2007.12.10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5)
DRV - [2007.12.10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus)
DRV - [2007.04.27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2007.04.27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006.12.28 00:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.12.28 00:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.06.08 09:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004.11.05 10:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004.08.04 09:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.04 09:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.07.08 11:10:06 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004.06.03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2004.05.18 01:25:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004.04.14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004.03.24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003.12.02 23:57:02 | 000,641,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.09.19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003.08.05 03:00:10 | 000,322,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (WLAN_400_500_SERVICE)
DRV - [2003.07.29 01:49:00 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2003.07.24 15:50:00 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)
DRV - [2003.07.03 18:07:58 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003.06.06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003.05.30 17:01:26 | 001,170,464 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003.05.28 17:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003.03.26 11:13:04 | 000,030,208 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2002.02.20 14:45:06 | 000,012,474 | R--- | M] (SONICBlue ,Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RiotDrv.sys -- (RiotDrv)
DRV - [2001.08.18 03:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2000.09.07 06:11:30 | 000,486,624 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase)
DRV - [2000.09.07 06:11:30 | 000,029,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [1998.08.07 00:00:00 | 000,069,840 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\avmport.sys -- (AVMPORT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.oneclicksearches.com/bar.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Programme\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008.03.19 20:20:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012.08.08 04:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013.02.17 14:01:44 | 000,000,000 | ---D | M]
 
[2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Active Process Information eXchange (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll
CHR - plugin: fluxDVD (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
CHR - plugin: NPMPDRM License Acquisition Plugin (Enabled) = C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programme\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Media Go Detector (Enabled) = c:\Programme\Sony\Media Go\npmediago.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2005.06.19 16:59:30 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O4 - HKCU..\Run: [Performance Center] C:\Programme\Ascentive\Performance Center\ApcMain.exe -m File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows-Desktopsuche.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} hxxp://fibro.partcommunity.com/FileService/FileLoader/cnsViewer3D/cnsweb3d.cab (PARTcommunity 3D Web Viewer)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB3CE69-65FF-4A54-B49D-7C762BC7D1A8}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAB29EAB-D653-45BB-A638-EDA982420EEE}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\style2: DllName - (C:\WINDOWS\q286592_disk.dll) -  File not found
O22 - SharedTaskScheduler: {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - Memory monitor - No CLSID value found.
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop Components:1 (Security info v2) - C:\WINDOWS\screen.html
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.16 17:36:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.02.16 17:34:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar
[2013.02.16 17:28:04 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.exe
[2013.02.16 17:26:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.02.16 16:37:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.02.15 14:35:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.02.15 14:19:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.02.15 14:19:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.02.15 14:19:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.02.15 14:19:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.02.15 14:17:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.15 14:16:28 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung
[2013.02.15 14:14:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.02.15 13:03:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.02.14 07:21:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2013.02.13 23:16:59 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2013.02.13 23:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.08 17:09:02 | 015,739,760 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
[12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.17 14:08:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.17 14:00:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.17 14:00:50 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd09a5862e4900.job
[2013.02.17 13:58:23 | 000,001,024 | ---- | M] () -- C:\WINDOWS\cclsi.ini
[2013.02.17 13:58:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.17 13:57:36 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.17 13:57:34 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.17 11:25:41 | 000,762,210 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\Cat.DB
[2013.02.17 11:22:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.02.17 11:14:05 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.17 11:12:28 | 000,463,382 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.02.17 11:12:28 | 000,444,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.02.17 11:12:28 | 000,086,226 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.02.17 11:12:28 | 000,072,724 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.02.16 17:23:58 | 013,711,621 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.01.0.1020.zip
[2013.02.16 17:21:26 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.exe
[2013.02.15 14:36:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos08.job
[2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos07.job
[2013.02.15 09:00:01 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos05.job
[2013.02.15 09:00:01 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01008.job
[2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01007.job
[2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01005.job
[2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.02.10 11:13:27 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Excel 2003.lnk
[2013.02.10 10:45:00 | 000,001,774 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360.LNK
[2013.02.10 10:43:22 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\VT20130115.021
[2013.02.09 09:14:07 | 000,004,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini
[2013.02.09 09:14:07 | 000,001,378 | ---- | M] () -- C:\WINDOWS\smartcam.ini
[2013.02.09 09:11:07 | 000,000,892 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini
[2013.02.09 07:59:18 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2013.02.08 17:09:09 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.02.08 17:09:09 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.02.08 17:09:03 | 015,739,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013.02.04 06:58:25 | 000,002,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html
[2013.02.03 11:11:35 | 000,001,272 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html
[2013.02.02 11:15:50 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2013.02.02 07:28:00 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\isolate.ini
[2013.01.26 04:55:37 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2013.01.25 17:15:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
[12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.16 17:28:19 | 013,711,621 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.01.0.1020.zip
[2013.02.16 17:25:31 | 1073,139,712 | -HS- | C] () -- C:\hiberfil.sys
[2013.02.15 14:36:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.02.15 14:35:33 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.02.15 14:19:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.02.15 14:19:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.02.15 14:19:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.02.15 14:19:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.02.15 14:19:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.02.17 12:39:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.06.16 15:59:51 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.06.16 15:54:35 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009.11.05 19:32:26 | 000,001,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html
[2005.07.07 09:31:37 | 000,002,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html
[2005.06.19 13:58:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\ignored.lst
[2005.03.02 09:24:41 | 000,002,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\qs_dflt.su
[2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmmetric.su
[2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pminch.su
[2005.03.02 09:24:37 | 000,000,892 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini
[2005.01.13 11:54:30 | 000,841,489 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\rechnung 475
[2005.01.13 09:05:28 | 000,144,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.01.12 00:02:19 | 000,009,197 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.bak
[2005.01.12 00:02:19 | 000,008,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.bak
[2005.01.12 00:02:16 | 000,008,424 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.su
[2005.01.12 00:02:16 | 000,008,263 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.su
[2005.01.12 00:02:16 | 000,004,819 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini
[2005.01.12 00:02:13 | 000,000,409 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\text_att.su
[2005.01.12 00:02:13 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\error.su
[2005.01.12 00:02:13 | 000,000,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\datetm.su
[2005.01.12 00:02:13 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\deffont.su
[2005.01.12 00:02:11 | 000,000,513 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\licadm.ini
[2004.10.22 00:07:13 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2004.08.07 10:25:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< :OTL >
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oneclicksearches.com/search.php?qq=%1 >
Invalid Switch: search.php?qq=%1
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.oneclicksearches.com/bar.html >
Invalid Switch: bar.html
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.oneclicksearches.com/search.php?qq=%1 >
Invalid Switch: search.php?qq=%1
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.oneclicksearches.com/search.php?qq=%1 >
Invalid Switch: search.php?qq=%1
 
< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local> >
 
< O4 - HKCU..\Run: [Performance Center] C:\Programme\Ascentive\Performance Center\ApcMain.exe -m File not found >
 
< O20 - Winlogon\Notify\style2: DllName - (C:\WINDOWS\q286592_disk.dll) -  File not found >
 
< O22 - SharedTaskScheduler: {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - Memory monitor - No CLSID value found. >
 
<  >
 
< :commands >
 
< [emptytemp] >
 
<           >

< End of report >
         
--- --- ---



MBAM


Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.17.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: EWALD-LAPTOP [Administrator]

17.02.2013 14:19:44
mbam-log-2013-02-17 (14-19-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205564
Laufzeit: 12 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

ESET


Code:
ATTFilter
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\53\b474f75-336e3084	a variant of Java/Exploit.CVE-2012-0507.FQ trojan
C:\T-Online4\EMAIL4\mui.exe	probably a variant of Win32/Agent.IUKDZWI trojan
C:\WINDOWS\system32\AscConTest.dll	Win32/Adware.Ascentive application
C:\_OTL\MovedFiles\02142013_071214\C_Dokumente und Einstellungen\Administrator\3748115.dll	a variant of Win32/Kryptik.AUFR trojan
         

OTL

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.02.2013 16:35:37 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,36 Mb Total Physical Memory | 633,70 Mb Available Physical Memory | 61,92% Memory free
2,40 Gb Paging File | 2,11 Gb Available in Paging File | 87,59% Paging File free
Paging file location(s): C:\pagefile.sys 1534 1534 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 10,07 Gb Free Space | 18,01% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 6,53 Gb Free Space | 87,62% Space Free | Partition Type: FAT32
 
Computer Name: EWALD-LAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.1.14\ccsvchst.exe
PRC - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe
PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe
MOD - [2002.05.28 17:11:04 | 000,122,880 | ---- | M] () -- C:\Benutzerprogramme\WinRAR\RarExt.dll
MOD - [2002.04.11 14:55:28 | 000,339,968 | ---- | M] () -- C:\Programme\OO Software\CleverCache\OOCCMNGR.dll
MOD - [2001.03.02 12:02:04 | 000,037,808 | ---- | M] () -- C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2013.02.08 17:09:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.06.26 07:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () [Auto | Running] -- C:\Programme\CoCreate\MEls\MEls32.exe -- (MEls)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)
SRV - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe -- (OOCleverCache)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SipIMNDI.sys -- (SipIMNDI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys -- (SANDRA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2013.01.24 16:57:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.01.24 16:57:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013.01.24 16:57:49 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.01.24 16:57:49 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVENG.SYS -- (NAVENG)
DRV - [2013.01.23 16:37:50 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130214.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130208.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.08.08 04:46:46 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360)
DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA)
DRV - [2012.03.29 07:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symtdi.sys -- (SYMTDI)
DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2012.03.29 07:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symds.sys -- (SymDS)
DRV - [2012.03.29 07:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic)
DRV - [2007.12.10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt)
DRV - [2007.12.10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5)
DRV - [2007.12.10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus)
DRV - [2007.04.27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2007.04.27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006.12.28 00:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.12.28 00:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.06.08 09:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004.11.05 10:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004.08.04 09:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.04 09:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.07.08 11:10:06 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004.06.03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2004.05.18 01:25:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004.04.14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004.03.24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003.12.02 23:57:02 | 000,641,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.09.19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003.08.05 03:00:10 | 000,322,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (WLAN_400_500_SERVICE)
DRV - [2003.07.29 01:49:00 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2003.07.24 15:50:00 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)
DRV - [2003.07.03 18:07:58 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003.06.06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003.05.30 17:01:26 | 001,170,464 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003.05.28 17:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003.03.26 11:13:04 | 000,030,208 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2002.02.20 14:45:06 | 000,012,474 | R--- | M] (SONICBlue ,Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RiotDrv.sys -- (RiotDrv)
DRV - [2001.08.18 03:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2000.09.07 06:11:30 | 000,486,624 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase)
DRV - [2000.09.07 06:11:30 | 000,029,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [1998.08.07 00:00:00 | 000,069,840 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\avmport.sys -- (AVMPORT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.oneclicksearches.com/bar.html
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Programme\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008.03.19 20:20:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012.08.08 04:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013.02.18 08:58:46 | 000,000,000 | ---D | M]
 
[2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Active Process Information eXchange (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll
CHR - plugin: fluxDVD (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
CHR - plugin: NPMPDRM License Acquisition Plugin (Enabled) = C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programme\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Media Go Detector (Enabled) = c:\Programme\Sony\Media Go\npmediago.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2005.06.19 16:59:30 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O4 - HKU\S-1-5-21-686225105-3868835699-3303831392-500..\Run: [Performance Center] C:\Programme\Ascentive\Performance Center\ApcMain.exe -m File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows-Desktopsuche.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} hxxp://fibro.partcommunity.com/FileService/FileLoader/cnsViewer3D/cnsweb3d.cab (PARTcommunity 3D Web Viewer)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB3CE69-65FF-4A54-B49D-7C762BC7D1A8}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAB29EAB-D653-45BB-A638-EDA982420EEE}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\style2: DllName - (C:\WINDOWS\q286592_disk.dll) -  File not found
O22 - SharedTaskScheduler: {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - Memory monitor - No CLSID value found.
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop Components:1 (Security info v2) - C:\WINDOWS\screen.html
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.18 16:34:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\log4
[2013.02.18 09:07:32 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.02.18 09:06:53 | 002,347,384 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe
[2013.02.17 14:16:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2013.02.17 14:16:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.02.17 14:16:03 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.02.17 14:16:03 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.02.17 14:15:41 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.16 17:36:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.02.16 17:34:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar
[2013.02.16 17:28:04 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.exe
[2013.02.16 17:26:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.02.16 16:37:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.02.15 14:35:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.02.15 14:19:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.02.15 14:19:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.02.15 14:19:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.02.15 14:19:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.02.15 14:17:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.15 14:16:28 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung
[2013.02.15 14:14:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.02.15 13:03:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.02.14 07:21:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2013.02.13 23:16:59 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2013.02.13 23:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
[12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.18 16:14:04 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.18 16:08:07 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.18 11:18:40 | 000,001,024 | ---- | M] () -- C:\WINDOWS\cclsi.ini
[2013.02.18 08:59:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.18 08:59:44 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd09a5862e4900.job
[2013.02.18 08:57:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.18 08:57:02 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.17 14:16:11 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.17 14:04:28 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.17 14:04:26 | 002,347,384 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe
[2013.02.17 13:57:36 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.17 11:25:41 | 000,762,210 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\Cat.DB
[2013.02.17 11:22:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.02.17 11:12:28 | 000,463,382 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.02.17 11:12:28 | 000,444,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.02.17 11:12:28 | 000,086,226 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.02.17 11:12:28 | 000,072,724 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.02.16 17:23:58 | 013,711,621 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.01.0.1020.zip
[2013.02.16 17:21:26 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.exe
[2013.02.15 14:36:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos08.job
[2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos07.job
[2013.02.15 09:00:01 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos05.job
[2013.02.15 09:00:01 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01008.job
[2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01007.job
[2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01005.job
[2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.02.10 11:13:27 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Excel 2003.lnk
[2013.02.10 10:45:00 | 000,001,774 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360.LNK
[2013.02.10 10:43:22 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\VT20130115.021
[2013.02.09 09:14:07 | 000,004,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini
[2013.02.09 09:14:07 | 000,001,378 | ---- | M] () -- C:\WINDOWS\smartcam.ini
[2013.02.09 09:11:07 | 000,000,892 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini
[2013.02.09 07:59:18 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2013.02.04 06:58:25 | 000,002,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html
[2013.02.03 11:11:35 | 000,001,272 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html
[2013.02.02 11:15:50 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2013.02.02 07:28:00 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\isolate.ini
[2013.01.25 17:15:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
[12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.17 14:16:11 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.16 17:28:19 | 013,711,621 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.01.0.1020.zip
[2013.02.16 17:25:31 | 1073,139,712 | -HS- | C] () -- C:\hiberfil.sys
[2013.02.15 14:36:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.02.15 14:35:33 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.02.15 14:19:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.02.15 14:19:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.02.15 14:19:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.02.15 14:19:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.02.15 14:19:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.02.17 12:39:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.06.16 15:59:51 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.06.16 15:54:35 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009.11.05 19:32:26 | 000,001,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html
[2005.07.07 09:31:37 | 000,002,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html
[2005.06.19 13:58:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\ignored.lst
[2005.03.02 09:24:41 | 000,002,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\qs_dflt.su
[2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmmetric.su
[2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pminch.su
[2005.03.02 09:24:37 | 000,000,892 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini
[2005.01.13 11:54:30 | 000,841,489 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\rechnung 475
[2005.01.13 09:05:28 | 000,144,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.01.12 00:02:19 | 000,009,197 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.bak
[2005.01.12 00:02:19 | 000,008,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.bak
[2005.01.12 00:02:16 | 000,008,424 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.su
[2005.01.12 00:02:16 | 000,008,263 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.su
[2005.01.12 00:02:16 | 000,004,819 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini
[2005.01.12 00:02:13 | 000,000,409 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\text_att.su
[2005.01.12 00:02:13 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\error.su
[2005.01.12 00:02:13 | 000,000,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\datetm.su
[2005.01.12 00:02:13 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\deffont.su
[2005.01.12 00:02:11 | 000,000,513 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\licadm.ini
[2004.10.22 00:07:13 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2004.08.07 10:25:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.09.11 08:41:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BOM
[2008.04.18 16:08:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\cadenas
[2007.06.12 17:36:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon
[2011.02.10 18:48:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CoCreate
[2007.10.05 15:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DWGeditor
[2007.05.09 19:13:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ectaco
[2004.12.18 06:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterTrust
[2005.01.12 00:44:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterVideo
[2012.02.06 11:59:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Notepad++
[2006.02.27 10:56:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OD2
[2007.12.15 15:56:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\sldIM
[2009.12.05 11:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony
[2009.12.05 15:28:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Creative Software
[2009.12.05 11:43:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Setup
[2006.11.11 16:15:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\T-DSL SpeedManager
[2011.08.21 04:42:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Tific
[2010.06.01 16:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TomTom
[2008.01.24 20:17:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2010.03.14 10:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\371AC
[2010.04.23 11:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ascentive
[2009.03.22 07:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2012.11.01 08:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverGenius
[2008.03.19 20:19:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fluxDVD
[2008.03.19 20:20:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpDRM
[2006.01.11 18:31:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2
[2009.08.14 07:03:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings
[2012.09.11 07:29:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2005.07.07 07:52:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2010.06.01 16:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2008.01.24 20:16:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2008.10.07 08:21:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009.09.14 08:53:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2004.12.18 06:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\InterTrust
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---



[SIZE="4"Security Check[/SIZE]

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.57  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Please wait while WMIC compiles updated MOF files.d 
i 
s 
p 
l 
a 
y 
N 
a 
m 
e 
ECHO ist ausgeschaltet (OFF).
N 
o 
r 
t 
o 
n 
ECHO ist ausgeschaltet (OFF).
3 
6 
0 
ECHO ist ausgeschaltet (OFF).
 Antivirus up to date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 Java(TM) 6 Update 27  
 Java 2 Runtime Environment, SE v1.4.2 
 Java version out of Date! 
 Google Chrome 24.0.1312.56  
 Google Chrome 24.0.1312.57  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C::  
````````````````````End of Log``````````````````````
         

Alt 18.02.2013, 17:23   #14
aharonov
/// TB-Ausbilder
 
BKA Trojaner/Virus GVU Version 2.11 - Standard

BKA Trojaner/Virus GVU Version 2.11



Hallo,

seit wann taucht diese Box vor dem Anmeldefenster auf? Passiert dies immer oder nur einmalig?
Du hast den OTL-Fix nicht richtig gemacht. Du musst auf den Fix Button drücken, nachdem du den Text reinkopiert hast, und nicht auf den Scan-Button.

Mach das mit folgendem Fix bitte noch einmal:


Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.oneclicksearches.com/bar.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.oneclicksearches.com/search.php?qq=%1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>
O20 - Winlogon\Notify\style2: DllName - (C:\WINDOWS\q286592_disk.dll) -  File not found
O22 - SharedTaskScheduler: {6AC3806F-8B39-4746-9C38-6B01CB7331FF} - Memory monitor - No CLSID value found.
O24 - Desktop Components:1 (Security info v2) - C:\WINDOWS\screen.html
[2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos08.job
[2013.02.15 09:00:02 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos07.job
[2013.02.15 09:00:01 | 000,000,196 | ---- | M] () -- C:\WINDOWS\tasks\pos05.job
[2013.02.15 09:00:01 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01008.job
[2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01007.job
[2013.02.15 09:00:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\01005.job
O4 - HKCU..\Run: [Performance Center] C:\Programme\Ascentive\Performance Center\ApcMain.exe -m File not found

:files
C:\WINDOWS\system32\AscConTest.dll

:commands
[emptytemp]
         
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von OTL
__________________
cheers,
Leo

Alt 18.02.2013, 18:16   #15
schorsch0788
 
BKA Trojaner/Virus GVU Version 2.11 - Standard

BKA Trojaner/Virus GVU Version 2.11



Müsste nach dem Fix vom 16.02.2013, 17:15 da sein, ganz sicher bin ich mir aber nicht.
Die Box kommt nach jedem Start.

Fixlog OTL:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\style2\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{6AC3806F-8B39-4746-9C38-6B01CB7331FF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1\ deleted successfully.
File C:\WINDOWS\screen.html not found.
C:\WINDOWS\tasks\pos08.job moved successfully.
C:\WINDOWS\tasks\pos07.job moved successfully.
C:\WINDOWS\tasks\pos05.job moved successfully.
C:\WINDOWS\tasks\01008.job moved successfully.
C:\WINDOWS\tasks\01007.job moved successfully.
C:\WINDOWS\tasks\01005.job moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Performance Center deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\AscConTest.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 4465891 bytes
->Temporary Internet Files folder emptied: 29550200 bytes
->Java cache emptied: 3744989 bytes
->Google Chrome cache emptied: 6611499 bytes
->Flash cache emptied: 35053 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 69385 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 130854 bytes
RecycleBin emptied: 6159679 bytes
 
Total Files Cleaned = 49,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02182013_180326

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Log von OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.02.2013 18:08:43 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,36 Mb Total Physical Memory | 662,72 Mb Available Physical Memory | 64,76% Memory free
2,40 Gb Paging File | 2,18 Gb Available in Paging File | 90,49% Paging File free
Paging file location(s): C:\pagefile.sys 1534 1534 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 10,11 Gb Free Space | 18,09% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 7,45 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: EWALD-LAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.1.14\ccsvchst.exe
PRC - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe
PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () -- C:\Programme\CoCreate\MEls\MEls32.exe
MOD - [2002.04.11 14:55:28 | 000,339,968 | ---- | M] () -- C:\Programme\OO Software\CleverCache\OOCCMNGR.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2013.02.08 17:09:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2012.02.15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.06.26 07:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2010.08.24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2007.04.27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2007.04.27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2006.03.01 15:26:40 | 006,410,240 | ---- | M] () [Auto | Running] -- C:\Programme\CoCreate\MEls\MEls32.exe -- (MEls)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)
SRV - [2002.04.11 14:55:34 | 000,229,648 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\CleverCache\OOCCSVC.exe -- (OOCleverCache)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SipIMNDI.sys -- (SipIMNDI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys -- (SANDRA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2013.01.24 16:57:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.01.24 16:57:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013.01.24 16:57:49 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.01.24 16:57:49 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130214.016\NAVENG.SYS -- (NAVENG)
DRV - [2013.01.23 16:37:50 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130214.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130208.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.08.08 04:46:46 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360)
DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA)
DRV - [2012.03.29 07:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symtdi.sys -- (SYMTDI)
DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2012.03.29 07:28:34 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2012.03.29 07:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symds.sys -- (SymDS)
DRV - [2012.03.29 07:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic)
DRV - [2007.12.10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt)
DRV - [2007.12.10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5)
DRV - [2007.12.10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus)
DRV - [2007.04.27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2007.04.27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006.12.28 00:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.12.28 00:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.06.08 09:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004.11.05 10:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004.08.04 09:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.04 09:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.07.08 11:10:06 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004.06.03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2004.05.18 01:25:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004.04.14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004.03.24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003.12.02 23:57:02 | 000,641,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.09.19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003.08.05 03:00:10 | 000,322,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (WLAN_400_500_SERVICE)
DRV - [2003.07.29 01:49:00 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2003.07.24 15:50:00 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)
DRV - [2003.07.03 18:07:58 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003.06.06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003.05.30 17:01:26 | 001,170,464 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003.05.28 17:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003.03.26 11:13:04 | 000,030,208 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2002.02.20 14:45:06 | 000,012,474 | R--- | M] (SONICBlue ,Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RiotDrv.sys -- (RiotDrv)
DRV - [2001.08.18 03:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2000.09.07 06:11:30 | 000,486,624 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase)
DRV - [2000.09.07 06:11:30 | 000,029,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [1998.08.07 00:00:00 | 000,069,840 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\avmport.sys -- (AVMPORT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = 
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hotmail.de/
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = 
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-686225105-3868835699-3303831392-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Programme\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008.03.19 20:20:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012.08.08 04:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013.02.18 18:10:08 | 000,000,000 | ---D | M]
 
[2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.06.01 16:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Active Process Information eXchange (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\APIX\NPAPIX.dll
CHR - plugin: fluxDVD (Enabled) = C:\Programme\Gemeinsame Dateien\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
CHR - plugin: NPMPDRM License Acquisition Plugin (Enabled) = C:\Programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programme\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Media Go Detector (Enabled) = c:\Programme\Sony\Media Go\npmediago.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2005.06.19 16:59:30 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows-Desktopsuche.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} hxxp://fibro.partcommunity.com/FileService/FileLoader/cnsViewer3D/cnsweb3d.cab (PARTcommunity 3D Web Viewer)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB3CE69-65FF-4A54-B49D-7C762BC7D1A8}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAB29EAB-D653-45BB-A638-EDA982420EEE}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-686225105-3868835699-3303831392-500\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.18 16:34:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\log4
[2013.02.18 09:07:32 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.02.18 09:06:53 | 002,347,384 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe
[2013.02.17 14:16:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2013.02.17 14:16:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.02.17 14:16:03 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.02.17 14:16:03 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.02.17 14:15:41 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.16 17:36:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.02.16 17:34:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar
[2013.02.16 17:28:04 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.exe
[2013.02.16 17:26:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.02.16 16:37:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.02.15 14:35:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.02.15 14:19:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.02.15 14:19:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.02.15 14:19:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.02.15 14:19:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.02.15 14:17:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.15 14:16:28 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung
[2013.02.15 14:14:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.02.15 13:03:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.02.14 07:21:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2013.02.13 23:16:59 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2013.02.13 23:16:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
[12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.18 18:14:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.18 18:08:25 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.18 18:07:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.18 18:07:04 | 000,001,024 | ---- | M] () -- C:\WINDOWS\cclsi.ini
[2013.02.18 18:06:54 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd09a5862e4900.job
[2013.02.18 18:06:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.18 18:06:39 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.17 14:16:11 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.17 14:07:48 | 000,881,914 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\SecurityCheck.exe
[2013.02.17 14:04:28 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.17 14:04:26 | 002,347,384 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe
[2013.02.17 13:57:36 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.17 11:25:41 | 000,762,210 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\Cat.DB
[2013.02.17 11:22:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.02.17 11:12:28 | 000,463,382 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.02.17 11:12:28 | 000,444,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.02.17 11:12:28 | 000,086,226 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.02.17 11:12:28 | 000,072,724 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.02.16 17:23:58 | 013,711,621 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.01.0.1020.zip
[2013.02.16 17:21:26 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.exe
[2013.02.15 14:36:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.02.14 06:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.02.10 11:13:27 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Excel 2003.lnk
[2013.02.10 10:45:00 | 000,001,774 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360.LNK
[2013.02.10 10:43:22 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\VT20130115.021
[2013.02.09 09:14:07 | 000,004,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini
[2013.02.09 09:14:07 | 000,001,378 | ---- | M] () -- C:\WINDOWS\smartcam.ini
[2013.02.09 09:11:07 | 000,000,892 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini
[2013.02.09 07:59:18 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2013.02.04 06:58:25 | 000,002,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html
[2013.02.03 11:11:35 | 000,001,272 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html
[2013.02.02 11:15:50 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2013.02.02 07:28:00 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\isolate.ini
[2013.01.25 17:15:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
[12 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.18 16:43:20 | 000,881,914 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\SecurityCheck.exe
[2013.02.17 14:16:11 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.16 17:28:19 | 013,711,621 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.01.0.1020.zip
[2013.02.16 17:25:31 | 1073,139,712 | -HS- | C] () -- C:\hiberfil.sys
[2013.02.15 14:36:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.02.15 14:35:33 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.02.15 14:19:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.02.15 14:19:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.02.15 14:19:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.02.15 14:19:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.02.15 14:19:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.02.17 12:39:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.06.16 15:59:51 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.06.16 15:54:35 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009.11.05 19:32:26 | 000,001,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\step_save_log.html
[2005.07.07 09:31:37 | 000,002,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\load_step_log.html
[2005.06.19 13:58:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\ignored.lst
[2005.03.02 09:24:41 | 000,002,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\qs_dflt.su
[2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmmetric.su
[2005.03.02 09:24:41 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pminch.su
[2005.03.02 09:24:37 | 000,000,892 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\camcon.ini
[2005.01.13 11:54:30 | 000,841,489 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\rechnung 475
[2005.01.13 09:05:28 | 000,144,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.01.12 00:02:19 | 000,009,197 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.bak
[2005.01.12 00:02:19 | 000,008,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.bak
[2005.01.12 00:02:16 | 000,008,424 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_m.su
[2005.01.12 00:02:16 | 000,008,263 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmdflt_i.su
[2005.01.12 00:02:16 | 000,004,819 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\pmill.ini
[2005.01.12 00:02:13 | 000,000,409 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\text_att.su
[2005.01.12 00:02:13 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\error.su
[2005.01.12 00:02:13 | 000,000,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\datetm.su
[2005.01.12 00:02:13 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\deffont.su
[2005.01.12 00:02:11 | 000,000,513 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\licadm.ini
[2004.10.22 00:07:13 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2004.08.07 10:25:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.09.11 08:41:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BOM
[2008.04.18 16:08:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\cadenas
[2007.06.12 17:36:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon
[2011.02.10 18:48:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CoCreate
[2007.10.05 15:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DWGeditor
[2007.05.09 19:13:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ectaco
[2004.12.18 06:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterTrust
[2005.01.12 00:44:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterVideo
[2012.02.06 11:59:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Notepad++
[2006.02.27 10:56:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OD2
[2007.12.15 15:56:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\sldIM
[2009.12.05 11:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony
[2009.12.05 15:28:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Creative Software
[2009.12.05 11:43:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Setup
[2006.11.11 16:15:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\T-DSL SpeedManager
[2011.08.21 04:42:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Tific
[2010.06.01 16:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TomTom
[2008.01.24 20:17:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2010.03.14 10:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\371AC
[2010.04.23 11:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ascentive
[2009.03.22 07:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2012.11.01 08:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverGenius
[2008.03.19 20:19:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fluxDVD
[2008.03.19 20:20:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpDRM
[2006.01.11 18:31:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2
[2009.08.14 07:03:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings
[2012.09.11 07:29:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2005.07.07 07:52:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2010.06.01 16:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2008.01.24 20:16:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2008.10.07 08:21:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009.09.14 08:53:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2004.12.18 06:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\InterTrust
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Antwort

Themen zu BKA Trojaner/Virus GVU Version 2.11
bho, bka - trojaner, converter, driver genius, error, excel, firefox, flash player, format, ftp, google, gvu 2.11, home, homepage, launch, microsoft office 2003, mp3, msiexec.exe, object, plug-in, registry, rundll, scan, schannel.dll, security, server, software, starten, stick, trojaner, trojaner/virus, usb, visual studio, windows, windows internet, windows xp



Ähnliche Themen: BKA Trojaner/Virus GVU Version 2.11


  1. Bundesplozei Virus Version 2.0 Angriff | JavaNoscript
    Plagegeister aller Art und deren Bekämpfung - 23.11.2013 (13)
  2. Interpol Bka Virus die neueste Version
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (2)
  3. GVU Virus (neuste version)
    Log-Analyse und Auswertung - 14.06.2013 (4)
  4. GVU Virus (wahrscheinlich neue Version)
    Plagegeister aller Art und deren Bekämpfung - 01.05.2013 (12)
  5. GVU Virus Version 2.12 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (11)
  6. GVU Virus Version 2.11
    Log-Analyse und Auswertung - 05.02.2013 (32)
  7. BKA Trojaner/Virus GVU Version 2.11 eingefangen
    Log-Analyse und Auswertung - 23.01.2013 (1)
  8. BKA-Virus schweizer Version, Windows XP
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (18)
  9. BKA Virus österreichische Version Otl Log Extras defogger vorhanden !!!
    Log-Analyse und Auswertung - 11.11.2012 (2)
  10. BKA Virus Österreich Version
    Log-Analyse und Auswertung - 01.11.2012 (8)
  11. Neue version des Skype Virus (PUP.* + WORM.P2P usw)
    Log-Analyse und Auswertung - 14.10.2012 (11)
  12. Polizei-Virus Österreich-Version
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (9)
  13. Polizei-Virus österreichische Version
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (13)
  14. Computer gesperrt! Ukash-Virus (Schweizer Version)
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (3)
  15. BKA Virus (neue Version) desktop nicht erreichbar
    Log-Analyse und Auswertung - 16.02.2012 (30)
  16. Problem mit Virus LSA Shell (export version)
    Plagegeister aller Art und deren Bekämpfung - 03.12.2008 (0)
  17. Dr.Virus Version 3
    Mülltonne - 04.04.2007 (0)

Zum Thema BKA Trojaner/Virus GVU Version 2.11 - Hallo, ich habe mir gestern den BKA Trojaner GVU Version 2.11 eingefangen. Ich habe schon versucht den Laptop im Abgesicherten Modus zu starten und hab bereits die Registry durchsucht, leider - BKA Trojaner/Virus GVU Version 2.11...
Archiv
Du betrachtest: BKA Trojaner/Virus GVU Version 2.11 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.