Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.01.2011, 17:26   #1
McConnor
 
Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt? - Standard

Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?



Grüsse an die Trojaner-Profis,

Ich bin erst recht spät auf dieses Forum gestossen und hoffe hier noch etwas Beistand zu meinem Problem zu finden:

Vor einigen Tagen fing MSE 2 an einen Alureon.H in einer ksecpkg.sys zu monieren. Wurde auch desinfiziert aber nach jedem Reboot war er wieder da. Folgendes habe ich unternommen bevor ich hierher fand:

Microsoft Tool gegen bösartige Software geladen und ausgeführt mit ausführlichem Scan - offensichtlich sei der Virus "teilweise" entfernt worden.

Danach startete mein Rechner nicht mehr. Per DVD und Systemwiederherstellung auf einen funktionierenden Restore-Point (welchen auch immer - das habe ich nicht erkennen können) startete der Rechner wieder wie gewohnt.

Danach habe ich ein Tool von Kaspersky "TDSSKiller" ausgeführt der auch prompt in o.g. Datei wieder den Alureon.H fand und angab ihn mit einem Reboot zu "curen"

Das scheint auch so zu sein denn nach erneutem Reboot findet nun MSE keine Viren mehr - auch nicht bei ausführlichem Scan.

Ich habe dann das Tool Malwarebytes runtergeladen und ausgeführt: da wurden ein zwei i.m.A. kleinere Probleme gefunden und korrigiert - nach Reboot war nichts mehr zu finden.

Dann habe ich in der Hoffnung es besonders gut zu machen Hitman Pro 3.5 auf die Platte losgelassen. Auch der fand nur noch ein paar problematische Cookies von Seiten die ich als unproblematisch erachtete aber die ich trotzdem löschen lies.

Gerade läuft noch mal ein MSE 2 Deep Scan und der ist fast zu Ende und es wurde nichts gefunden.

Bin ich frei? Nachdem ich hierher fand bekam ich mit dass dieser Virus ein recht tückisches Kerlchen ist und man nicht sicher genug sein kann dass er weg ist. Ich habe hier einen HijackThis Log. Würde der helfen was drüber auszusagen?

Als Firewall habe ich die Comodo FW mit Update auf die neueste Version 3.5.x.x.. Defense+ habe ich dabei deaktiviert weil ich meinte mit MSE 2 ausreichend bedient zu sein. Die Firewall ist auch gerade am Laufen.

Ich wäre froh wenn mir einer noch etwas Beistand geben könnte.

Vielen Dank

McConnor


Sorry - ich weiß nicht wie ich diese tollen Scroll-Listen einfügen kann - deswegen hier einfach mal der Text:
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:09, on 26.01.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqltray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\utorrent\uTorrent.exe
C:\Program Files\AquaSnap\AquaSnap.Daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Phonic\1394AudioDriver\Phonic_Cpl.exe
C:\Program Files\Gizmo\gizmo.exe
C:\Program Files\JFritz\jfritz.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Synkron\Synkron.exe
C:\Users\die-koertings.de\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\RMClock\RMClock.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Lenovo\LenovoSecuritySolution FP\launcher.exe" /startup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\utorrent\utorrent.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [AquaSnap] C:\Program Files\AquaSnap\AquaSnap.Daemon.exe
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~1\GIZMO\GDRIVE.DLL,Remount_Startup_Images
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = C:\Users\die-koertings.de\
O4 - Startup: JFritz.lnk = C:\Program Files\JFritz\jfritz.exe
O4 - Startup: RMClock.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Control Panel.lnk = C:\Program Files\Phonic\1394AudioDriver\Phonic_Cpl.exe
O4 - Global Startup: Gizmo.lnk = C:\Program Files\Gizmo\gizmo.exe
O4 - Global Startup: JFritz.lnk = C:\Program Files\JFritz\jfritz.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Synkron.lnk = C:\Program Files\Synkron\Synkron.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Free YouTube Download - C:\Users\die-koertings.de\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\die-koertings.de\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe (file missing)
O9 - Extra 'Tools' menuitem: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe (file missing)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gizmo Central - Arainia Solutions - C:\Program Files\Gizmo\gservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NFS Server (NFSserver) - Dr. Hanewinkel -- www.haneWIN.de - C:\Program Files\nfsd\nfsd.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: SunRPC Portmap Daemon (PMAPDaemon) - Dr. Hanewinkel -- www.haneWIN.de - C:\Program Files\nfsd\pmapd.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Upek Service (UpekSrvc) - UPEK Inc. - C:\Program Files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe

--
End of file - 15396 bytes
         
--- --- ---

Alt 26.01.2011, 19:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt? - Standard

Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?



Zitat:
Ich habe dann das Tool Malwarebytes runtergeladen und ausgeführt: da wurden ein zwei i.m.A. kleinere Probleme gefunden und korrigiert - nach Reboot war nichts mehr zu finden.
Poste alle vorhandenen Logs!!

Zitat:
Als Firewall habe ich die Comodo FW mit Update
Personal Firewalls sind Problembeschaffungsmaßnahmen!! Ich kann davon nur abraten, empfehlenswerter ist der Einsatz der Windows-Firewall plus DSL-Router.
__________________

__________________

Alt 27.01.2011, 00:37   #3
McConnor
 
Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt? - Standard

Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?



Vielen Dank für die rasche Antwort. Hier mal eben nach der Schicht die beiden Logs:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5608

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.01.2011 14:21:22
mbam-log-2011-01-26 (14-21-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 184690
Laufzeit: 13 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.164.44,93.188.160.224) Good: () -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\program files\WinDV (Adware.WinDV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Windows\Temp\A7kU1m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\G7iQ1w.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\program files\WinDV\Readme.txt (Adware.WinDV) -> Quarantined and deleted successfully.
c:\program files\WinDV\WinDV.exe (Adware.WinDV) -> Quarantined and deleted successfully.
         

WinDV ist ein Program zum einlesen von DV-Bändern in AVI Dateien das ich schon ewig nicht mehr benutzt habe - trotzdem oder gerade deswegen hab ichs auch mit löschen lassen.

und hier das zweite Log nach der Bereinigung und Reboot:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5608

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.01.2011 14:53:26
mbam-log-2011-01-26 (14-53-26).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 184342
Laufzeit: 8 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
__________________

Alt 27.01.2011, 08:38   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt? - Standard

Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?



Wurde Comodo deinstalliert?

Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Alt 27.01.2011, 14:35   #5
McConnor
 
Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt? - Standard

Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?



So hallo,

hier ist der komplette Scan mit Malware bytes. Die zwei Fun-Meldungen habe ich mal ignoiert - die Dinger habe ich schon ewig und die machen auch nix Böses. Das dritte hab ich in den Senkel gestellt. Mehr war nicht zu finden. Sollte man nun noch mehr nachprüfen?

Ach ja Comodo habe ich nicht bislang deinstalliert - eigentlich war ich damit insgesamt zufrieden auch was die Kontrolle über die Firewall angeht. Wäre das Deinstallieren zwingend notwendig?

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5617

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.01.2011 15:32:06
mbam-log-2011-01-27 (15-32-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 404994
Laufzeit: 2 Stunde(n), 2 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\die-koertings.de\documents\Fun\VIAGRA.EXE (Joke.VV) -> Not selected for removal.
c:\Users\die-koertings.de\documents\Fun\winopt.sav.exe (Joke.Badgame) -> Not selected for removal.
c:\program files\MyBible\uninstallhelper.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
         


Alt 27.01.2011, 14:42   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt? - Standard

Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?



Wie ich sagte sind PFWs Problembeschaffungsmaßnahmen. Runter mit dem Zeuch.
Lies einfach mal hier, ich denke dann sollte es etwas klarer werden:

Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen
Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei?
personal firewalls ? Wiki ? ubuntuusers.de
NT-Dienste sicher konfigurieren und abschalten (Windows 2000/XP) - www.ntsvcfg.de
microsoft.public.de.security.heimanwender FAQ

Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen...

Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?
__________________
--> Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?

Alt 27.01.2011, 19:43   #7
McConnor
 
Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt? - Standard

Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?



Vielen Dank für die tatkräftige Unterstützung bis hierher und auch die interessante Literatur.

So, jetzt hab ich mal die Comodo Firewall deinstalliert... Man soll ja stets lernfähig bleiben - und ich habs auch früher nur mit der alleine ausgehalten. Immerhin schützt ja die Fritzbox auch noch.

Soll ich noch weitere Infos posten oder könnte man jetzt schon attestieren dass der Rechner clean ist?

Ach ja - was kann man denn vom "Spyware Terminator" halten? Macht es Sinn sowas neben der MSE 2 und der Windows Firewall laufen zu haben?

Alt 27.01.2011, 20:07   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt? - Standard

Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Alt 27.01.2011, 20:49   #9
McConnor
 
Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt? - Standard

Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?



And here you go...

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.01.2011 21:44:22 - Run 2
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\die-koertings.de\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,69 Gb Total Space | 4,58 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
Drive D: | 111,79 Gb Total Space | 13,44 Gb Free Space | 12,02% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-MICHAEL | User Name: die-koertings.de | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\die-koertings.de\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\die-koertings.de\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\die-koertings.de\Desktop\OpenOffice.org 3.3 (de) Installation Files\setup.exe ()
PRC - C:\Program Files\utorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\JFritz\jfritz.exe ()
PRC - C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org)
PRC - C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\AquaSnap\AquaSnap.Daemon.exe (hxxp://www.nurgo-software.com)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\nfsd\nfsd.exe (Dr. Hanewinkel -- www.haneWIN.de)
PRC - C:\Program Files\Phonic\1394AudioDriver\Phonic_Cpl.exe ()
PRC - C:\Program Files\Gizmo\gservice.exe (Arainia Solutions)
PRC - C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
PRC - C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - C:\Program Files\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files\Synkron\Synkron.exe ()
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
PRC - C:\Program Files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe (UPEK Inc.)
PRC - C:\Program Files\Lenovo\LenovoSecuritySolution FP\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Program Files\nfsd\pmapd.exe (Dr. Hanewinkel -- www.haneWIN.de)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\RMClock\RMClock.exe (NGO Science Center "RightMark")
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\die-koertings.de\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AquaSnap\AquaSnap.Hook.dll ()
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Gizmo\ghook.dll (Arainia Solutions)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (NFSserver) -- C:\Program Files\nfsd\nfsd.exe (Dr. Hanewinkel -- www.haneWIN.de)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Gizmo Central) -- C:\Program Files\Gizmo\gservice.exe (Arainia Solutions)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (UpekSrvc) -- C:\Program Files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe (UPEK Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (PMAPDaemon) -- C:\Program Files\nfsd\pmapd.exe (Dr. Hanewinkel -- www.haneWIN.de)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (PCLEPCI) -- C:\Windows\System32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MpKslbb75d062) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7A509482-C499-4034-B23C-57462470FEE2}\MpKslbb75d062.sys (Microsoft Corporation)
DRV - (KSecPkg) -- C:\Windows\SYSTEM32\DRIVERS\KSECPKG.SYS (Microsoft Corporation)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (nhcDriverDevice) -- C:\Windows\system32\drivers\nhcDriver.sys (Notebook Hardware Control)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETwLv32)     Intel(R) -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (radpms) -- C:\Windows\System32\drivers\radpms.sys (LogMeIn, Inc.)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (Phonic_1394) -- C:\Windows\System32\drivers\phonic_1394.sys (Archwave AG)
DRV - (Phonic_avs) -- C:\Windows\System32\drivers\phonic_avs.sys (Archwave AG)
DRV - (GizmoDrv) -- C:\Windows\System32\drivers\gizmodrv.sys (Arainia Solutions LLC)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\system32\DRIVERS\tdrpm251.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (iaStor) -- C:\Windows\System32\drivers\iaStor.sys (Intel Corporation)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\Windows\System32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (gmer) -- C:\Windows\System32\drivers\gmer.sys (GMER)
DRV - (cdrblock) -- C:\Windows\System32\drivers\cdrblock.sys (Canopus Co,. Ltd.)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (RivaTuner32) -- C:\Program Files\RivaTuner v2.09\RivaTuner32.sys ()
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc)
DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc)
DRV - (SI3132) -- C:\Windows\system32\DRIVERS\SI3132.sys (Silicon Image, Inc)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (RtNdPt60) -- C:\Windows\System32\drivers\RtNdPt60.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (CplIR) -- C:\Windows\System32\drivers\CplIR.SYS (COMPAL ELECTRONIC INC.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (RTCore32) -- C:\Program Files\RMClock\RTCore32.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 4B 6A FF 13 ED CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.chip.de"
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4
FF - prefs.js..extensions.enabledItems: passwordbank@upek.com:5.9.3.6096.3.6
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.10.08 21:13:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.21 20:07:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.06 22:02:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.11 00:54:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.07.31 07:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\die-koertings.de\AppData\Roaming\mozilla\Extensions
[2010.02.07 20:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\die-koertings.de\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.07.10 14:59:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\die-koertings.de\AppData\Roaming\mozilla\Extensions\MediaCoder
[2010.07.31 07:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\die-koertings.de\AppData\Roaming\mozilla\Extensions\Transmedia
[2011.01.27 14:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\die-koertings.de\AppData\Roaming\mozilla\Firefox\Profiles\u82y4vdq.default\extensions
[2010.10.21 18:08:59 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\die-koertings.de\AppData\Roaming\mozilla\Firefox\Profiles\u82y4vdq.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.08.30 10:18:15 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\die-koertings.de\AppData\Roaming\mozilla\Firefox\Profiles\u82y4vdq.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.05.24 08:31:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\die-koertings.de\AppData\Roaming\mozilla\Firefox\Profiles\u82y4vdq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.26 08:43:44 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\die-koertings.de\AppData\Roaming\mozilla\Firefox\Profiles\u82y4vdq.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009.10.26 08:43:44 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\die-koertings.de\AppData\Roaming\mozilla\Firefox\Profiles\u82y4vdq.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.06.13 12:17:41 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\die-koertings.de\AppData\Roaming\mozilla\Firefox\Profiles\u82y4vdq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.13 15:43:02 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\die-koertings.de\AppData\Roaming\mozilla\Firefox\Profiles\u82y4vdq.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2011.01.05 15:55:12 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\die-koertings.de\AppData\Roaming\mozilla\Firefox\Profiles\u82y4vdq.default\extensions\LogMeInClient@logmein.com
[2010.02.10 22:36:46 | 000,000,000 | ---D | M] (Password Bank) -- C:\Users\die-koertings.de\AppData\Roaming\mozilla\Firefox\Profiles\u82y4vdq.default\extensions\passwordbank@upek.com
[2010.06.09 16:02:07 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\die-koertings.de\AppData\Roaming\mozilla\Firefox\Profiles\u82y4vdq.default\extensions\piclens@cooliris.com
[2010.06.09 16:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\die-koertings.de\AppData\Roaming\mozilla\Firefox\Profiles\u82y4vdq.default\extensions\piclens@cooliris.com-trash
[2009.12.31 09:10:31 | 000,002,172 | ---- | M] () -- C:\Users\die-koertings.de\AppData\Roaming\Mozilla\Firefox\Profiles\u82y4vdq.default\searchplugins\bing.xml
[2011.01.26 05:27:00 | 000,002,226 | ---- | M] () -- C:\Users\die-koertings.de\AppData\Roaming\Mozilla\Firefox\Profiles\u82y4vdq.default\searchplugins\das-rtliche.xml
[2009.07.05 20:12:15 | 000,001,907 | ---- | M] () -- C:\Users\die-koertings.de\AppData\Roaming\Mozilla\Firefox\Profiles\u82y4vdq.default\searchplugins\flickr-tags.xml
[2011.01.21 14:30:42 | 000,001,894 | ---- | M] () -- C:\Users\die-koertings.de\AppData\Roaming\Mozilla\Firefox\Profiles\u82y4vdq.default\searchplugins\isohunt---bittorrent.xml
[2011.01.21 14:30:42 | 000,002,008 | ---- | M] () -- C:\Users\die-koertings.de\AppData\Roaming\Mozilla\Firefox\Profiles\u82y4vdq.default\searchplugins\leo-de-en.xml
[2011.01.21 14:30:42 | 000,001,134 | ---- | M] () -- C:\Users\die-koertings.de\AppData\Roaming\Mozilla\Firefox\Profiles\u82y4vdq.default\searchplugins\mininova.xml
[2011.01.21 14:30:42 | 000,002,087 | ---- | M] () -- C:\Users\die-koertings.de\AppData\Roaming\Mozilla\Firefox\Profiles\u82y4vdq.default\searchplugins\youtube.xml
[2011.01.27 14:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.02 21:12:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.04 21:36:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.07 08:28:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.03 02:14:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.10.08 21:13:39 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2009.12.10 08:18:26 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2008.06.19 10:59:52 | 000,889,856 | ---- | M] (UPEK Inc.) -- C:\Program Files\Mozilla Firefox\components\pbgk1_9.dll
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[1999.12.31 16:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.12.06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.14 11:53:32 | 000,000,846 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM]  File not found
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Lenovo\LenovoSecuritySolution FP\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [AquaSnap] C:\Program Files\AquaSnap\AquaSnap.Daemon.exe (hxxp://www.nurgo-software.com)
O4 - HKCU..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gdrive.dll ()
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\utorrent\utorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\die-koertings.de\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\die-koertings.de\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\die-koertings.de\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JFritz.lnk = C:\Program Files\JFritz\jfritz.exe ()
O4 - Startup: C:\Users\die-koertings.de\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\die-koertings.de\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RMClock.lnk = C:\Program Files\RMClock\RMClockLauncher.exe (NGO Science Center "RightMark")
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 141
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\die-koertings.de\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\die-koertings.de\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} -  File not found
O9 - Extra 'Tools' menuitem : Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} -  File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll - C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.27 21:06:04 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011.01.27 21:01:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.01.27 21:01:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.01.27 21:01:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.01.27 20:56:58 | 000,000,000 | ---D | C] -- C:\Users\die-koertings.de\Desktop\OpenOffice.org 3.3 (de) Installation Files
[2011.01.27 20:19:52 | 000,000,000 | ---D | C] -- C:\Users\die-koertings.de\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.01.27 20:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2011.01.26 15:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.01.26 15:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011.01.26 14:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011.01.26 14:03:43 | 000,000,000 | ---D | C] -- C:\Users\die-koertings.de\AppData\Roaming\Malwarebytes
[2011.01.26 14:03:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.26 14:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.26 14:03:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.26 14:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.26 13:56:38 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\die-koertings.de\Desktop\OTL.exe
[2011.01.26 12:55:58 | 001,350,232 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\die-koertings.de\Desktop\TDSSKiller.exe
[2011.01.26 07:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011.01.25 23:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011.01.23 20:04:52 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011.01.23 00:44:33 | 000,000,000 | ---D | C] -- C:\Users\die-koertings.de\AppData\Roaming\anpo.republika.pl
[2011.01.23 00:43:28 | 000,000,000 | ---D | C] -- C:\Users\die-koertings.de\AppData\Roaming\fltk.org
[2011.01.23 00:42:55 | 000,076,800 | ---- | C] (hxxp://www.anpo.republika.pl) -- C:\Windows\gmt.exe
[2011.01.23 00:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\GmapTool
[2011.01.22 12:25:08 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bwmzodog.sys
[2011.01.21 23:03:25 | 000,000,000 | ---D | C] -- C:\Users\die-koertings.de\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Garmin
[2011.01.20 22:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazing Slow Downer
[2011.01.19 14:34:38 | 000,000,000 | ---D | C] -- C:\Users\die-koertings.de\Pictures
[2011.01.18 13:39:38 | 000,000,000 | ---D | C] -- C:\Users\die-koertings.de\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.01.18 13:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.01.17 16:27:52 | 000,000,000 | ---D | C] -- C:\Users\die-koertings.de\AppData\Roaming\MOVAVI
[2011.01.15 13:35:19 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\btnrmxyv.sys
[2011.01.14 14:34:45 | 000,000,000 | ---D | C] -- C:\Windows\Temp5C9C23AA-9760-33ED-F86B-0370183BE18C-Signatures
[2011.01.14 14:34:20 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.01.14 14:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011.01.12 23:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011.01.12 23:11:23 | 000,000,000 | ---D | C] -- C:\Users\die-koertings.de\AppData\Local\SvchostViewer
[2011.01.12 05:03:16 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 05:03:14 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.01.12 05:03:14 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.01.12 05:03:14 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.01.12 05:03:14 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.01.12 05:03:14 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.01.12 05:03:13 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.01.12 05:03:13 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.01.12 05:03:13 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.01.12 05:03:13 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.01.12 05:03:13 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.01.12 05:03:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.01.12 05:03:13 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.01.10 23:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Canopus
[2011.01.10 23:50:03 | 000,000,000 | ---D | C] -- C:\Users\die-koertings.de\AppData\Roaming\Canopus
[2011.01.10 23:36:46 | 000,027,704 | ---- | C] (Canopus Co,. Ltd.) -- C:\Windows\System32\drivers\cdrblock.sys
[2011.01.10 23:36:44 | 000,671,815 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\System32\csehqa.dll
[2011.01.10 23:36:44 | 000,385,108 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\System32\csedv.dll
[2011.01.10 23:36:44 | 000,355,840 | ---- | C] (Thomson Canopus Co., Ltd.) -- C:\Windows\System32\cmiccodc.dll
[2011.01.10 23:36:44 | 000,258,048 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\System32\cllccodc.dll
[2011.01.10 23:36:44 | 000,159,832 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\System32\csccdvc.dll
[2011.01.10 23:36:44 | 000,147,456 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\System32\csccdvcx.dll
[2011.01.10 23:36:44 | 000,122,961 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\System32\csellc.dll
[2011.01.10 23:36:44 | 000,086,016 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\System32\cuvccodc.dll
[2011.01.10 23:36:44 | 000,069,632 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\System32\cdvhcodc.dll
[2011.01.10 23:36:44 | 000,069,632 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\System32\cdvccodc.dll
[2011.01.10 23:36:44 | 000,069,632 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\System32\cdv5codc.dll
[2011.01.10 23:36:44 | 000,049,152 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\System32\cvpcdvc.dll
[2011.01.10 23:36:44 | 000,022,528 | ---- | C] (Canopus Corporation) -- C:\Windows\System32\csthread.dll
[2011.01.10 23:36:32 | 000,330,752 | ---- | C] (Thomson Canopus Co., Ltd.) -- C:\Windows\System32\csem2vi01.dll
[2011.01.10 23:36:32 | 000,122,880 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\System32\icmpeg2.dll
[2011.01.10 23:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Canopus
[2011.01.10 23:36:31 | 001,085,520 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\System32\csedvh.dll
[2011.01.10 23:36:31 | 000,798,801 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\System32\cseuvec.dll
[2011.01.10 23:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canopus Shared
[2011.01.10 23:32:28 | 000,647,168 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasp_windows.dll
[2011.01.10 23:32:28 | 000,319,488 | ---- | C] (Thomson Canopus Co., Ltd.) -- C:\Windows\System32\pavplal.dll
[2011.01.10 23:32:27 | 000,462,848 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\System32\pavapi.dll
[2011.01.10 23:32:27 | 000,006,656 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\System32\paveno.dll
[2011.01.09 07:44:45 | 000,000,000 | ---D | C] -- C:\Users\die-koertings.de\Documents\Edius
[2011.01.09 07:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2011.01.06 22:02:23 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2011.01.06 22:02:20 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2011.01.06 22:02:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2011.01.06 22:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2011.01.06 12:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Syscon
[2011.01.04 20:25:56 | 000,000,000 | ---D | C] -- C:\Users\die-koertings.de\AppData\Roaming\mkvtoolnix
[2010.12.30 16:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Transcribe!
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.27 21:45:14 | 000,001,161 | ---- | M] () -- C:\Users\die-koertings.de\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011.01.27 21:40:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.27 21:06:04 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011.01.27 21:01:04 | 000,105,472 | ---- | M] () -- C:\Users\die-koertings.de\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.27 20:38:58 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.27 20:38:58 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.27 20:33:36 | 000,001,811 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2011.01.27 20:32:53 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.27 20:32:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.27 20:32:17 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.27 20:30:25 | 000,000,820 | ---- | M] () -- C:\Users\die-koertings.de\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RMClock.lnk
[2011.01.27 20:19:46 | 000,001,050 | ---- | M] () -- C:\Users\die-koertings.de\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.01.27 20:17:59 | 000,002,396 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011.01.27 20:05:01 | 000,453,632 | ---- | M] () -- C:\Users\die-koertings.de\Desktop\CKScanner.exe
[2011.01.27 08:36:56 | 000,656,266 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.27 08:36:56 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.27 08:36:56 | 000,131,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.27 08:36:56 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.26 15:16:54 | 000,002,007 | ---- | M] () -- C:\Users\die-koertings.de\Desktop\HijackThis.lnk
[2011.01.26 14:57:03 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011.01.26 14:03:35 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.26 13:56:19 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\die-koertings.de\Desktop\OTL.exe
[2011.01.26 13:00:24 | 000,133,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2011.01.22 19:39:18 | 001,350,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\die-koertings.de\Desktop\TDSSKiller.exe
[2011.01.22 12:25:08 | 000,133,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bwmzodog.sys
[2011.01.21 12:29:04 | 000,019,968 | ---- | M] () -- C:\Users\die-koertings.de\Desktop\GodiPlan2011.xls
[2011.01.20 22:15:56 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.01.17 13:59:00 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.01.15 18:36:58 | 000,000,048 | ---- | M] () -- C:\Windows\wol.INI
[2011.01.15 13:35:19 | 000,133,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\btnrmxyv.sys
[2011.01.14 14:36:55 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.01.14 14:01:24 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Media Player Classic - Home Cinema.lnk
[2011.01.14 06:56:18 | 000,000,320 | ---- | M] () -- C:\Windows\System32\UPnPPW.ini
[2011.01.11 00:22:02 | 000,000,103 | ---- | M] () -- C:\Windows\canopus.ini
[2011.01.10 23:37:06 | 000,000,033 | ---- | M] () -- C:\Windows\System32\cnpsedufet5b.EXT
[2011.01.07 08:22:06 | 000,000,553 | ---- | M] () -- C:\Windows\capella.INI
[2011.01.06 22:10:52 | 001,856,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.01.03 19:45:55 | 000,000,038 | ---- | M] () -- C:\Windows\AviSplitter.INI
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.27 21:45:14 | 000,001,161 | ---- | C] () -- C:\Users\die-koertings.de\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011.01.27 21:06:04 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011.01.27 20:04:58 | 000,453,632 | ---- | C] () -- C:\Users\die-koertings.de\Desktop\CKScanner.exe
[2011.01.26 15:16:54 | 000,002,007 | ---- | C] () -- C:\Users\die-koertings.de\Desktop\HijackThis.lnk
[2011.01.26 14:57:03 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011.01.26 14:03:35 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.21 08:16:31 | 000,019,968 | ---- | C] () -- C:\Users\die-koertings.de\Desktop\GodiPlan2011.xls
[2011.01.14 14:36:55 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.01.14 14:01:24 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Media Player Classic - Home Cinema.lnk
[2011.01.14 14:00:35 | 000,001,811 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2011.01.14 06:56:18 | 000,000,320 | ---- | C] () -- C:\Windows\System32\UPnPPW.ini
[2011.01.12 23:20:11 | 000,002,656 | ---- | C] () -- C:\Users\die-koertings.de\Adobe CS5 Cleaner Tool.log
[2011.01.11 00:22:02 | 000,000,103 | ---- | C] () -- C:\Windows\canopus.ini
[2011.01.10 23:37:06 | 000,000,033 | ---- | C] () -- C:\Windows\System32\cnpsedufet5b.EXT
[2011.01.10 23:36:55 | 000,001,925 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EDIUS Neo 2.5.lnk
[2011.01.10 23:32:27 | 000,143,360 | ---- | C] () -- C:\Windows\System32\pavedius5db.dll
[2011.01.10 23:32:27 | 000,143,360 | ---- | C] () -- C:\Windows\System32\pavedius.dll
[2011.01.06 22:02:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.01.02 14:20:37 | 000,000,553 | ---- | C] () -- C:\Windows\capella.INI
[2010.10.24 20:45:41 | 000,000,000 | ---- | C] () -- C:\Users\die-koertings.de\AppData\Roaming\JFritz.lock
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.07.21 12:47:10 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010.07.21 12:47:10 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010.07.21 12:47:10 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010.07.11 19:28:38 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.06.02 12:38:08 | 000,000,315 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.04.09 20:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll
[2010.02.28 22:52:02 | 000,000,101 | ---- | C] () -- C:\Windows\twl.ini
[2010.02.10 22:41:33 | 000,030,327 | ---- | C] () -- C:\Users\die-koertings.de\AppData\Local\backup.vtp
[2010.01.02 20:29:20 | 000,000,054 | ---- | C] () -- C:\Windows\Player.INI
[2009.12.10 14:39:10 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.02 13:17:54 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.11.01 08:44:47 | 000,105,472 | ---- | C] () -- C:\Users\die-koertings.de\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.30 18:58:29 | 000,002,396 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2009.08.16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.02 23:07:54 | 000,000,130 | ---- | C] () -- C:\Windows\cfplogvw.INI
[2009.07.02 13:37:10 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2009.07.02 12:44:14 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
[2009.07.01 14:47:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.29 15:52:26 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 15:47:06 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.10.16 10:24:36 | 000,000,057 | ---- | C] () -- C:\Windows\MusEdit.INI
[2008.08.21 21:47:46 | 000,416,240 | ---- | C] () -- C:\Users\die-koertings.de\AppData\Roaming\NMM-MetaData.db
[2008.08.07 19:09:55 | 000,009,216 | ---- | C] () -- C:\Windows\System32\drivers\SE_Filter.sys
[2008.07.27 13:32:53 | 000,000,000 | -H-- | C] () -- C:\Users\die-koertings.de\AppData\Roaming\die-koertings.de.idx
[2008.07.27 13:30:02 | 001,560,576 | ---- | C] () -- C:\Windows\System32\MainOp.dll
[2008.07.27 13:30:02 | 001,327,104 | ---- | C] () -- C:\Windows\System32\ImageReog.dll
[2008.07.27 13:30:02 | 000,622,592 | ---- | C] () -- C:\Windows\System32\PicNotify.dll
[2008.07.27 13:30:02 | 000,491,520 | ---- | C] () -- C:\Windows\System32\picn.dll
[2008.07.27 13:30:02 | 000,208,896 | ---- | C] () -- C:\Windows\System32\Image.dll
[2008.07.27 13:30:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\VideoOp.dll
[2008.07.27 13:30:02 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Momo.dll
[2008.07.27 13:30:02 | 000,094,208 | ---- | C] () -- C:\Windows\System32\ApBlend.dll
[2008.07.27 13:30:02 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DevFilt.dll
[2008.07.17 21:41:24 | 000,000,250 | ---- | C] () -- C:\Windows\gmer.ini
[2008.07.17 21:41:23 | 000,884,736 | ---- | C] () -- C:\Windows\gmer.dll
[2008.02.10 20:08:10 | 000,000,185 | ---- | C] () -- C:\Windows\System32\DivFix.ini
[2008.01.20 09:49:28 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.01.18 15:36:31 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.01.18 15:36:31 | 000,022,328 | ---- | C] () -- C:\Users\die-koertings.de\AppData\Roaming\PnkBstrK.sys
[2008.01.18 15:35:59 | 000,000,284 | ---- | C] () -- C:\Windows\game.ini
[2007.12.09 18:53:04 | 000,000,048 | ---- | C] () -- C:\Windows\wol.INI
[2007.12.05 17:08:53 | 000,399,360 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2007.12.05 17:08:52 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007.11.23 14:24:08 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2007.11.23 01:21:22 | 000,086,016 | ---- | C] () -- C:\Windows\System32\DVResampleru.dll
[2007.11.23 00:20:42 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssgh1L3.DLL
[2007.11.23 00:15:14 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.11.22 21:34:55 | 000,079,264 | ---- | C] () -- C:\Users\die-koertings.de\AppData\Roaming\nvModes.001
[2007.11.22 21:28:54 | 000,079,264 | ---- | C] () -- C:\Users\die-koertings.de\AppData\Roaming\nvModes.dat
[2007.11.22 21:21:30 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2007.07.10 22:05:17 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.07.10 22:05:17 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.07.10 22:05:17 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.07.10 22:05:17 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.07.10 22:05:17 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.07.10 22:05:17 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.07.10 21:50:18 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007.04.16 07:35:21 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.04.16 07:02:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.04.16 06:26:26 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.04.16 06:26:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.04.16 06:26:26 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.04.16 06:26:26 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.04.16 06:23:35 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.04.16 05:38:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007.01.26 01:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2007.01.26 01:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2005.11.23 13:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll

< End of report >
         
--- --- ---

[/CODE]

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.01.2011 21:44:22 - Run 2
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\die-koertings.de\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,69 Gb Total Space | 4,58 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
Drive D: | 111,79 Gb Total Space | 13,44 Gb Free Space | 12,02% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-MICHAEL | User Name: die-koertings.de | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F (Microsoft Corporation)
Directory [SynkronDelete] -- "C:\Program Files\Synkron\Synkron.exe" "-delete" "%1" ()
Directory [SynkronRename] -- "C:\Program Files\Synkron\Synkron.exe" "-rename" "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03B1C701-5B73-4a25-BB9B-9F5178349E7B}" = EDIUS Neo 2.5 Settings
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C3E2F85-AF67-4471-A2EC-B6FBAC83D754}" = calibre
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{11E4E75F-FC16-4129-8FE9-F1E1EEF4CEAB}" = capella-scan 7.0
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1873789F-59D5-4002-8A2F-60A827B78F98}_is1" = GmapTool 0.5.7a
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19D26A2C-D822-484F-908F-34EA2FB8852E}" = Shutdown Timer
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi-Software
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}" = Windows Mobile-Gerätecenter
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{25C65D81-1C50-497D-9246-F17824CCC966}" = Garmin BaseCamp
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2824.0
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39690898-1226-4455-9D76-A6CAF97BD487}_is1" = MyBible 1.6
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E42ED1C-9790-416C-8B0D-8FF7498FDD40}" = TouchChip USB Driver 2.10
"{3F77A9DD-DEEB-479F-A3A6-23D3B9F292EA}" = EDIUS Neo 2.5 (SetupManager)
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{437C19B3-7E20-4E39-B868-CA6BAA820E1C}" = Microsoft Rechner-Plus
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B116A2-FF34-4923-B1A7-1DFAB0B6E186}" = Utility support driver
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DE1B7CF-7429-40CA-987F-6BEE09B63787}" = Prime95
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Treiber
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73182AC3-5CC3-4161-AE97-F23E09B13147}" = Vallen JPegger
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7AA38575-25A1-4C2F-B40B-2188EB73FF0E}" = Garmin TOPO Österreich v2
"{7D733DBC-1761-4EC9-831A-8976062B33CA}" = AquaSnap
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81AAF01A-C7F0-412D-979C-06ABD052B43A}" = capella 7
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE255C55-E0CF-4591-AA86-CAA19AA32C53}" = Garmin TOPO Deutschland v3
"{AF5B3ED5-70D3-48CF-A00F-FC29F5261A37}_is1" = JFritz 0.7.4
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.63
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.63
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.63
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B9CE0714-5135-41D5-ABEE-C1B49067FFE4}" = AquaSnap
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB8CA439-DA83-419C-A4CF-5A0A50025144}" = Windows Mobile-Gerätecenter: Treiberupdate
"{CB974C3D-D101-4411-8F54-DCDC58DED815}" = Lenovo Security Solution FP
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CEC8F2E3-AC9A-357C-BFCB-BFAC37C4AC50}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE015D42-46DC-41E5-A898-97B468CE3831}" = DigiTech RP350 Drivers
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem  (02/15/2007 3.1)
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows-Treiberpaket - Nokia Modem  (10/12/2007 3.6)
"7-Zip" = 7-Zip 9.20
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem  (05/22/2008 7.00.0.1)
"AC3ACM" = AC-3 ACM Codec
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazing Slow Downer" = Amazing Slow Downer (remove only)
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem  (02/15/2007 3.1)
"BatteryBar" = BatteryBar (remove only)
"Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem  (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem  (03/05/2008 3.7)
"CCleaner" = CCleaner (remove only)
"CCS64 V3.5" = CCS64 V3.5
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows-Treiberpaket - Nokia Modem  (05/24/2007 6.84.0.1)
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"Defraggler" = Defraggler
"D-Fend Reloaded" = D-Fend Reloaded 1.0.1 (deinstallieren)
"DigiTech RP350 Drivers" = DigiTech RP350 Drivers
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem  (03/13/2008 6.86.0.1)
"EA5B0AA7-D6AE-0996-E42A-F9BBBE08F74F" = calibre
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.0.1 Home Edition
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7)
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"F1CB0AC2D40DDCFCA6933082B115073476C155DE" = Windows-Treiberpaket - Nokia Modem  (08/03/2007 3.2)
"foobar2000" = foobar2000 v1.0.3
"FormatFactory" = FormatFactory 2.45
"Free Studio_is1" = Free Studio version 4.6
"Free Video Converter_is1" = Free Video Converter V 2.7
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Gizmo Central" = Gizmo Central
"GPL Ghostscript 8.60" = GPL Ghostscript 8.60
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"haneWIN NFS Server_is1" = haneWIN NFS Server 1.1.70
"HijackThis" = HijackThis 2.0.2
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IsoBuster_is1" = IsoBuster 2.3
"JDownloader" = JDownloader
"JoJoSaver_is1" = JoJoSaver 2.2.0
"LameACM" = Lame ACM MP3 Codec
"LockHunter_is1" = LockHunter version 1.0 beta 3, 32 bit edition
"LTMOH" = LSI V92 MOH Application
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"MobilityDotNETnV" = DH Mobility Modder.NET nVidia Edition
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"NAVIGON Fresh" = NAVIGON Fresh 1.6.2
"Nero 7 Micro_is1" = Nero 7 Micro 7.9.6.0
"Nokia PC Suite" = Nokia PC Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"Phonic FireFly 202,302 & Helix Firewire Driver v5.14.0.0" = Phonic FireFly 202,302 & Helix Firewire Driver v5.14.0.0
"ProInst" = Intel PROSet Wireless
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"REAPER" = REAPER
"RivaTuner" = RivaTuner v2.09
"Samsung ML-2250 Series PCL 6" = Samsung ML-2250 Series PCL 6
"Sandboxie" = Sandboxie 3.52
"Scribus 1.3.6" = Scribus 1.3.6
"Some PDF to Txt Converter_is1" = Some PDF to Txt Converter 1.4
"ST6UNST #1" = GEPath 1.4.4a
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 2 RC2_is1" = TeamSpeak 2 RC2
"Tomlein.Synkron_is1" = Synkron 1.6.1
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Totalcmd" = Total Commander (Remove or Repair)
"Transcribe!_is1" = Transcribe! 8.00
"TreeSize Free_is1" = TreeSize Free V2.3.3
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.8
"UT2004" = Unreal Tournament 2004
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"Virtual MIDI Piano Keyboard" = Virtual MIDI Piano Keyboard
"VLC media player" = VLC media player 1.1.2
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WirelessMon_is1" = WirelessMon V3.0
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f6791b188d8f3ff8" = AVM FRITZ!Box USB-Fernanschluss
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Anwendungserkennung
"WinBubble" = WinBubble
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

[/CODE]

Alt 28.01.2011, 09:12   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt? - Standard

Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?



Zitat:
O1 - Hosts: 127.0.0.1 activate.adobe.com
Warum darf dein PC activate.adobe.com nicht erreichen? Erklärung dafür?

Alt 28.01.2011, 09:37   #11
McConnor
 
Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt? - Standard

Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?



Eigentlich darf der Rechner meinetwegen Adobe erreichen....

whs. ein Überbleibsel einer Jugendsünde...

die Zeile kann ich getrost löschen.

Alt 28.01.2011, 09:40   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt? - Standard

Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?



Sry aber der ganze gecrackte Adobekram ist noch installiert, diverse CS4/CS5 Einträge sind ersichtlich

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!

Alt 28.01.2011, 09:59   #13
McConnor
 
Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt? - Standard

Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?



Vielen Dank für die ehrlichen Worte und Ratschläge - Eigentlich war ich aber der Meinung all das schon länger deinstalliert zu haben - zumindest ist siehts für mich (Startmenüeinträge usw.) so aus - gerade aus Sorge (zu Recht wie man sieht)vor Malware. Da es ne Menge guter Freeware zu fast allen Bedürfnissen gibt war meine Absicht mich nur doch dorthin zu orientieren.

Mittlerweile kann ich aber mit keinem mir verfügbaren /von euch empfohlenen Malwaretool bei mir noch irgendwas feststellen. Bzgl. der von dir angesprochenen Einträge muss ich evtl. noch ganauer schauen was noch übrig geblieben ist...

Antwort

Themen zu Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?
32 bit, bho, bonjour, cdburnerxp, converter, downloader, dropbox, dsl, ebay, firefox, google, hijack, hijackthis, hitman pro, internet, internet explorer, kaspersky, keine viren, lenovo, microsoft security, mozilla, mp3, nicht sicher, object, problem, realtek, scan, server, software, system, uleadburninghelper, viren, virus, windows



Ähnliche Themen: Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?


  1. Trojan:Win32/Alureon.FL | PWS:Win32/Fareit.A | Trojan:Win32/Sirefef.P....Auch MBR infiziert?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (7)
  2. Maßnahmen nach XP-Recovery und Trojan:Win32/Alureon Microsoft
    Log-Analyse und Auswertung - 11.06.2011 (25)
  3. DOS/Alureon.A und Win32/Sirefef.B
    Plagegeister aller Art und deren Bekämpfung - 02.06.2011 (1)
  4. Alureon-G@mbr / Win32:FakeAlert-AHH
    Log-Analyse und Auswertung - 26.05.2011 (1)
  5. Virus Win32/Alureon.h verhindert Windowsupdate
    Plagegeister aller Art und deren Bekämpfung - 14.08.2010 (5)
  6. Virus:Win32/Alureon.H lässt sich nicht löschen, bzw. ist immer wieder da
    Plagegeister aller Art und deren Bekämpfung - 02.08.2010 (12)
  7. Virus:Win32/alureon.h
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (11)
  8. Virus: Win32/Alureon.G
    Plagegeister aller Art und deren Bekämpfung - 07.04.2010 (10)
  9. Trojan.Win32/Alureon.BT
    Plagegeister aller Art und deren Bekämpfung - 12.01.2010 (39)
  10. Trojan:Win32/Alureon.gen!U
    Log-Analyse und Auswertung - 29.11.2009 (2)
  11. Trojan:Win32/Alureon.gen!U eingefangen
    Plagegeister aller Art und deren Bekämpfung - 26.10.2009 (21)
  12. Trojan:Win32/Alureon.gen!U eingefangen
    Log-Analyse und Auswertung - 26.10.2009 (1)
  13. Win32/Alureon gen unter windows 7
    Plagegeister aller Art und deren Bekämpfung - 15.10.2009 (3)
  14. Packed.Win32.TDSS.y Trojaner Win32/Alureon.BF
    Plagegeister aller Art und deren Bekämpfung - 08.10.2009 (3)
  15. Hilfe WIN32:Tiny-II; Alureon CD; Fraudo ......
    Plagegeister aller Art und deren Bekämpfung - 23.07.2009 (1)
  16. Sperrt Microsoft die FEstplatte nach einem Update mit einem nicht gekauften System??
    Alles rund um Windows - 14.11.2007 (1)
  17. Trojan:Win32/Alureon.A / Trojan.Win32.DNSChanger.hk
    Log-Analyse und Auswertung - 13.04.2007 (14)

Zum Thema Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt? - Grüsse an die Trojaner-Profis, Ich bin erst recht spät auf dieses Forum gestossen und hoffe hier noch etwas Beistand zu meinem Problem zu finden: Vor einigen Tagen fing MSE 2 - Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt?...
Archiv
Du betrachtest: Win32/Alureon.H auf einem Win 7 32 Bit HP System - ausgemerzt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.